6 Replies Latest reply on Jan 18, 2011 3:44 PM by SeanKeeley

    Safeboot encryption

      We have just implemented safeboot encryption and upon using the mini-admin tool, it was found that users can create a new database. We wanted helpdesk users to use tool. Is there a way to turn off or disable this feature?

        • 1. Re: Safeboot encryption
          jmcleish

          Hi,

          I jave moved your post to the Encryption: EEM Managed forum for better attention.

           

          Regards

          Jane

          • 2. Re: Safeboot encryption

            sorry no - the whole point of the administration system is to allow people to manage and create EEPC infrastructures. If you don't trust them to be administrators...?!?!

             

            Maybe you could do something file file permissions? Lock sdmcfg.ini for example, but in reality miniadmin is an unsupported hack to start with.

            • 3. Re: Safeboot encryption

              Thanks for the fast response. We were told that the mini-admin tool would be useful for helpdesk people, who might reset passwords or assist with remote people. Giving them a tool where they might make a mistake and create a database on the server would not be something I trust them with.

               

              Thanks again! Nice meeting you in Vegas!

              • 4. Re: Safeboot encryption

                WebHelpdesk Recovery provides that basic fuctionality (reset passwords, boot once, etc). And it does not require anything to install, just web browser.

                1 of 1 people found this helpful
                • 5. Re: Safeboot encryption

                  they can only create a database on a file path they have write access to, and they don't need file access to the server folders to use EEM - in fact it's almost essential that they connect to an EEM server, NOT to the actual files of the database.

                   

                  The worst they can do is create their own local environment - they can't mess up the main one any more than the permissions you give them.

                  1 of 1 people found this helpful
                  • 6. Re: Safeboot encryption
                    SeanKeeley

                    The EE Manager has very fine-grained user Admin Rights control. For example, I've created a group of admin users who only have rights to export machine configurations -- they can't delete, rename, etc. etc. Create Database is a specific option in Admin Rights under Database.

                     

                    By using the admin level and the specific Admin Rights options, you should be able to limit what your helpdesk can do to what they need. You likely will have to experiment somewhat -- I certainly did -- since I found the documentation terse/vague; for example, an ID must have Admin Rights Users Allow Administration in order to login to the Manager (obvious once stated but not documented that I could find).