Partial Access to ESET Remote Administrator Console

Discussion in 'ESET Server & Remote Administrator' started by Ewa, Jul 27, 2012.

Thread Status:
Not open for further replies.
  1. Ewa

    Ewa Registered Member

    Joined:
    Jul 27, 2012
    Posts:
    13
    Location:
    United States
    Hi.
    I would like to allow a partial access to a Remote Administrator Console. I want give the access to only one group (defined in static group).
    Is it possible?
    Thank you in advance for any help.
     
  2. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Hello,

    This is not currently an option within the ESET Remote Administrator. Instead the User Manager is used to, manage the users, should you wish to change the defaults. For more information on the User Manager See Below:

    The User Manager tools allow you to administer user accounts for Console-Server authentication.

    The roles of: Administrator (full-access) and Read-Only accounts are predefined.

    Click New to add a new user account for the Console-Server authentication. Define the User Name, the Password and the specific Permissions.

    The Description field is for custom descriptions of the user, and is not mandatory.

    The Permissions define the level of access the user has and the specific tasks he can perform. You can change the Console Access Password for each user accessing the console by selecting the specific user, and then click Change; next to Password for console authentication.

    NOTE: The permissions for the predefined accounts (Administrator and Read-Only) can't be modified. You can attach one or more Windows/Domain authentication groups to a selected ERA Server user. If a Windows Domain group is assigned to multiple users, the first user from the list of users will be used. The up and down arrows next to the list of users, define the order of users.

    Additionally, here is an ESET Knowledgebase Article covering the process.
     
  3. Ewa

    Ewa Registered Member

    Joined:
    Jul 27, 2012
    Posts:
    13
    Location:
    United States
    I don't see this options since I am using ERAC version 4 (we got it with LabTech and I don't think they offer update to 5 yet ;/). Do you have this option in version 4?
     
  4. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Hello,

    Here is the related version 4 information. You are correct in that it is done differently in version 4.

    ERAS Credentials:

    The user authenticates with ERAS credentials. By default no password is required to connect to an ERAS, but we strongly recommend that one be established.

    To create a password to connect to an ERAS:
    Click File > Change Password… (or Tools > Server Options > Security) and then click the Changr button to the right of Password for Console.

    When entering a password you can check the Remember password option.

    Please consider the possible security risks associated with this option. To delete all remembered passwords click File > Clear Cached Passwords….

    Select the access type from the Access drop-down menu (options are either Administrator or Read-Only), enter your password and click OK.

    Windows/Domain Credentials:

    The user authenticates with Windows/Domain user credentials. In order for the Windows/Domain authentication to work properly ERAS needs to be installed under the Windows/Domain account with sufficient rights. You must also enable this feature in Tools > Server Options… > Advanced tab > Edit Advanced Settings… > ESET Remote Administrator > ERA Server > Setup >
    Security:

    Allow Windows/Domain authentication - enables/disables Windows/Domain authentication Administrator groups - allows you to define groups for which Windows/Domain authentication will be enabled

    Read only groups - allows you to define groups with read-only access
    When communication has been established the program’s header will change to Connected [server_name].
     
  5. Ewa

    Ewa Registered Member

    Joined:
    Jul 27, 2012
    Posts:
    13
    Location:
    United States
    Thank you for your answer.
    It is still not really clear for me if can limit access to only one group.
    For example we have two clients and they both want to manage their websites blacklists. It is possible to give access to the console to one client, so he can see only his computers (not those that belong to other clients)?
    So each client will have access only to one policy.
     
  6. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Hello,

    Unfortunately, that is not possible currently. An alternative may be to set up the ESET Remote Administrator at each client’s sites and then use replication to bring all of the client information to the upper server. Each client would then be able to access their own ESET Remote Administrator session; enabling them to manage their own settings. At the same time, you would be able to globally manage both lower servers.
     
  7. Ewa

    Ewa Registered Member

    Joined:
    Jul 27, 2012
    Posts:
    13
    Location:
    United States
    Thank you very much for your answer. I will try that.
     
  8. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    No problem at all. Glad to be of assistance.
     
Thread Status:
Not open for further replies.