Privileged Access refers to the ForestSafe Functions that expose access to managed infrastructure, either through revealing a password or allowing a remote login.
This Tab only appears if the selected Active Directory group has ForestSafe User Logon or ForestSafe Primary Logon rights.
To give members of a ForestSafe Group, Password Vault Access to the root account on UNIX servers:
1. Check the [Password Vault] field
2. Select [UNIX} in the [Platforms] list
3. Drop down the [Logons] list
4. Check the root account from the list
- This will only appear if the root account is being managed.
5. Click Save
To give members of this ForestSafe group Local Administrator rights, when they remote control any domain computer:
1. Check the [Elevated Session] field
2. Click Save
- When they launch the ForestSafe Remote Terminal, they will be challenged for their password. But their domain user account will be joined to the local Administrator group for the duration of the session.
To allow Group members to change the Default Expiry Time on Password Vault and Remote Terminal
1. Check the [Custom Expiry Time]
2. Click Save
To force all Group Members to seek Approval for by configuring an Approval Layer
1. Check the [Session Approval Required] field
2. Drop down the [Approval Group] field
3. Select the Approval group
4. Click Save
5.
To restrict members of this ForestSafe group access to only computer members of an Active Directory group. (group name)
1. Select the Access Control Containers tab
2. Click [Add Host Container] button
3. Enter the group name in the [Container Name]
- This can be anything but giving Groups and Containers to same name is a good standard to follow.
4. Select MEMBER OF from the [Content Type]
5. Select the group name from the list of Active Directory groups in [Content] field
6. Click OK
7. Select the [End Users] tab
8. Select the ForestSafe Group
9. Click the [Privileged Access] tab
10. Drop down the [Access Control Container] field
11. Select the group name that will now appear.
12. Click Save
