Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Security Settings
In this Topic
- Role-Based Access Control Policies (RBAC)
- To Remove Administrator Access
- To Provide Administrator Access to Non-Administrator Accounts
- To Provide Read-Only Access to Any Account or Group
- To Enable Smart Card MFA
- To Set the Maximum Number of Logon Sessions Per User
- To Display the Last Logged On Time and Date
- To Save and Apply Your Changes
- To Reset the Security Options Back to Default
Role-Based Access Control Policies (RBAC)
Out-of-the-box Server Manager limits all access to domain and local administrator accounts. Server Manager enables you to override this default behavior and add roll based permissions in the following ways:
- Remove administrator access from any domain or local administrator accounts or from the entire administrators group.
- Provide administrator access to non-administrator accounts.
- Provide read-only access to any user account or group.
To Remove Administrator Access
From the Root Access Assignment control group:
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.
From the Administrator Access Assignment control group:
- Use the Windows groups drop-down to remove the Administrators group.
- Use the Windows users and accounts drop-down to remove any assigned administrator accounts.
Important
When removing administrator access, you must assign either an account or a group to Root. Once removed, only root accounts will be able to modify these security settings.
To Provide Administrator Access to Non-Administrator Accounts
From the Administrator Access Assignment control group:
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.
To Provide Read-Only Access to Any Account or Group
From the Read-Only Access Assignment control group.
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow read-only access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow read-only access to.
To Enable Smart Card MFA
From the Options control group:
- Use the Enable Smart Card MFA checkbox to require Smart Card Multi-Factor Authentication.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222523 - V-222526.
To Set the Maximum Number of Logon Sessions Per User
From the Options control group:
- Use the Limit the number of logon sessions per user checkbox to enable the maximum number of logon sessions per user.
- Use the Maximum number of logon sessions per user drop-down to set the maximum number of logon sessions per user.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222387. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.
To Display the Last Logged On Time and Date
From the Options control group:
- Use the Display the time and date of the user's last successful logon checkbox to display the last time the user logged into the Management Server.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222437.
To Save and Apply Your Changes
- Click OK.
- From the menu bar, select Service | Restart Service.
To Reset the Security Options Back to Default
- Delete the following file:C:\ProgramData\Corner Bowl\Server Manager\server.json
- From the menu bar, select Service | Restart Service.