Getting Started
- System Requirements
- Installation
- Registration
- Version Support Policy
- Assign Service Logon As Credentials
Agent-Based Management
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Event Log Archiving for JSIG and CMMC Compliance
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Windows Management Instrumentation (WMI) Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
    - AI Anomaly Detection Report (Template Triggers)
- Security Reports
- Generic Log Reports
- SIEM Report
- SIEM Chart Report
- Azure Active Directory Audit Log Report
- Event Log Report
- SNMP Trap Report
- Syslog Report
- Databse Log Report
- Event Log Summary Report
File and Permission Reports
- File and Directory Access Permissions Report
- Duplicate Files Report
- File Activity Report
- Largest Files Report
- Sorted Files Report
Summary Reports
- Host Inventory Report
- Summary Report
- Collection Report
- Hash Check Reports
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
Account Lockout Monitoring and Reporting
Merging Logs
SNMP
- SNMP Browser
SSH Shell
Syslog
Exporting and Importing Configuration Objects
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Security Settings

In this Topic

Role-Based Access Control Policies (RBAC)
To Remove Administrator Access
To Provide Administrator Access to Non-Administrator Accounts
To Provide Read-Only Access to Any Account or Group
To Enable Smart Card MFA
To Set the Maximum Number of Logon Sessions Per User
To Display the Last Logged On Time and Date
To Save and Apply Your Changes
To Reset the Security Options Back to Default

Role-Based Access Control Policies (RBAC)

Out-of-the-box Server Manager limits all access to domain and local administrator accounts. Server Manager enables you to override this default behavior and add roll based permissions in the following ways:

Remove administrator access from any domain or local administrator accounts or from the entire administrators group.
Provide administrator access to non-administrator accounts.
Provide read-only access to any user account or group.

To Remove Administrator Access

From the Root Access Assignment control group:

Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.

From the Administrator Access Assignment control group:

Use the Windows groups drop-down to remove the Administrators group.
Use the Windows users and accounts drop-down to remove any assigned administrator accounts.

Important

When removing administrator access, you must assign either an account or a group to Root. Once removed, only root accounts will be able to modify these security settings.

To Provide Administrator Access to Non-Administrator Accounts

From the Administrator Access Assignment control group:

Use the Windows groups drop-down to enter the Windows Groups you would like to allow full access to.
Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow full access to.

To Provide Read-Only Access to Any Account or Group

From the Read-Only Access Assignment control group.

Use the Windows groups drop-down to enter the Windows Groups you would like to allow read-only access to.
Use the Windows users and accounts drop-down to enter the Windows user accounts you would like to allow read-only access to.

To Enable Smart Card MFA

From the Options control group:

Use the Enable Smart Card MFA checkbox to require Smart Card Multi-Factor Authentication.

Important

If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222523 - V-222526.

To Set the Maximum Number of Logon Sessions Per User

From the Options control group:

Use the Limit the number of logon sessions per user checkbox to enable the maximum number of logon sessions per user.
Use the Maximum number of logon sessions per user drop-down to set the maximum number of logon sessions per user.

Important

If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222387. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.

To Display the Last Logged On Time and Date

From the Options control group:

Use the Display the time and date of the user's last successful logon checkbox to display the last time the user logged into the Management Server.

Important

If this software is deployed to a DoD classified system, this option implements STIG Vul ID: V-222437.

To Save and Apply Your Changes

Click OK.
From the menu bar, select Service | Restart Service.

To Reset the Security Options Back to Default

Delete the following file:
C:\ProgramData\Corner Bowl\Server Manager\server.json
From the menu bar, select Service | Restart Service.

Table of Contents

Security Settings

In this Topic

Role-Based Access Control Policies (RBAC)

To Remove Administrator Access

To Provide Administrator Access to Non-Administrator Accounts

To Provide Read-Only Access to Any Account or Group

To Enable Smart Card MFA

To Set the Maximum Number of Logon Sessions Per User

To Display the Last Logged On Time and Date

To Save and Apply Your Changes

To Reset the Security Options Back to Default