Managing security settings
From the Security tab of the Global Settings > System Variables page, you can define the following default security settings of your system:
Parameter | Description |
---|---|
Create Default System Administrator | The value in this field defines if system authentication is used for logon. If the value set is |
Display Hidden Devices in the Topology Graph | This parameter defines, if users without read access rights to the master or relays can view their devices in the topology graph. By default this option is set to |
Maintain Administrators at Directory Server Synchronization | This parameter defines if administrators are also removed from synchronized groups during resynchronization. Normally, if an administrator is removed from his AD group it will also be removed from his CM group during the next synchronization. However, if the capabilities or access rights of this administrator are transferred via the administrator group, this might cause a number of problems, if the administrator in question is assigned as a populator for groups for example, causing the groups to "depopulate" and if operational rules are assigned to this group, they will be unassigned from the devices of the group. |
Disable all administrators that are not a member of any group at a directory server synchronization | As administrators might have functionalities that are to be transferred to other administrators when they are deleted, such as being a populator, it is not possible to automatically delete administrators if they no longer belong to any group. This option allows however, to disable the administrators that are not a member of any administrator group to distinguish them. By default this option is deactivated. |
Allow Object Assignments to Unknown Device | If this option is activated devices unknown to the CM database can be assigned to the available objects, that is, operational rules, transfer windows, and so on. In this case the unknown device displays the Assigned Objects node in addition to the Inventory and Events nodes. After the device becomes known to the database it will synchronize all assigned objects and thus be operational automatically. By default this option is not activated. |
Block Access to MyApps | Block Access to MyApps This option deactivates the access to the application kiosk MyApps of the browser agent interface. If it is activated neither user nor administrator can access this page. |
Authorize Deprecation of Relays | Check this box to allow the deprecation of relays even though it still is the parent to other devices. In this case the relay will be moved to Lost and Found from where it can be deleted and its former children will be removed from the Topology view but they can still be displayed via their device groups. |
Request System Credentials for Windows Remote Access | Check this box to force the use of credentials when directly accessing Windows devices. In this case you is required to enter your credentials when accessing the target device via the Direct Access or Remote Control functionality. |
Request System Credentials for Linux Remote Access | Check this box to force the use of credentials when directly accessing Linux devices. In this case you is required to enter your credentials when accessing the target device via the Direct Access or Remote Control functionality. |
Request System Credentials for Mac OS Remote Access | Check this box to force the use of credentials when directly accessing MAC OS devices. In this case you is required to enter your credentials when accessing the target device via the Direct Access or Remote Control functionality. |
This parameter defines the timeout in seconds after within which the remote user can allow remote access request to an administrator. If the timeout is reached the administrator is informed that the remote user did not respond within the time allowed for the direct access or remote control request. If the value is set to zero, the timeout functionality is disabled. | |
Lock the new installed agent services | Check this box to lock the newly installed agent services. |
Service Unlock Password | Enter the service unlock password. |
Remote Access Acknowledgement Timeout (sec)