Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In Arellia Thycotic Management Server, you can limit the resources that users can access. By default, all Administratorsadministrators, Usersusers, and HelpDesk Role help desk role users have access to all computers and user account passwords in Arellia. To change the default access, do the following steps:

  1. First, create and sync your Active Directory. (For instructions about how to sync your Active Directory, go to Create an Active Directory Domain.)
  2. In the Arellia Thycotic Security Manager, click the Configuration tab.
  3. In the file library in the left pane, navigate to Settings > Configuration > Resource Settings > Resource Types > Computer.
  4. In the right pane under Settings > Security Scope Set, click the Select... link.
  5. In the Select Item dialog box, click Active Directory Domains.
  6. Click OK.



  7. In the right pane, click Save. (Note: You might need to scroll down to see the Save button.)

    Note
    titleImportant

    At this point HelpDesk Role help desk role users will no longer have default access to all computers and user account passwords in ArelliaThycotic, so you must complete the following steps 8-16 to change their security descriptors.

  8. Click the Resources tab.
  9. In the file library in the left pane, navigate to Organizational Views > Active Directory Domains.
  10. Click Active Directory Domains.
  11. Right-click an Organizational Unit organizational unit that you want to change the access of and click Properties.
     
  12. Click the Security tab.
  13. Select Security descriptor and click the Select... link.
  14. Click the security descriptor you want to change.
  15. Click Save.



  16. Repeat for further security descriptors as needed. 

...