Configuring access to the DeviceLock Content Security Server

The administrator can specify the users who are allowed to access the DeviceLock Content Security Server. This restricts outsiders from accessing or damaging the server.

•Select Server Options. In the details pane, double-click Server Administrators or right-click Server Administrators and then click Properties.

•Expand Server Options. Under Server Options, right-click Server Administrators and then click Properties.

If default security is enabled, members of the local Administrators group will have full access to DeviceLock Content Security Server.

b) Under Users, click Add to add the specific users to be allowed access to the DeviceLock Content Security Server.

c) In the Select Users or Groups dialog box that appears, in the Enter the object names to select box, type the name of the user or group, and then click OK.

The selected users/groups become server administrators, which are listed under Users in the DeviceLock Content Security Server dialog box. Server administrators are authorized to perform the tasks related to configuring and using the DeviceLock Content Security Server and, by default, they have full access to the server.

To change the server access level for a particular administrator, select the respective user or group under Users, and then choose from the following options in the list of access rights:

•Full access - Allows the user or group to install and uninstall the DeviceLock Content Security Server, connect to it by using the DeviceLock Management Console, and perform any actions on the server, such as: view and change server settings; create and run search queries and tasks; view and change content detection settings; create and run discovery tasks and reports.

•Change - Same as full access to the server with the exception of the right to make changes to the list of server administrators or change the level of access to the server for the users or groups already in that list.

•Read-only - Allows the user or group to connect to the DeviceLock Content Security Server by using the DeviceLock Management Console; view server settings; run search queries; view and run existing search tasks; view content detection settings; view discovery reports and manually create new reports based on the existing reports and data already prepared by discovery tasks. This option does not give the right to run discovery tasks, make any changes on the server, or create a new index for the Search Server.

For users and groups with Change or Read-only access, the Shadow Data Access option can be selected to allow access to shadow copies and user activity records. The users and groups with this option selected are allowed to search the content of shadow copies and user activity records, and open, view, and save shadow copies and user activity records from search results.

Without access to shadow data, DeviceLock Content Security Server administrators cannot open, view, or save shadow copies and records of user activity. Search results do not have the Open, Save, and View links, and asterisks are displayed instead of text snippets of shadow copies and user activity records. Logins and passwords in document parameters for user activity records are also replaced with asterisks.

Note: We strongly recommend that administrators of DeviceLock Content Security Server be given local administrator rights.

To revoke server administrator rights from a particular user or group, select that user or group in the Users area, and then click the Delete button.

One can select multiple users or groups by holding down the SHIFT key or the CTRL key while clicking them.