ludolf 6 Posted June 11, 2020 Share Posted June 11, 2020 Hello We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client. The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user. The EES settings are locked down with password. We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup. Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also. How can we achieve this? thanks, Vilmosps. I opened this question in this topic, because it seems that it's policy related Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted June 11, 2020 Administrators Share Posted June 11, 2020 If settings are password protected, protection features or settings cannot be paused / changed without entering the password. Link to comment Share on other sites More sharing options...
ludolf 6 Posted June 11, 2020 Author Share Posted June 11, 2020 Thanks for the reply. I'm sorry to hear that. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted June 11, 2020 Most Valued Members Share Posted June 11, 2020 1 hour ago, ludolf said: Hello We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client. The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user. The EES settings are locked down with password. We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup. Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also. How can we achieve this? thanks, Vilmosps. I opened this question in this topic, because it seems that it's policy related Make another policy for the specific 2 machines that this user uses , make another password for him only and give him the password if you are allowed to. I was going to tell you to not password them and mark settings to be forced by policy only , but that's not safe practice Link to comment Share on other sites More sharing options...
ludolf 6 Posted June 11, 2020 Author Share Posted June 11, 2020 by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted June 11, 2020 Most Valued Members Share Posted June 11, 2020 14 minutes ago, ludolf said: by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting. There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted June 11, 2020 Administrators Share Posted June 11, 2020 6 minutes ago, Nightowl said: There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password Even if a policy with all settings was applied, users with admin rights would be able to pause any protection, not only the firewall. Nightowl 1 Link to comment Share on other sites More sharing options...
Recommended Posts