Frequently Asked Questions


Does Privileged Account Manager work the same on Windows as it does in UNIX and Linux?

For the most part, yes. Managing privileged user access on Windows is inherently different than on UNIX and Linux. However, on Windows, Privileged Account Manager still allows administrators to define specific commands that users are able to execute; it records and plays back user activity; it analyzes and color codes commands so you can identify potentially risky activity; and it allows you to centrally manage security policies. The only main difference is the way users connect to Windows hosts. Once users log in to the Command Control interface, Privileged Account Manager checks the user's group membership on the Windows server. If authorized, Privileged Account Manager creates a secure Remote Desktop Proxy (RDP) tunnel to the Windows host, allowing the Account to perform administrative tasks.

Does Privileged Account Manager provide risk analysis for captured events?

The analysis engine in Privileged Account Manager examines each entry at the CLI and runs it through a rule set that looks at the command, the directory, the Account and the host, to assign a numerical risk level for each line of 'stdin'. This value can be filtered on in reports or displayed in the form of a color when auditing events or watching keystroke playback.

Does Privileged Account Manager use industry-standard languages or proprietary scripting to create rules/policies?

Yes and No. Privileged Account Manager policies are administered through its unique visual editor. Policy objects can be dragged and dropped into rules to create powerful privilege management controls with little or no programming knowledge required. However, additional scripting can be added to further enhance the capabilities and scope of the rules using industry-standard languages such as Perl.

Does Privileged Account Manager store back-end data in databases or flat files?

Privileged Account Manager uses embedded SQLite-replicated databases in the product to maximize performance and guarantee data integrity. The embedded databases can be individually encrypted.

Does Privileged Account Manager contain any built in load-balancing or redundant failover mechanisms?

Every manager component in Privileged Account Manager can be duplicated in the enterprise to provide complete fail-over and load balancing. As soon as a manager is detected as offline, its closest backup immediately takes over. Groups of managers can load balance traffic within virtual domains. These domains can be nested such that traffic is redirected to components higher in the tree if all managers within a domain node are offline.

When deploying Privileged Account Manager, are incumbent solutions affected in any way?

Privileged Account Manager has a non-invasive footprint that provides seamless and parallel integration with competing solutions. Solutions can run alongside each other until such time that the existing product is turned off.

Does Privileged Account Manager have the capability to restrict users to just predefined commands or directories?

Absolutely. The Command Control client in Privileged Account Manager contains a restricted shell that is initially locked down. Specific commands and directories can be assigned programmatically, through rules, to control what directories are available and what commands an Account can execute.

What mechanisms does Privileged Account Manager provide to deploy and update its individual components once installed?

The Package Manager in Privileged Account Manager contains a local database of application modules that can be updated through an online/offline connection to the update servers. All deployment and updating is performed using a central console. Hosts can be grouped into logical domains to isolate network traffic and manage load balancing.

Can Privileged Account Manager provide reports on user entitlement?

Entitlement reports showing separation of duty for users can be automatically generated and sent out to managers. In the same way as auditing user-event activity, managers can log into the Compliance Auditor and electronically 'sign-off' the reports.

Are there any limits on the number of hosts which can be managed through a single set of policies?

No, through load balanced and redundant components, the Privileged Account Manager architecture can scale to thousands of hosts with no single points of failure or bottlenecks. This allows centralized management of privileges across all supported platforms from a single management console and one set of rules.

Does Privileged Account Manager have to go offline when updating? What happens if a component fails?

The redundant framework architecture in Privileged Account Manager ensures that all functions of the product are fully operational, even when the product is being updated. Any module that goes offline can automatically failover to a backup component if so configured.

Let's Talk


Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.