Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Best Practices
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Security Settings
In this Topic
- Role-Based Access Control Policies (RBAC)
- To Remove Administrator Access
- To Provide Administrator Access to Non-Administrator Accounts
- To Provide Read-Only Access to Any Account or Group
- To Enable Smart Card MFA
- To Set the Maximum Number of Logon Sessions Per User
- To Display the Last Logged On Time and Date
- To Save and Apply Your Changes
- To Reset the Security Options Back to Default
Role-Based Access Control Policies (RBAC)
Out-of-the-box Server Manager limits all access to domain and local administrator accounts. Server Manager enables you to override this default behavior and add roll based permissions in the following ways:
- Remove administrator access from any domain or local administrator accounts or from the entire administrators group.
- Provide administrator access to non-administrator accounts.
- Provide read-only access to any user account or group.
To Remove Administrator Access
From the Root Access Assignment control group:
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.
From the Administrator Access Assignment control group:
- Use the Windows groups drop-down to remove the Administrators group.
- Use the Windows users and accounts drop-down to remove any assigned administrator accounts.
Important
When removing administrator access, you must assign either an account or a group to Root. Once removed, only root accounts will be able to modify these security settings.
To Provide Administrator Access to Non-Administrator Accounts
From the Administrator Access Assignment control group:
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.
To Provide Read-Only Access to Any Account or Group
From the Read-Only Access Assignment control group.
- Use the Windows groups drop-down to enter the Windows Groups you would like to allow read-only access to.
- Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow read-only access to.
To Enable Smart Card MFA
From the Options control group:
- Use the Enable Smart Card MFA checkbox to require Smart Card Multi-Factor Authentication.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222523 - V-222526.
To Set the Maximum Number of Logon Sessions Per User
From the Options control group:
- Use the Limit the number of logon sessions per user checkbox to enable the maximum number of logon sessions per user.
- Use the Maximum number of logon sessions per user drop-down to set the maximum number of logon sessions per user.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222387. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.
To Display the Last Logged On Time and Date
From the Options control group:
- Use the Display the time and date of the user's last successful logon checkbox to display the last time the user logged into the Management Server.
Important
If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222437.
To Save and Apply Your Changes
- Click OK.
- From the menu bar, select Service | Restart Service.
To Reset the Security Options Back to Default
- Delete the following file:C:\ProgramData\Corner Bowl\Server Manager\server.json
- From the menu bar, select Service | Restart Service.