Server Administrators and DeviceLock Certificate

Server Administrators

In the default security configuration all users with local administrator privileges (i.e. members of the local Administrators group) can connect to DeviceLock Enterprise Server using a management console and change its setting and run reports.

To turn on the default security, check the Enable Default Security flag.

If you need to define more granular access to DeviceLock Enterprise Server, turn off the default security by unchecking the Enable Default Security flag.

Then you need to specify authorized accounts (users and/or groups) that can connect to DeviceLock Enterprise Server. To add a new user or user group to the list of accounts, click on the Add button. You can add several accounts simultaneously.

To delete a record from the list of accounts, use the Delete button. Using Ctrl and/or Shift you can highlight and remove several records simultaneously.

To define which actions are to be allowed for a user or user group, set the appropriate rights:

• Full access - to enable full access to DeviceLock Enterprise Server. Users can change settings and run reports.

• Change - to enable change access to DeviceLock Enterprise Server. Users can change settings, install/uninstall DeviceLock Enterprise Server and run reports, but they can't add new users to the list of authorized accounts that can connect to DeviceLock Enterprise Server or change access rights for existing users in this list.

• Read-only - to enable only read access to DeviceLock Enterprise Server. Users can run reports and view settings, but can't modify anything.

NOTE: We strongly recommend that accounts included in this list have local administrator privileges because, in some instances, installing, updating and uninstalling DeviceLock Enterprise Server's service may require access rights to Windows Service Control Manager (SCM) and shared network resources.

Certificate Name

You may need to deploy the private key to DeviceLock Enterprise Server if you want to enable authentication based on DeviceLock Certificate.

There are two methods of DeviceLock Enterprise Server authentication on remotely running DeviceLock Services:

a. User authentication - the DeviceLock Enterprise Server's service is running under the user's account that has full administrative access to DeviceLock Service on the remote computer. For more information on how to run DeviceLock Enterprise Server on behalf of the user, please read the description of the Log on as parameter.

b. DeviceLock Certificate authentication - in situations when the user under which DeviceLock Enterprise Server is running can't access DeviceLock Service on the remote computer, you must authenticate based on a DeviceLock Certificate.

The public key should be installed on DeviceLock Service and the corresponding private key on DeviceLock Enterprise Server.

To install DeviceLock Certificate, press the … button, and select the file with a private key. 

To remove DeviceLock Certificate, press the Remove button.

• English-to-Russian translation