Jump to content
ludolf

"Pause firewall" permission

Recommended Posts

Hello

We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client.
The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user.
The EES settings are locked down with password.
We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup.
Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also.

How can we achieve this?

thanks,
Vilmos

ps. I opened this question in this topic, because it seems that it's policy related

Share this post


Link to post
Share on other sites

If settings are password protected, protection features or settings cannot be paused / changed without entering the password.

Share this post


Link to post
Share on other sites

Thanks for the reply. I'm sorry to hear that.

Share this post


Link to post
Share on other sites
1 hour ago, ludolf said:

Hello

We have ESMC 7.2.1266.0 on the server and EES 7 on the Windows 10 client.
The user has local admin permission, but he only uses it as "run-as administrator". He doesn't log into the computer locally with the admin user.
The EES settings are locked down with password.
We would like to give a permission to the user: "Pause firewall", without giving out the password for the access setup.
Setting a different access setup password for that computer is not a solution, because by doing that he could change the other settings also.

How can we achieve this?

thanks,
Vilmos

ps. I opened this question in this topic, because it seems that it's policy related

Make another policy for the specific 2 machines that this user uses , make another password for him only and give him the password if you are allowed to.

I was going to tell you to not password them and mark settings to be forced by policy only , but that's not safe practice

Share this post


Link to post
Share on other sites

by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting.

Share this post


Link to post
Share on other sites
14 minutes ago, ludolf said:

by giving out the password (even if that password is different then the general one), the user will be able to change the other settings. The expected behavior would be that user able to pause only the firewall, and not be able to change any other setting.

There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password

Share this post


Link to post
Share on other sites
6 minutes ago, Nightowl said:

There is an ability if I am not mistaken to lockout the other settings , where they can only be forced by the policy and cannot be changed by the user at all , so you can disable all and let the firewall for him with his custom password

Even if a policy with all settings was applied, users with admin rights would be able to pause any protection, not only the firewall.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...