Privilege Management Console Computers

The Computers tile allows you to see and to interact with the endpoints being managed by PMC.

Select the Computers tile in the top left corner.

To select all of the rows listed, click the check mark in the top hand corner. The number of rows that have been selected can be seen in the lower right-hand corner of the screen.

Filter the list of computers by clicking the checkmark tick in the top left corner.

Authorize and Assign Computers to a Group in Privilege Management Console

You can authorize and assign computers to a group in one step, provided the computers haven't previously been authorized. If they have previously been authorized, then instead follow the steps in the link below to assign computers to a group.

You can see which endpoints have not been authorized by selecting Pending from the top of the Authorized column.

  1. Navigate to and click the Computers tile.
  2. Right-click the computer(s) you want to place in a group and authorize in one step, and then select Authorize and Assign Group from the menu.

You can select multiple rows using the standard Windows functionality.

  1. Select the group you want to assign it to from the dropdown group and click Assign. If you haven't created any groups yet, you will see only No Group in the dropdown.
  2. If you have a Default group, it will be selected by default, otherwise you can select the group you want to use from the dropdown menu. Click Assign. The rows that you have selected will briefly flash green to indicate that PMC has processed your request.

For more information, please see the following:

Reject Computers Not Authorized with Privilege Management Console

You can reject endpoints that have not yet been authorized with PMC.

Manual Deactivation

If the computer has already been authorized, you can use PMC to manage deactivations manually.

For more information, please see Deactivate Computers in Privilege Management Console.

Automatic Deactivation

Alternatively, you can use PMC to manage deactivations automatically.

Rejected computers are disconnected from PMC and will no longer be able to communicate with PMC. This action can't be reversed unless you reinstall the software on the client computer.

  1. Navigate to the Computers tile.
  2. Right-click the computer you want to reject and click Reject from the menu. You are prompted to verify that you want to continue with the rejection of the computer. Click Reject Anyway to proceed; otherwise, click Cancel.

For more information, please see Auto Deactivate Settings.

View Details on an Endpoint in Privilege Management Console

For a single computer you can view additional details.

  1. Navigate to the Computers tile.
  2. Right-click the computer you want to view the details of and click Details from the menu.

The Computer Details screen includes additional information about the endpoint, including its Authorization Status, Deactivation Type, Computer Deactivated, and Computer Authorized timestamps where applicable.

You can also view information about the endpoint, the name of the policy, and the version that is applied.

Update

You can force this page to refresh by clicking Update on the right side of the pane. This action gets the latest information from the endpoint.

Apply Policy

If you want to apply a policy update immediately to a specific computer, you can do so here.

Click Actions > Apply Policy. The policy will update the next time the computer connects to PMC.

Computer Logs

  1. On the Computer Details screen, click Computer Logs. This shows you a list of logs that have previously been requested. To get a new set of logs from the computer, click Request Logs.
  2. PMC will request the logs from the computer and you can view them when this request is returned. The next time the endpoint connects to PMC, it will retrieve the logs.

Command Log

On the Computer Details screen, click Command Log. This shows you a list of commands that have been communicated between PMC and the computer.

Edit Properties on an Endpoint in Privilege Management Console

  1. Navigate to the Computers tile.
  2. Right-click the computer you want to edit the properties for and click Edit Properties.
  3. Click the plus sign next to Annotations to add an annotation to this computer.
  4. Click OK to save your annotation and click Submit to save it in PMC.

Assign Computers to a Group in Privilege Management Console

  1. Navigate to the Computers tile.
  2. Right-click the computer you want to place in a group and click Assign Group from the menu.

You can select multiple rows using the standard Windows functionality.

  1. Select the group you want to assign it to from the dropdown group and click Assign. If you haven't created any groups yet, you will see only see No Group in the dropdown.
  2. If you have a Default Group, it will be selected by default; otherwise, you can select the group you want to use from the dropdown menu. Click Assign. The rows you have selected will briefly flash green to indicate that PMC has processed your request.

For more information on creating a group in PMC, please see Create a Group in Privilege Management Console.

Clear a Computer from a Group in Privilege Management Console

  1. Navigate to and click the Computers tile.
  2. Right-click the computer you want to clear the group from and click Clear Group from the menu. You are prompted to verify if you want to continue with clearing the group from the computer. Click Continue Anyway to proceed; otherwise, click Cancel.

Since policies are assigned to groups rather than to individual computers, if you clear a computer from a group, the policy on that computer is also cleared. The policy assignment to the wider group is not affected.

View Duplicate Computers in Privilege Management Console

PMC detects duplicate computers automatically. The task to check for duplicate computers runs every day at 0200 server time on the node where the job service is running. The service checks for computers with the same name. If PMC finds one or more computers with the same name, it adds the Duplicate flag to all of them except for the most recently created one.

Duplicate computers are hidden by default in the Computers grid. You can filter on duplicate computers using the grid filter and adding the column called Duplicate. PMC does not do any additional processing to computers that are flagged as duplicates and they continue to receive policy from PMC. All computers that do not contact PMC for the number of days specified in the Auto Deactivate Settings are deactivated if you have chosen to automatically deactivate inactive computers.

For more information, please see Auto Deactivate Settings.

Deactivate Computers in Privilege Management Console

Computers can be automatically deactivated by PMC if you choose to enable the functionality.

You can also manually deactivate a computer that has previously been authorized by PMC.

Deactivated computers are disconnected from PMC and will no longer be able to communicate with PMC. This action can't be reversed unless you reinstall the software on the client computer.

  1. Navigate to and click the Computers tile.
  2. Right-click the computer you want to deactivate and click Deactivate from the menu. You are prompted to verify if you want to continue with the deactivation of the computer. Click Deactivate Anyway to proceed; otherwise, click Cancel.

For more information, please see the following:

Filter Deactivated Computers

To see which computers have been deactivated:

Select the filter drop-down and click Deactivated.

  1. In the Computers grid, scroll to the right and select the filter dropdown.
  2. Click Deactivated to place a tick next to it.
  1. The Deactivated column is displayed. Select Yes from the filter at the top of the Deactivated column to see computers that have been deactivated. This is indicated by a circular icon with a slash through it.

 

"Update Policy on All" Option in Privilege Management Console

This option is only available if you have manual deployment set in the Policy Deployment Settings. This allows you to manually deploy the policy to all computers. The deployment will be spread across the number of minutes you define in the Policy Deployment Settings.

  1. Navigate to and click the Computers tile.
  2. Right-click anywhere in the grid click Update Policy on All from the menu. You are prompted to check you want to continue with updating the policy on all computer(s). Click Update Policy on All to proceed; otherwise, click Cancel.

For more information, please see Policy Deployment Settings in Privilege Management Console.

"Update Policy on Selected" Option in Privilege Management Console

This option is only available if you have manual deployment set in the Policy Deployment Settings. This allows you to manually deploy to the selected computers. The deployment will be spread across the number of minutes you define in the Policy Deployment Settings.

  1. Navigate to and click the Computers tile.
  2. Right-click the computer(s) you want to update the policy on and click Update Policy on Selected from the menu. You are prompted to check you want to continue with updating the policy. Click Update Policy Anyway to proceed; otherwise, click Cancel.

You can select multiple rows using the standard Windows functionality.

For more information, please see Policy Deployment Settings in Privilege Management Console.