diff --git a/.vale/styles/Netwrix/CalledUp.yml b/.vale/styles/Netwrix/CalledUp.yml new file mode 100644 index 0000000000..a2d841376e --- /dev/null +++ b/.vale/styles/Netwrix/CalledUp.yml @@ -0,0 +1,9 @@ +extends: existence +message: "Replace '%s' with 'open', 'access', or 'view' — 'called up' is not standard English for this meaning." +level: warning +ignorecase: true +tokens: + - '\bcalled\s+up\b' + - '\bcalls\s+up\b' + - '\bcalling\s+up\b' + - '\bcall\s+up\b' diff --git a/.vale/styles/Netwrix/CanBeUsedTo.yml b/.vale/styles/Netwrix/CanBeUsedTo.yml new file mode 100644 index 0000000000..9f7acfe5b9 --- /dev/null +++ b/.vale/styles/Netwrix/CanBeUsedTo.yml @@ -0,0 +1,7 @@ +extends: existence +message: "Rewrite '%s' in active voice — for example, 'Use X to...' or 'X lets you...'." +level: warning +ignorecase: true +tokens: + - '\bcan be used to\b' + - '\bcan be used for\b' diff --git a/.vale/styles/Netwrix/CarriedOut.yml b/.vale/styles/Netwrix/CarriedOut.yml new file mode 100644 index 0000000000..bf94ba0eb9 --- /dev/null +++ b/.vale/styles/Netwrix/CarriedOut.yml @@ -0,0 +1,6 @@ +extends: existence +message: "Replace the wordy phrase 'carried out' with a direct verb like 'performed', 'completed', or 'run' — or rewrite in active voice." +level: warning +ignorecase: true +tokens: + - 'carried out' diff --git a/.vale/styles/Netwrix/NaturallyFiller.yml b/.vale/styles/Netwrix/NaturallyFiller.yml new file mode 100644 index 0000000000..3de2f66d8c --- /dev/null +++ b/.vale/styles/Netwrix/NaturallyFiller.yml @@ -0,0 +1,7 @@ +extends: existence +message: "Remove the filler word '%s' — state the fact directly without implying it should be obvious." +level: warning +ignorecase: true +nonword: true +tokens: + - '\bnaturally\b' diff --git a/.vale/styles/Netwrix/PlainTextAdmonition.yml b/.vale/styles/Netwrix/PlainTextAdmonition.yml new file mode 100644 index 0000000000..1aa48f4f34 --- /dev/null +++ b/.vale/styles/Netwrix/PlainTextAdmonition.yml @@ -0,0 +1,9 @@ +extends: existence +message: "Use a Docusaurus admonition block (:::note, :::warning, or :::tip) instead of plain text '%s'." +level: warning +nonword: true +tokens: + - '(?m)^NOTE:' + - '(?m)^\*\*NOTE:\*\*' + - '(?m)^CAUTION:' + - '(?m)^\*\*CAUTION:\*\*' diff --git a/.vale/styles/Netwrix/QuestionHeadings.yml b/.vale/styles/Netwrix/QuestionHeadings.yml new file mode 100644 index 0000000000..4084515537 --- /dev/null +++ b/.vale/styles/Netwrix/QuestionHeadings.yml @@ -0,0 +1,7 @@ +extends: existence +message: "Headings should be declarative statements, not questions. Rewrite '%s' without a question mark." +level: warning +scope: heading +nonword: true +tokens: + - '\?' diff --git a/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md b/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md index 38663a1a47..2f76aebf33 100644 --- a/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md +++ b/docs/accessanalyzer/11.6/admin/report/wizard/widgets.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Widgets Page -The Widgets page of the Report Configuration wizard allows you to configure the tables, charts, and +Use the Widgets page of the Report Configuration wizard to configure the tables, charts, and text that form the report. ![Widgets page](/images/accessanalyzer/11.6/admin/report/wizard/widgets.webp) @@ -17,13 +17,13 @@ locations where widgets need to be configured. ![Configure widgets](/images/accessanalyzer/11.6/admin/report/wizard/widgetsconfigure.webp) To add a new widget to an empty element, click **Configure** and select the desired widget type from -the drop-down menu. The following widgets are available: +the dropdown menu. The following widgets are available: - [Grid](#grid) - [Chart](#chart) - [Text](#text) -The editor for the selected widget opens. See the relevant section below for information about +The editor for the selected widget opens. See the relevant section for information about configuring it. ![Table with configured widgets](/images/accessanalyzer/11.6/admin/report/wizard/widgetsconfigured.webp) @@ -38,26 +38,25 @@ following actions by selecting a row and clicking the relevant button: ## Grid -The Grid widget type allows you to configure a table to be displayed on generated reports. +Use the Grid widget type to configure a table to be displayed on generated reports. ![Grid configuration window](/images/accessanalyzer/11.6/admin/report/wizard/widgetgrid.webp) ### Options -The Options section allows you to configure the title and data source for the Grid element. +Use the Options section to configure the title and data source for the Grid element. ![Options section](/images/accessanalyzer/11.6/admin/report/wizard/widgetgridoptions.webp) The section contains the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. **DataSource Options** -In order to generate results, a location must first be selected as the source of the data. +To generate results, select a location as the data source. -- Table – Use the drop-down to select the required data source. The drop-down contains the list of +- Table – Use the dropdown to select the required data source. The dropdown contains the list of jobs within Enterprise Auditor that have been executed. - Current job only – Select this checkbox to only display data from the current job. This option is selected by default. @@ -82,7 +81,10 @@ You can configure the table to allow the data to be exported as a CSV file. - When it is configured, you can click the **All Data** button