Pre-10.7.1 Agent Hardening
Users on Privilege Manager v10.7.1 or up should use the new policy named Restrict Account Permissions on Agent Services (Windows). Refer to Agent Hardening 10.7.1 and up for details on the policy used starting with Privilege Manager v10.7.1.
Editing the Agent Service Start / Stop Control (Windows) Policy
-
Navigate to ADMIN | Policies.
-
Click on the General Tab.
-
In the Name field enter Agent Service Start / Stop Control.
-
Click on the Agent Service Start / Stop Control (Windows) policy.
-
To customize the Agent Hardening policy navigate to the Parameters tab.
-
Click Edit.
-
Under User Services click the + button and use the search field to select the Services to be targeted by the task
-
Under User Accounts click the + button and use the search field to find the specific user account that has permissions to make changes to the Agent services.
-
Click Save.
If you require a rollback of the agent hardening due to upgrade issues, use the manual Restore Default Agent Permissions procedure following below.
Restore Default Agent Permissions
If you need to rollback agent hardening on your endpoints, follow these steps to restore the default agent permissions:
- Navigate to ADMIN | Config Feeds.
- Expand Privilege Manager Product Configuration Feeds.
- Expand Thycotic Management Server Core.
- Install Reset Agent Service Permissions.
Following the Configuration Feed installation,
-
Navigate to ADMIN | Policies and select the General tab.
-
Search for the agent service policies and select to edit.
-
Disable the Agent Service Start / Stop Control (Windows) policy.
- Click Edit.
- Deselect Enabled.
- Click Save.
-
Enable the Agent Service Clear Restrictions (Windows) policy.
- Click Edit.
- Select Enabled.
- On the Targets tab specify the computers that need to be targeted by this policy.
- On the Triggers tab specify when to run and/or what events will trigger the policy to run.
-
Click Save.
