You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Skip to end of banner
Go to start of banner

Overview of the Local Windows Connector

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The EmpowerID Local Windows Connector facilitates the management of local Windows users and groups within an organization. This document provides anoverview of the connector's core functionalities, technical requirements, and its integration within EmpowerID.

Technical Requirements

Before implementing the Local Windows Connector, ensure you have the following prerequisites:

  • Windows Server: Target systems should be running a supported version of Windows Server.

  • Administrative Privileges: Ensure you have administrative access to the target Windows server.

  • EmpowerID Account: An active EmpowerID account with the necessary permissions is required.

  • EmpowerID Cloud Gateway Client: Install the client on a dedicated server within the same domain as the local servers.

  • Windows Management Framework and PowerShell: Ensure the latest versions are installed, with remote PowerShell enabled on each server.

Core Functionalities

Local Privileged Account Management

The Local Windows Connector automatically discovers and inventories local users and groups on Windows servers, including detailed information about local administrators. This discovery process ensures comprehensive visibility into privileged accounts, which are often prime targets for security breaches.

  • Role-Based and Attribute-Based Access Control: The connector enforces Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) policies, ensuring that only authorized users have privileged access.

  • Audit Trails: Provides a complete audit trail of actions involving local users and groups, helping organizations meet compliance requirements such as SOX, HIPAA, and PCI-DSS.

Password Management

Automated password rotation for local privileged accounts is a key feature of the connector, reducing the risk of password-related breaches. It integrates with EmpowerID's password vaulting and rotation policies to ensure secure password management practices.

  • Windows Services and IIS Application Pools: Manages the identities and passwords used by Windows Services and IIS Application Pools, addressing potential security risks associated with these components.

Privileged Account Discovery

The Local Windows Connector extends its discovery and management capabilities to privileged accounts across Windows, Linux, Unix, and VMware ESXi systems, allowing organizations to manage all privileged identities from a single platform.

  • Lifecycle Management: Includes processes for recertification and ownership assignment, ensuring regular review and maintenance of privileged accounts to prevent unauthorized access.

Integration with the EmpowerID Framework

Integration with the EmpowerID framework enhances the connector's functionality, making it a versatile tool for identity governance:

  • IT Shop Integration: Supports access requests and approvals, simplifying the process for managing privileged access.

  • Privileged Session Manager Integration: Provides adaptive identity verification and session recording for enhanced security and compliance.

Inventory and Monitoring

The connector maintains up-to-date user and group information through inventory and membership reconciliation settings. The Account Inbox offers a centralized view of all user accounts and their status, providing a comprehensive snapshot for administrators.

User and Group Management

Administrators can efficiently manage local user accounts via the EmpowerID interface:

  • User Management: Create, update, disable, and delete local user accounts.

  • Group Management: Create and manage local groups, including actions such as mail-enabling or disabling groups.

Managing Windows Services and IIS Application Pools

The connector provides extensive management capabilities for Windows Services and IIS Application Pools:

  • Windows Services: Inventory and manage services on connected servers, including starting, stopping, and configuring service identities.

  • IIS Application Pools: Inventory and manage application pools, including the ability to start, stop, and recycle them.

Enhancing Security and Compliance

The EmpowerID Local Windows Connector significantly enhances an organization's security posture and compliance practices:

  • Centralized Management: Reduces the risk of unauthorized access by providing centralized control over local accounts.

  • Real-Time Monitoring: Detects and responds to potential security incidents swiftly.

  • Compliance Support: Automated auditing and reporting streamline compliance with regulatory standards.

Conclusion

The EmpowerID Local Windows Connector is an essential tool for efficiently and securely managing local Windows users and groups within an organization. Leveraging its core functionalities enhances security and compliance, while integration with the broader EmpowerID framework and Privileged Session Manager ensures unified and effective identity management across the enterprise.

  • No labels