on the table section of the report to save the report as a CSV file. See the [Interactive Grids](/docs/accessanalyzer/11.6/admin/report/interactivegrids/overview.md) - topic for more information. + topic for details about interactive grids. + :::warning + Only interactive grids can be exported. Non-interactive grids display an "EOIeError" pop-up when you attempt to export a non-interactive grid as CSV. + ::: - Rows – Limits the amount of rows exported to the CSV file. The default is **Visible**. - Visible – Only includes the amount of rows set by the **Limit Maximum number of displayed rows to** option in the DataSource Options section @@ -94,7 +96,7 @@ You can configure the table to allow the data to be exported as a CSV file. ### Table Properties -The Table Properties section allows you to configure the display features of the grid. +Use the Table Properties section to configure the display features of the grid. ![Table Properties section](/images/accessanalyzer/11.6/admin/report/wizard/widgetgridtableproperties.webp) @@ -107,8 +109,7 @@ There are two types of grid displays: disables all the fields within the Table Properties section. :::note - In order to view user configured Grouping in emailed reports, the report must be - emailed as a **Non Interactive Grid**. + To view user-configured Grouping in emailed reports, email the report as a **Non Interactive Grid**. ::: @@ -118,7 +119,7 @@ The following settings are available when Interactive grid is selected: - Treat interactive grid contents as plain text (not HTML) – Enables interactive grid functionality. This option is selected by default. -- Enable Paging – Enables Paging in reports. Paging allows users to interact with large sets of data +- Enable Paging – Enables Paging in reports. With Paging, users can interact with large sets of data more efficiently when viewing, filtering, and sorting generated report tables by limiting the amount of data being displayed at a given time. Paging is enabled by default. See the [Paging](/docs/accessanalyzer/11.6/admin/report/interactivegrids/paging.md) @@ -129,7 +130,7 @@ The following settings are available when Interactive grid is selected: - Group Column – Arranges the table to be grouped by the attributes of the selected column :::note - Paging and grouping are not compatible. When Paging is enabled, the Grouping options + Paging and grouping aren't compatible. When Paging is enabled, the Grouping options are disabled in the Table Properties section and in the generated report. ::: @@ -141,8 +142,8 @@ The following settings are available when Interactive grid is selected: ### Data -The selected data for the table is shown in the section at the bottom of the window. This section -allows you to configure the data to be displayed in the table. +The selected data for the table is shown in the section at the bottom of the window. Use this section +to configure the data to be displayed in the table. ![Data display](/images/accessanalyzer/11.6/admin/report/wizard/widgetgriddata.webp) @@ -150,34 +151,33 @@ The buttons above the column names provide you options for configuring the table - Clear Sorting – Restores columns to the default placement - Column Chooser – Opens a pane where you can remove unwanted columns or add hidden columns -- Filter Editor – Opens the Filter Editor which allows you to add custom filters with conditional +- Filter Editor – Opens the Filter Editor, where you can add custom filters with conditional statements and logical connectives - Best Fit (all columns) –  Adjusts the width of the columns to display all the data within the cells ## Chart -Chart widgets allow you to create various chart types to represent data. A Chart Section can only +Use Chart widgets to create various chart types to represent data. A Chart Section can only display one chart type at a time. ![Chart configuration window](/images/accessanalyzer/11.6/admin/report/wizard/widgetchart.webp) ### Options -The Options section allows you to configure the title and data source for the Chart element. +Use the Options section to configure the title and data source for the Chart element. ![Chart Options](/images/accessanalyzer/11.6/admin/report/wizard/widgetchartoptions.webp) The section contains the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. **DataSource Options** -In order to generate results, a location must first be selected as the source of the data. +To generate results, select a location as the data source. -- Table – Use the drop-down to select the required data source. The drop-down contains the list of +- Table – Use the dropdown to select the required data source. The dropdown contains the list of jobs within Enterprise Auditor that have been executed. - Current job only – Select this checkbox to only display data from the current job. This option is selected by default. @@ -195,7 +195,7 @@ In order to generate results, a location must first be selected as the source of ### Chart Properties -The Chart Properties section allows you to select the type of chart you want to create. +Use the Chart Properties section to select the type of chart you want to create. ![Chart Properties](/images/accessanalyzer/11.6/admin/report/wizard/widgetchartproperties.webp) @@ -212,19 +212,19 @@ The following options are the available in the Chart Properties: - Stacked – Consolidated bar chart for comparing values :::note - Negative numbers cannot be plotted. + Negative numbers can't