The first time you expand the Privilege Manager section in the Recast Management Server interface, you'll only see one option, Setup.
Clicking on Setup opens the Default Configuration workflow that will guide you through choosing devices that will use Privilege Manager, adding the temporary administrator function, setting up passwords, and removing current permanent admin permissions.
As a first step, you'll select the devices which will follow the Privilege Manager rules you set up.
- All agents includes all devices where Recast Agent is installed and licensed for Privilege Manager.
- Specify target devices allows you to select a set of devices.
To specify target devices:
1. Click Add Target.
2. In the side panel that opens, you can choose to specify a target based on devices in Active Directory (domains, OUs, groups, single agents, single devices) or Azure Active Directory (tenants, groups, single agents, single devices).
Before attempting to connect to third-party services, ensure that Recast Proxies are in place on the Service Connections page.
By enabling temporary administrator functionality, you can grant selected users admin privileges for a specific amount of time just when needed.
To implement the temporary admin function:
1. Confirm that the Implement temporary administrator functionality option is enabled.
2. Enter the Display name and Login name to be used on target devices for the temporary user account.
NOTE: On the Self Service Rules page, you can give specific users or domain groups self-service capabilities on devices.
You can choose to randomize the password on the built-in Administrator account, or on a custom account you have already created on the target devices.
- Randomize local admin account password (default)
- Use built-in Administrator account
- Use custom local account
When Remove current permanent admin permissions is enabled, all users and domain groups will have their current permanent administrator permissions removed and replaced with temporary administrator permissions. You can add a group rule to change the groups that will retain permanent administrator permissions on target devices.
The table lists the local groups and members who have been placed in the Administrators group.
To edit the users included in the Administrators group, click Add Group Rule.
NOTE: You can also add, remove or edit the policies used by target devices by going to the Group Rules page after the initial setup.
Once you've completed the default configuration steps, click Done.
Specified devices will receive your configured rules, the Recast Management Server navigation panel will display the Agents, Reports, and Configuration sections in Privilege Manager, and the Target Groups page will open.