- 5 minutes to read
- Print
- DarkLight
- PDF
System parameters
- 5 minutes to read
- Print
- DarkLight
- PDF
Access the GO Endpoint Manager parameter configuration through the path Grid Menu > GO Endpoint Manager > Settings > Parameters > GO Endpoint Manager. On the screen, you will find the following information:
The path indicated above is exclusive to senhasegura v.3.32 and the PEDM GO Endpoint Manager agent for Windows v.3.32. Users of versions lower than this must access parameter configuration through the path Grid Menu > GO Endpoint Manager > Settings > Parameters > go Windows.
Parameter | Description | Expected value |
---|---|---|
Vault Token | Authentication token for the senhasegura.go client, used to register the workstation with senhasegura. | String (fixed). |
Enable credentials?* | Allow or prohibit the senhasegura.go client user from viewing and copying credentials, and starting remote sessions according to their access group. | Yes or No. |
Enable applications?* | Allow or prohibit users of the senhasegura.go client from carrying out executions, elevations of privilege and impersonations. | Yes or No. |
Enable uninstall?* | Allow or prohibit users of the senhasegura.go client from accessing the application uninstall module. | Yes or No. |
Enable network sharing?* | Allow or prohibit the senhasegura.go client user from accessing the network sharing module. | Yes or No. |
Enable network interface?* | Allow or prohibit the user of senhasegura.go client from accessing the configuration of the operating system's network adapters. | Yes or No. |
Enable control panel?* | Allow or prohibit the senhasegura.go client user from accessing the operating system control panel. | Yes or No. |
Enable offline use?* | Allow or prohibit the user of the senhasegura.go client from running applications, applications even without a connection or record from the workstation in senhasegura. You must have your workstation registered before going offline for the first time. | Yes or No. |
Enable UAC integration?* | Allow or disallow integration with the credential provider (UAC), where the user of senhasegura.go client can use senhasegura credentials to run applications on the operating system. | Yes or No. |
Allow session recording?* | Allow or disallow screen recording of workstations with sessions launched through the senhasegura.go client. | Yes or No. |
Enable malware scan and application reputation?* | Allow or disallow malware analysis before running applications via the senhasegura.go client. | Yes or No. |
Enable chest?* | Allow or disallow the credential vault functionalities, limiting the times in which the senhasegura.go client synchronizes the credentials with senhasegura and determining a local storage interval for them. Recommended for high volumes of registered credentials. | Yes or No. |
Minute interval to request credentials | Credential search interval in senhasegura. | Number. |
Block network access?* | Allow or disallow the blocking of processes that are communicating with a destination other than senhasegura. | Yes or No. |
Block user | Allow or disallow blocking of users in the senhasegura.go client when they execute processes that cross the limit of processes that communicate with servers other than senhasegura. Can only be enabled if network lock is enabled. | Yes or No. |
Occurrences (minimum) | The minimum number of processes that can be terminated in the user's session before it is blocked. | Number. |
Enable DLL parsing?* | Allow or disallow DLL parsing of operating system processes. It should be used in conjunction with access lists to block applications. If this parameter is enabled, access list policies will also be applied to DDL parsing. | Yes or No. |
Enable JIT access?* | Allow or disallow a non-admin user from being placed in the admin group for a session. The user loses administrator access when asking to be removed from the group, leaving the session or restarting the machine. | Yes or No. |
New trusted directory | List of directories considered trustworthy in the access list analysis. | String (path). |
Directory to ignore | List of directories that should be ignored when scanning applications for the list of applications in elevation of privilege. | String (path). |
Token of API virus total | Field to insert the VirusTotal API token, so that the malware analysis can occur successfully. | String. |
Enable multi-factor authentication at login?* | Allow or disallow the multi-factor token request when the user logs into the operating system. | Yes or No. |
Enable multi-factor authentication to elevate applications?* | Enable multi-factor token request when the user wants to make upgrades. | Yes or No. |
Habilitar Single Sign-On?* | Allow or disallow the same authentication already performed when logging into Windows and senhasegura.go client is used to log in to senhasegura. | Yes or No. |
User can elevate applications | Enable application elevation through the senhasegura.go client. | Yes or No. |
Requires justification to elevate applications | Request justification so that the user can upgrade an application. It can only be enabled if the User can elevate applications parameter is also enabled. | Yes or No. |
Requires approval to elevate applications | Allow or disallow the approval flow when the user raises an application. It can only be enabled when the parameters User can elevate applications and Requires justification to elevate applications are also enabled. | Yes or No. |
Required approvals | Minimum number of approvers who need to approve the user's elevation request for the execution to be carried out. It can only be enabled when the parameters User can elevate applications and Requires justification to elevate applications are also enabled. | Number. |
Rejections required to cancel | Define how many failures are necessary to not elevate the application's privilege. | Number. |
Tiered approval | Allow or disallow tiered approvals. | Yes or No. |
Allow emergency access | Allow or prohibit the user from performing emergency access. | Yes or No. |
Required to specify governance code when justifying?* | Define whether it is necessary for the user to provide the governance code to justify their access. | Yes or No. |
Always add user manager to approvers?* | Define whether to add the user manager to the approving user group will always be necessary. | Yes or No. |
Execution message | Define the message that should appear to the user when an application is running through the senhasegura.go client. | String. |
Execution blocking message | Define the message that should appear to the user when an application is blocked by the senhasegura.go client is executed. | String. |
Some PEDM features, such as configuring network adapters, require the Enable applications?
parameter to be activated. In these cases, when executing other configurations that require the applications module to be activated, the senhasegura.go client returns the message The elevation parameter must be enabled to run this application
.