Server Administrators and DeviceLock Certificate

Server Administrators

In the default security configuration all users with local administrator privileges (i.e. members of the local Administrators group) can connect to DeviceLock Content Security Server using a management console, change its settings and run search queries.

To turn on the default security, select the Enable Default Security check box.

If you need to define more granular access to DeviceLock Content Security Server, turn off the default security by clearing the Enable Default Security check box.

Then you need to specify authorized accounts (users and/or groups) that can connect to DeviceLock Content Security Server. To add a new user or user group to the list of accounts, click the Add button. You can add several accounts simultaneously.

To delete a record from the list of accounts, use the Delete button. Using Ctrl and/or Shift you can highlight and remove several records simultaneously.

To define which actions are to be allowed for a user or user group, set the appropriate rights:

• Full access - to enable full access to DeviceLock Content Security Server. Users can change settings and run search queries.

• Change - to enable change access to DeviceLock Content Security Server. Users can change settings, install/uninstall DeviceLock Content Security Server and run search queries, but they can't add new users to the list of authorized accounts that can connect to DeviceLock Content Security Server or change access rights for existing users in this list.

• Read-only - to enable only read access to DeviceLock Content Security Server. Users can run search queries and view settings, but can't modify anything or create a new index for Search Server.

NOTE: We strongly recommend that accounts included in this list have local administrator privileges because, in some instances, installing, updating and uninstalling DeviceLock Content Security Server's service may require access rights to Windows Service Control Manager (SCM) and shared network resources.

Certificate Name

You may need to deploy the private key to DeviceLock Content Security Server if you want to enable authentication based on DeviceLock Certificate.

There are two methods of DeviceLock Content Security Server authentication on a remotely running DeviceLock Enterprise Server: 

a. User authentication - the DeviceLock Content Security Server's service is running under the user's account that has administrative access to DeviceLock Enterprise Server on the remote computer. For more information on how to run DeviceLock Content Security Server on behalf of the user, please read the description of the Log on as parameter.

b. DeviceLock Certificate authentication - in situations when the user under which DeviceLock Content Security Server is running can't access DeviceLock Enterprise Server on the remote computer, you must authenticate based on a DeviceLock Certificate.

The same private key should be installed on DeviceLock Enterprise Server and on DeviceLock Content Security Server. 

To install DeviceLock Certificate, click the … button, and select the file with a private key. To remove DeviceLock Certificate, click the Remove button.

• English-to-Russian translation