Prepare the Privilege Management Policy Editor System
In BeyondInsight version 6.10, you can run the certinstaller.msi to deploy the certificate to your Policy Editor machines. Generating and deploying the certinstaller.msi is described earlier in this guide.
For more information, please see Installation Information for BeyondInsight and Privilege Management for Windows.
In BeyondInsight version 6.9, go through the following procedure. Export the eEyeEmsClient certificate from your BeyondInsight Server and import the eEyeEmsClient.pfx file to the Local Computer Personal certificate store on all Policy Editor machines.
- Export the eEyeEmsClient certificates from your BeyondInsight instance using the BeyondInsight Configuration application and click Generate Certificate Zip.
- Choose an export directory and a password.
- Log on to the Policy Editor machine as the user who is responsible for editing policy.
- Open Manage Computer Certificates (certlm.msc).
- Import the eEyeEmsClient.pfx file to the Certificates > Local Computer (Personal) certificate store. Provide the password from the previous step.
- Right-click the Personal store and go to All Tasks > Import in the pop-up menu to start the Certificate Import Wizard.
- Click Next.
- Click Browse.
- Change the file type to *.pfx and browse to the eEyeEmsClient.pfx file (previously exported from BeyondInsight).
- Enter the password you chose when exporting from BeyondInsight. Leave other settings as default.
- Import to the Personal store (default), click Next, and then Finish.
- Copy eEyeEmsCA from Personal\Certificates to Trusted Root Certification Authorities\Certificates.
After you deploy the client certificate to your Privilege Management Policy Editor machines, you can set up the Privilege Management Policy Editor and configure the editor to work with BeyondInsight.
- Launch the Microsoft Management Console (mmc.exe) as an admin and go to File > Add/Remove Snap-in.
- In the Available snap-ins menu, locate and select the Privilege Management Settings (BeyondInsight) snap-in.
- Click Add >, and then click OK. The Privilege Management Settings (BeyondInsight) snap-in appears in the Console Root menu.
Test the Connection
Before continuing on with the remainder of the integration setup, you should test the following:
- Test to ensure that a client certificate of the correct name is available in the certificate store.
- Test to ensure the policy editor can reach the BeyondInsight Server.
To test, click on Remote Server Details from the Welcome page. From the BeyondInsight Server Details dialog, enter the server details. Then click Test by Certificate Name and BeyondInsight Server to check each component.
The Certificate Name and Workgroup Name fields are populated with default values.
If a certificate of the correct name is found, a message appears stating Valid certificate found in certificate store.
If the BeyondInsight Server can be reached, a message appears stating The server was reached successfully.
When finished testing, click Save.