Target groups refer to the set of devices on which particular Privilege Manager rules are applied. By default, there is one target group that includes all devices. You can also build target groups that direct rules to a broad or narrow subset of devices, or even to a single device. Target groups can be based on Active Directory domains, organization units, groups, and single agents or devices. They can also be built from Azure Active Directory tenants, groups, and single agents or devices.
During your initial Privilege Manager setup, you create target groups by choosing devices. After defining your default Privilege Manager configuration, you can view, add, edit, and delete the target groups that will follow your management rules on the Target Groups page. This is also where you can edit client settings, including passwords, associated with a target group.
To view target groups in your Recast Management Server, navigate to Privilege Manager > Configuration > Target Groups.
The table lists each target group and its priority level. The list is searchable, and can be sorted by table headings. You can also export the list to a CSV file.
Click on a target group that doesn't include all devices to view details about the selected target group.
Details shown:
- Actions available for the target group (edit and/or delete)
- Type of target group (user group or device group)
- Name of groups that belong to the target group
To add a target group, click Add Target Group on the Target Groups page. This is also where you can add a target to the group, and edit or delete targets included in the target group.
To edit a target group, click the Edit icon to the right of a target group name. The default target group that includes all devices cannot be edited.
To delete a target group, click the Delete icon to the right of a target group name and confirm the deletion. The default target group that includes all devices cannot be deleted.
To edit client settings for a target group:
1. On the Target Groups page, click the Settings icon (cogs) beside a target group.
2. In the Edit Client Settings panel that opens, you can edit General settings, Credential Provider settings, and Local Password settings. After making any changes, click Save to update your client settings.
General Settings
Update settings interval: Sets how frequently the agent attempts to connect to the Agent Gateway to check for new rules. Default interval is 60 minutes.
Allowed time tolerance: Sets the maximum time difference allowed between the Recast Management Server and the agent before activation fails. Default time tolerance is 10 minutes.
Manage hybrid devices from Azure Active Directory:
- Allow processing cached rules in offline: Allows the agent to use rules stored in the local registry if it cannot connect to the Agent Gateway. Enabled by default.
- Allow processing cached rules after update error: Allows the agent to use rules stored in the local registry if the Agent Gateway returns a failure or invalid rules. Enabled by default.
- Debug mode: Forces debug logging for Privilege Manager agents. Disabled by default.
Credential Provider Settings
These settings determine the options that appear
Usage scenario:
- Allow 'Use activation code' method
- Allow 'Run with Local Account' method
- Allow 'Run with Domain Account' method
Default method: Default method of privilege elevation is to 'Run with Local Account'
Timeout: Default is 30 seconds
Local Password Settings
Characters allowed in passwords
Length of password: Default is 16 characters
Re-Generate Interval: Default is to re-generate passwords every 7 days