Managing agent privacy settings
The Privacy tab provides access to all types of privacy settings of the agent.
Privacy settings define the remote access rights to the local host, such as its registries, directories and files, etc, through Direct Access and any other functionality accessing or defining the local host. To avoid having privacy settings of a user overridden through a remote connection this page is only accessible locally.
This page provides the privacy configuration for the access rights to the local client. Privacy means that the user of the local client has some control over which elements the administrator can access. If an administrator tries to access the local computer through the Direct Access node in the console he needs to provide a valid login and password to be able to access the local computer and he can only see or modify in the elements to which he is accorded the corresponding access. Some elements, such as the Remote Control, must be confirmed by the local user before the administrator can access.
It is very important to realize that only the directories specified here are visible from the console. This does not only impact the Direct Access and Remote Control features but also features which, for example, define exports to this client or want to import from it. Be therefore very careful when making changes to the access privacy
The browser page shows the following information about the privacy elements:
The file system manages the access to the directories of the local device. The access is to a directory is divided into read and write access. Read access allows the administrator to view the directories and their contents and the following files. Read and write access allows the administrator to modify, delete, copy, rename, and so on, the respective element. The default values are Read,Write without acknowledgment for the hard disks and for all logins (*). There is only one exception by default: in the Documents and Settings/* under Windows and in /home/ under Linux, no access is permitted via the value None.
|Windows Registry||The Windows Registry entry controls the access to the keys and values of the registry for Windows systems. This class is not applicable to non-Windows systems. The access principles are similar to those of the file system (see preceding paragraph). The access permissions are applied to the registry key paths. By default there are the following values: |
|Windows Services||The Windows Services class controls the access to all services installed on the Windows operating systems. This class is not applicable to Linux and Mac OS. The access principles are similar to those of the file system (see preceding paragraph). The access rights are applied to the services. The default value is * with Read, Write access without acknowledgment for all logins (*).|
|Remote Control||Remote Control manages the Remote Control access to the local device. This class is not applicable to non-Windows systems. Read access allows the administrator to view the remote client; read/write access allows him to execute certain operations on the remote client - such as backup and software maintenance operations. The default value is * with Read,Write access without acknowledgment for all logins (*).|
Shows the name of the element, which can be key names, service names or path names, for example,
Displays the login of the administrator to connect to the device. The optional login (‘*' indicating all valid users) can be assigned to all entries.
Three different access levels are available: Read Only, permitting the administrator or user to view and examine the elements and their content through a console, Read/Write, which allows for the execution of operations such as deleting, copying, or renaming the respective elements, and None, which denies the access of any kind. Each class has its own default access rights which are explained in the preceding paragraph.
The acknowledgment indicates if the local user must allow the access. This parameter is only applicable for the Remote Control module. If acknowledgment is required, a pop-up menu appears of the local device in which the concerned user can accept or refuse to hand over the control over his device.
All entries of the File System, Windows Registry and Services can contain wildcard characters such as the asterisks (*) to avoid having to list each individual directory name, registry key name, to be activated. For example, the access rights for the entry
C:/WINDOWS/SYSTEM32 apply only to this directory while the rights for entry
C:/WINDOWS/SYSTEM32/* are applicable as well to all subdirectories.
A very important aspect of the Access Rights is the algorithm used to match entries against access requests from the console. Given a full directory path, the Access Rights are scanned for the entry which most closely matches the supplied path . The permission settings for that entry are then used to determine the access.