Request a demo
Community
Academy
PAM Solution
Affinity
v3.32
v3.32
v3.33
English
English
Portuguese
Contents
x
Upgrade notes v3.32
Changelog v3.32
General information
Installation
Settings
PAM Core
DevOps Secret Manager
Domum Remote Access
GO Endpoint Manager
Certificate Manager
Cloud IAM
Executions
Discovery
MySafe
MySafe extension
Task Manager
Network Connector
Load Balancer
Arbitrator
A2A - APIs
senhasegura mobile app
Orbit Config Manager
Protected Information
Other versions
Other documents
Cloud Security
Powered by
Windows
32 Articles
in this category
Share this
Print
Share
Dark
Light
Contents
Windows
32 Articles
in this category
Share
Dark
Light
Introduction Windows
GO Endpoint Manager for Windows is a Privilege Elevation and Delegation Management (PEDM) tool for Microsoft Windows. Our tool is fully integrated with the broader senhasegura platform to allow end users to run applications that require admi...
Architecture
GO Endpoint Manager for Windows is composed of the following: A centralized administration module on the senhasegura platform. An agent installed on the user's workstation. There are three available applications in the custom installation pr...
Control Panel
This feature allows the elevation of privilege for Windows Control Panel applications . GO Endpoint Manager Core - Control Panel Execute an application in the control panel Access the user's desktop. Start Core . Click Control Pa...
Installation
7 Articles
in this category
GO for Windows Agent
3 Articles
in this category
Approval workflow
Configure approver lists Access the senhasegura platform. Navigate to GO Endpoint Manager➔Settings➔Approvers. In the upper right corner, select the icon (⁝) Show actions and after, +New. Select +Approvers. In the list of users, ch...
Network Adapters
This feature allows the user to manage the network interfaces of the workstations. Caution The administration of network interfaces is performed in this menu and not through the Control Panel menu. GO Endpoint Manager Core - Netwo...
Network Sharing
This menu displays the shared network directories of the user. Credentials are used to access a directory without exposing or mapping it. GO Endpoint Manager Core - Network Sharing Configure file sharing On Windows: Access the us...
Uninstall
Register an application in uninstallers Access the senhasegura platform. Create an access list rule . In the list of Uninstallers , you can register applications in allowlist or denylist. Caution Applications registered in Uninstallers - ...
Segregated parameters
Overview You can use segregated configurations for specific workstation scenarios. This feature is available at: Control of directories and files Scan of directories and files Segregated parameters access lists Commands For segregation b...
System parameters
Access the GO Endpoint Manager parameter configuration through the path Grid Menu > GO Endpoint Manager > Settings > Parameters > GO Endpoint Manager . On the screen, you will find the following information: ...
Permission
Overview To manage situations where it is necessary to manage permissions for applications, users, and workstations, GO Endpoint Manager for Windows offers denylists and allowlists. Often, the administrator does not want to allow some applications...
Application access lists
In this document, you will learn how to configure application access lists on PEDM GO Windows clients, both for general segregation (for all workstations) and for specific workstations. How to configure application access lists for general segrega...
Automation access lists
Configure access lists for automation in general segregation Access the senhasegura platform. Navigate to GO Endpoint Manager➔Policies➔Windows➔Access Lists. Click View actions (⁝). Select New general segregation. Choose Automations. I...
Uninstaller access lists
Configure access lists for applications in general segregation Access the senhasegura platform. Navigate to GO Endpoint Manager➔Policies➔Windows➔Access Lists. Click View actions (⁝). Select New general segregation. Choose Uninstallers. ...
Privilege elevation block
When the Block elevation of privilege parameter is enabled, any attempt to run an application on the access list and not performed by GO Endpoint Manager will be blocked. Even if they are not elevated of privilege. Configure the privilege elevati...
Directory and file control
This feature allows the administrator to register configurations to control the permission of Windows files and directories. Configure directory control Access the senhasegura platform. Go to GO Endpoint Manager ➔ Policies ➔ Windows ➔ Direct...
DLL blocking
GO Endpoint Manager for Windows offers a DLL blocking function, which occurs when an executable attempts to load the process. Feature availability ✖3.26 and older versions ✔3.27 and later versions Register an untru...
Trusted directories
The trusted directory is a way of registering a path with DLLs to be ignored while blocking an allowlist or denylist if the parameter Enable DLL analysis? is active. That way, all DLLs in that directory will override any rule limiting them. Registe...
Impersonation
This feature allows you to choose a credential in your access group to perform the elevation. Impersonation eliminates any need to use the selected credential password in the process, preventing password leaks. Caution The credential must exist ...
JIT Access
Just-in-Time (JIT) access allows users to elevate privileges as system administrators. So when JIT is active, the user will appear in the Administrators group. Configure JIT access Access the senhasegura platform. Go to the menu GO Endpo...
Offline mode
Overview GO Endpoint Manager for Windows provides credential queries in offline mode. When GO Endpoint Manager tries to establish a connection with the senhasegura platform and fails three times, it activates the offline mode automatically. There i...
Token MFA OTP
Overview If the setting Enable multifactor authentication on login is enabled in the parameters screen, and the linked user has an MFA token configured in senhasegura, that user either logs into the workstation or accesses the workstation via RDP...
Application access lists
Configure access lists for applications in general segregation Access the senhasegura platform. Navigate to GO Endpoint Manager➔Policies➔Windows➔Access Lists. Click View actions (⁝). Select New general segregation. Choose Applications ...
Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication mode that allows you to do a single sign-on. Configure SSO Access the senhasegura platform. Go to GO Endpoint Manager ➔ Settings ➔ Parameters ➔ go Windows . Choose the Authentication section. Check ...
Directory and file scan
This feature allows the administrator to register configurations to scan directories and files to monitor inclusions, changes, and exclusions made by a user. Create general or workstation rules Access the senhasegura platform. Go to GO Endpoin...
Network access blocking
Network blocking hinders scenarios where users try to access an IP other than the senhasegura platform. This parameter closes the session as soon as it starts. Block network access Access the senhasegura platform. Go to GO Endpoint Manager...
UAC integration
GO Endpoint Manager integrates with UAC authentication in cases where an application needs to elevate the privilege on demand. In these cases, besides the Windows authentication options, the GO Endpoint Manager logo will be displayed. You must type...
Automatic update
You can update the GO Endpoint Manager para Windows version by the senhasegura server. A New version verification is performed every time the workstation application is started. Configure automatic update Step (1/4) — Get the installer G...
Session recording
The GO Endpoint Manager agent for Windows allows certain users to be monitored by video during the entire session. Configure parameters for recording Record session for these application : access the Go Endpoint Manager ➔ Policies ➔ Windows ➔...
Malware analysis
Malware analysis is a feature of GO Endpoint Manager for Windows that allows you to evaluate binaries for which the user requests elevation of privilege. For the analysis, the binary will be forwarded to the Virus Total online service and evaluate...
Reports
Applications and uninstallers report This report shows all applications automatically mapped by GO Endpoint Manager services or executed. There is a list of all application uninstallers identified on workstations. As they are also applications, the...
About parent and child processes
Any application launched with the PEDM GO Endpoint Manager client is considered, in the operating system, as a parent process and, therefore, can have child processes. This document explains how the PEDM GO Endpoint Manager client processes ar...
FAQ
What happens if the enable credentials flag is disabled in the GO parameters and the client has started? A message stating that the user cannot use credentials will appear, and the client will be shut down. What happens if I disable all flags f...
Troubleshooting
4 Articles
in this category