Certificate Modes

Privilege Management for Windows verifies that an optionally signed Privilege Management for Windows configuration has been signed using a certificate trusted for the purpose on any signed settings that it loads.

The Privilege Management ePO extension does not support the distribution of signed Privilege Management for Windows configuration. The Privilege Management ePO extension must be installed in certificate mode 0, if used.

Mode Name Description
0 Standard Mode

The loading of unsigned settings is audited as information events (event 200). Signed settings are audited as information events (event 200) if they are correctly signed and as warning events (event 201) if they are incorrectly signed.

Privilege Management for Windows is installed in Standard Mode by default.

1 Certificate Warning Mode The loading of unsigned settings is audited as warning events (event 201). Signed settings are audited as information events (event 200) if they are correctly signed and as warning events (event 201) if they are incorrectly signed.
2 Certificate Enforcement Mode Unsigned or incorrectly signed settings are not loaded and are audited as error events (event 202). Signed settings are audited as information events (event 200) if they are correctly signed.