Best Practices

The following links represent a compiled list of recommended best practices for Privilege Manager. You can reference these best practices as your system configuration is developed.

Administration

Security Algorithms

Introduces configurable Security Algorithms through: Privilege Manager server settings, signature algorithms, and targeted agent settings.

Read and Write Access

Learn how to Prevent Read and Write Access to File Types or Locations using this best practice.

Service Accounts and IIS App Pool

Delinea recommends Using a Service Account to run the IIS App pool.

Securing the IIS Server

This article presents a lit of items that can be implemented for Securing the IIS Server.

Active Directory

Active Directory Import - On-premise vs Cloud

Best Practice: Active Directory Import presents the nuances between on-premise and cloud import and provides instructions for each import.

Troubleshooting AD Sync

Best Practice: Troubleshooting AD Sync includes troubleshooting for: authentication, duplicates, and resource type keys.

Application Policies

Policy Events

Refer to this article for best practices specific to policy events.

Policy Feedback

Using Send Policy Feedback helps administrators to gather data, analyze patterns, and then assign actions to application events retrospectively.

Optimizing Compile Times

This method of Optimizing Compile Times uses an Exclusion Path to the application control agent to safeguard against increased compilation times that affect system performance.

Secondary File Filters

As a best practice you create an elevate policy with a priority elevates or allows specific scripts or files to run. Refer to Best Practice: Using a Secondary File Filter.

Installation and Upgrades

Upgrades

Best practices for upgrades include: DB backup and TMS folder backup prior to an upgrade, as well as a repair solution for upgrade errors.

macOS

macOS System Preferences

Refer to this article for best practices specific to macOS System Preferences.

Notifications on macOS

The ability to manage notification settings on an endpoint allows the user to be able to see the notifications that privilege-manager sends out.