Critical System Protection

 View Only

  • 1.  Prevent users from logging into CSP protected machines.

    Posted Oct 09, 2013 10:56 AM

    Hi,

    I would like to restrict the users that are allowed to log into CSP protected servers via IPS policy, can this be done? Could I leverage the trusted users option in CSP to accomplish this?



  • 2.  RE: Prevent users from logging into CSP protected machines.
    Best Answer

    Posted Oct 09, 2013 02:08 PM

    All users will be restricted to the Global settings or the various PSETSs, no matter what user they are.

    However, the Trusted Users setting is a way around all the Global and PSET limitations.

    If you add someone to the Full Privilege trusted user, they and all the processes that they launch will have access to everything on the system.

    If you add someone to the Safe Privilege trusted user list, they and all they processes that they launch will have access to everything on the system except for the Critical System Protection resources.



  • 3.  RE: Prevent users from logging into CSP protected machines.

    Posted Oct 09, 2013 02:10 PM

    How does this apply to domain admins who are not trusted users/admins in the IPS policy?



  • 4.  RE: Prevent users from logging into CSP protected machines.

    Posted Oct 09, 2013 02:24 PM

    They will be treated like any other user, subject to the restrictions in the IPS policy.



  • 5.  RE: Prevent users from logging into CSP protected machines.

    Posted Oct 09, 2013 03:40 PM

    ok great, thanks!