Configure the Privilege Management MMC PMC Snap-in

You need to install and configure the Privilege Management MMC on the machine you will use to administer PMC policy.

The installation packages differ based on your operating system:

  • For 32-bit (x86) systems run PrivilegeManagementPolicyEditor_x86.exe.
  • For 64-bit (x64) systems run PrivilegeManagementPolicyEditor_x64.exe.

 

For more information, please see Set Up a Load Balancer for the PMC Environment.

For compatible versions, please see the Release Notes.

Add and Configure the Privilege Management PMC Snap-in

You need to use the Privilege Management MMC PMC snap-in for the Microsoft Management Console (MMC) to manage policy for endpoints managed by PMC.

To load the Privilege Management PMC snap-in for the MMC:

  1. Run mmc.exe from the Start menu.
  2. Click File > Add/Remove Snap-in and select Privilege Management Settings (PMC). Click Add.
  3. Select the Privilege Management Settings (PMC) node and click PMC Connection under Settings.

Ensure you install the Privilege Management Settings (PMC) snap-in, rather than the Privilege Management Settings snap-in.

The next step is to configure the MMC to connect to PMC.

Setting What to Enter
Connection
Server URL This is the URL for PMC with 8443 in the Port field.

This is shown on the Finish tab of the deployment wizard.

Tenant ID

This is the same TenantID GUID you provided to the installation script.

Authorization Provider
URL

This is the URL for PMC with :8443/oauth appended to it.

Identification
MMC Client ID

This needs to be the same GUID that you generated and used in the PMC connection settings called Application ID.

You can generate this GUID in many ways, for example, by using the PowerShell cmdlet new-guid.

Client Return URI Enter http://defendpoint-mmc.com. This string does not resolve but needs to be as stated.
Amend token resource ID

Check this box. This string needs to be https://api.ic3.avecto.com. This string does not resolve but needs to be as stated.

For more information, please see the following:

Confirm Connection to PMC

You should now confirm that you can access PMC from the Privilege Management MMC snap-in.

Click New Policy to start a new policy.

  1. Click New Policy in the Privilege Management MMC snap-in.

 

  1. Enter your credentials for PMC when prompted, and then click Sign in.
  2. When you click Create, you are prompted to enter a name for your policy. When you click PMC Policies, you are taken to a list of policies in PMC.

If you receive an error connecting to PMC, ensure you have entered the correct options in both PMC and the PMC Privilege Management MMC snap-in.