Jump to content

"Pause firewall" permission


Recommended Posts

Hello

We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client.
The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user.
The EES settings are locked down with password.
We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup.
Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also.

How can we achieve this?

thanks,
Vilmos

ps. I opened this question in this topic, because it seems that it's policy related

Link to comment
Share on other sites

  • Administrators

If settings are password protected, protection features or settings cannot be paused / changed without entering the password.

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, ludolf said:

Hello

We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client.
The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user.
The EES settings are locked down with password.
We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup.
Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also.

How can we achieve this?

thanks,
Vilmos

ps. I opened this question in this topic, because it seems that it's policy related

Make another policy for the specific 2 machines that this user uses , make another password for him only and give him the password if you are allowed to.

I was going to tell you to not password them and mark settings to be forced by policy only , but that's not safe practice

Link to comment
Share on other sites

by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting.

Link to comment
Share on other sites

  • Most Valued Members
14 minutes ago, ludolf said:

by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting.

There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password

Link to comment
Share on other sites

  • Administrators
6 minutes ago, Nightowl said:

There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password

Even if a policy with all settings was applied, users with admin rights would be able to pause any protection, not only the firewall.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...