ERA read-only access is for the crows!

Any advice?

Due to the limitations with ERA and the ability to forward threat log events via syslog in an attempt to manage them via our log aggregation system I attempted to streamline the process via other means.

I tried to setup forwarding the logs via the notification manager but was disappointed at the options thus the notification manager was true to it's name. Notifications only!

What I decided to do is give our desktop admins read-only access to the ERA console. This would give them the ability to access crucial threat log information when they received a notification and the information could be used for troubleshooting critical errors etc... This is a sloppy way to do things and isn't as streamlined as I would like but it would due.


until........


I JUST MADE CHANGES TO MY ADVANCED SETTINGS IN SERVER OPTIONS WITH READ-ONLY ACCESS!!!!!!!!!!!!

 

You might want to review the Documentation on the "Read-Only" mode. It doesn't quite work the way you are thinking it should...


ERAC offers the user two display modes:

· Administrative mode
· Read-only mode

The administrative mode of ERAC gives the user full control over all features and settings, as well as the ability to administer all client workstations connected to it.

The read-only mode is suitable for viewing the status of ESET client solutions connecting to ERAS; creation of tasks for client workstations, creation of install packages and remote installation are not allowed. The License Manager, Policy Manager and Notification Manager are also inaccessible. Read-only mode does allow the administrator to modify ERAC settings and generate reports.

The Display mode is selected at each console startup in the Access drop-down menu, while the password to connect to ERAS can be set for either display mode. Setting a password is especially useful if you want some users to be given full access to ERAS and others read-only access. To set the password, click Tools > Server Options... > Security and click the Change... button next to Password for Console (Administrator Access) or (Read-Only Access).

 

Rock,

I don't understand what you mean... maybe I wasn't clear...

I read the documentation already and it's exactly as I expected. You can't actually manage anything in Read-Only mode but you can view everything with the exception of policies. You can see the policy but not the policy detail. You can't manage clients, or push installs, etc...

You can look at server options and change anything you like but the OK button is greyed out.... However if you click on the Advanced tab you can click the edit advanced settings button and you can change anything you want and save it.

 

I don't know if a save of the config file is actually applied until you click ok. I will do some testing.

However, I still don't like the idea of some hotshot desktop admin seeing every single option of advanced settings...

 

Yea I see what you mean. It looks like they block it all from being able to be saved by the "Ok" button being grayed out. I tested it out, even though you can pull open the config, change anything you want and save from within the Config Editor, it doesn't appear to actually allow you to save the config. If I exit the Config Editor and come back it the settings revert back to what they had been.

 

Yeah... I got the same result. Thanks for your help...