Privilege Management Settings

You can right-click on the Privilege Management Settings node to access the following commands.

Click Tools in the right pane to access:

  • Privilege Management for Windows Activity Viewer
  • Response Code Generator

By default, Auto Commit Settings is selected. This means any changes made here are saved and applied using Group Policy. Alternatively, you can clear Auto Commit Settings and select Commit Settings when you specifically want those settings to apply.

The following options are also available:

  • Create
  • Delete
  • Export
  • Import
  • Import Template
  • Digitally Sign
  • Save Report
  • Set Challenge/Response Shared Key
  • Show Hidden Groups
  • View

Create

Creates a new Privilege Management for Windows policy. This deletes any existing policy for all operating systems. If you have an existing policy, you are prompted to remove all existing settings when you click Create. Click Yes to delete your existing policy and create a new one, or No to keep your existing policy.

Delete

Deletes your existing Privilege Management for Windows policy. You are prompted to remove all existing settings when you click Delete. Click Yes to delete your existing policy or No to keep your existing policy.

Delete Items and Conflict Resolution

Some items in Privilege Management Settings are referenced in other areas, such as Application Groups, messages and custom tokens. These items can be deleted at any time, and if they are not referenced elsewhere, they delete without any further action required.

When an item is deleted, Privilege Management Policy Editor checks for any conflicts which may need to be resolved. If the item you attempt to delete is already in use elsewhere in your settings, then a conflict is reported, and needs to be resolved.

You can review each detected conflict and observe the automatic resolution which takes place if you proceed. If more than one conflict is reported, use the Next conflict and Previous conflict links to move between conflicts.

If you want to proceed, click Resolve All to remove the item from the areas of your Privilege Management Settings where it is currently in use.

Export

Privilege Management for Windows policies can be imported to and exported from Group Policy as XML files, in a format common to other editions of Privilege Management, such as the Privilege Management ePO Extension. This allows for policies to be migrated and shared between different deployment mechanisms.

To export a policy, click Export and give the file a name. Click Save.

Import

Privilege Management for Windows policies can be imported to and exported from Group Policy as XML files, in a format common to other editions of Privilege Management, such as the Privilege Management ePO Extension. This allows for policies to be migrated and shared between different deployment mechanisms.

To import a policy, click Import, navigate to the policy XML you want to import, and click Open.

Import Template

Allows you to import template policies.

For more information, please see Templates.

Digitally Sign

You can digitally sign the Privilege Management for Windows settings. Privilege Management for Windows can either enforce or audit the loading of signed settings.

For more information, please see Sign Privilege Management for Windows Settings.

Save Report

You can obtain a report of your Windows policy which can be saved locally, if required.

Set Challenge/Response Shared Key

This allows you to set the Challenge/Response Shared Key for the policy. This is encrypted once you have set it. This key is then required by the challenge/response generator to generate response codes. The only way to change the Challenge/Response Shared Key is by setting a new one.

Show Hidden Groups

Some Application Groups are hidden by default; for example, Application Groups prefixed by (Default) in the QuickStart Policy. You can show or hide Application Groups in Privilege Management for Windows.

To show groups that are hidden by default, right-click on the Privilege Management Settings node and select Show Hidden Groups. You can hide the groups again by clearing Show Hidden Groups.

View

This allows you to view the Workstyles Editor, which is the default, or the HTML Report for your Windows policy.

For more information, please see HTML Report.

License

Privilege Management for Windows requires a valid license code to be entered in the Privilege Management Policy Editor. If multiple Privilege Management for Windows policies are applied to an endpoint, you need at least one valid license code for one of those policies.

For example, you can add the Privilege Management for Windows license to a Privilege Management for Windows policy that is applied to all managed endpoints, even if it doesn't have any Workstyles. This ensures all endpoints receive a valid Privilege Management for Windows license if they have Privilege Management for Windows installed. If you are unsure, then we recommend you add a valid license when you create the Privilege Management for Windows policy.

Insert a License

  1. Click No License. Click to enter a license code to enter a license if one doesn't already exist, or Valid License if you want to enter an additional license code.
  2. Paste your Privilege Management for Windows license code and click Add. The license details are shown.

HTML Report

The Privilege Management for Windows settings may be viewed as an HTML report for your Windows policy only. This report follows the same style as the Group Policy Management Console (GPMC) reports.

To show the HTML view:

  1. Select the Privilege Management Settings node.
  2. Right-click and select View > HTML Report.

Privilege Management for Windows uses the same style as the GPMC for its HTML reports. You can expand and collapse the various sections of the HTML report to show or hide more detailed information.

To return to the Workstyle Editor view:

  1. Select the Privilege Management Settings node.
  2. Right-click and select View > Workstyles Editor.

You may also save the HTML report to a file (the HTML view does not need to be displayed to save the HTML report).

To save a HTML Report:

  1. Select the Privilege Management Settings node.
  2. Right-click and click Save Report.
  3. Enter a filename for the report and click Save.

When displaying Resultant Set of Policy (RSoP) results, the Privilege Management Settings Policy Editor defaults to HTML view, but a read-only Workstyles Editor view may also be displayed.