be plotted. ::: - Show Data Labels – Displays the column name for each section within a chart - Enum Column – Groups the data in chart by the selected column name -- Assign color for pie slice – Available only for pie charts. Allow you to customize the color for - each slice. Select the column header name from the drop-down menu, then use the color selector +- Assign color for pie slice – Available only for pie charts. Use this option to customize the color + for each slice. Select the column header name from the dropdown menu, then use the color selector window to choose the desired color. ### Link -The Link option allows you to add a hyperlink to the report to connect to other reports. +Use the Link option to add a hyperlink to the report to connect to other reports. ![Link Published Reports Tree](/images/accessanalyzer/11.6/admin/report/wizard/widgetchartlink.webp) @@ -233,35 +233,35 @@ report to link to and click **Ok**. ### Data -The table of data for the chart is displayed in the middle of the window. This table allows you to -customize the data that is to be shown in the chart. +The table of data for the chart is displayed in the middle of the window. Use this table to +customize the data to be shown in the chart. ![Data table](/images/accessanalyzer/11.6/admin/report/wizard/widgetchartdata.webp) The buttons above the column names provide you the following options for configuring the table arrangement: -- Filter Editor – Opens the Filter Editor which allows you to add custom filters with conditional +- Filter Editor – Opens the Filter Editor, where you can add custom filters with conditional statements and logical connectives - Best Fit (all columns) –  Adjusts the width of the columns to display all the data within the cells You can group the table by a column by dragging the column header to the bar above the header row. -If grouping is already applied, you can right-click on the grouping bar to expand or collapse all +If grouping is already applied, you can right-click the grouping bar to expand or collapse all the groups, or clear the grouping. -The pane to the right of the table allows you to filter which columns are displayed on the chart. +Use the pane to the right of the table to filter which columns are displayed on the chart. Select the checkbox next to the columns you want to include in the chart. ### Chart Preview -At the bottom of the page a preview of the currently configured chart is displayed. +A preview of the configured chart appears at the bottom of the page. ![Chart Preview](/images/accessanalyzer/11.6/admin/report/wizard/widgetchartpreview.webp) ## Text -There are two types of text editor that allow you to configure a text element on a report. +Two text editor types are available for configuring a text element on a report. - Basic Text Editor – Provides basic functionality like font size and style. Works with HTML script. - Advanced Text Editor – Provides advanced functionality like document formatting, inserting tables, @@ -274,7 +274,7 @@ Text Editor. On this dialog, select either the Basic or Advanced Text Editor and Editor**. The selected editor then opens. :::note -Once a Text Editor is selected for a Text element, it cannot be changed. +Once a Text Editor is selected for a Text element, it can't be changed. ::: @@ -284,17 +284,15 @@ Once a Text Editor is selected for a Text element, it cannot be changed. The Basic Text Editor has the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. - Editor / Preview tabs – You can switch between the Editor and Preview tabs. The Editor tab allows you to edit the text and apply formatting. The Preview tab shows you how the formatted text will look in the generated report.. - Convert Carriage Returns to HTML – This checkbox is selected by default. When selected, text - displays on a new line in the generated output where a carriage return has been used. If it is not + displays on a new line in the generated output where a carriage return has been used. If it isn't selected, the text continues on the same line. -The icons listed in the table below are available in the Basic Editor (and Advanced Editor) to -provide basic editing options for text entries. +The following table lists the icons available in the Basic Editor (and Advanced Editor) for basic editing options. | Icon | Description | | ------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | @@ -313,15 +311,12 @@ provide basic editing options for text entries. The Advanced Text Editor has the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. - Editor / Preview tabs – You can switch between the Editor and Preview tabs. The Editor tab allows you to edit the text and apply formatting. The Preview tab shows you how the formatted text will look in the generated report.. -The Advanced Editor contains all the icons from the Basic Editor, see above. In addition to these, -it has the icons with higher level editing options for text entries that are listed in the table -below. +The Advanced Editor contains all the icons from the Basic Editor, listed in the [Basic Text Editor](#basic-text-editor) section. In addition, it has the icons with higher level editing options for text entries that are listed in the following table. | Icon | Description | | ----------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | diff --git a/docs/accessanalyzer/12.0/admin/report/wizard/widgets.md b/docs/accessanalyzer/12.0/admin/report/wizard/widgets.md index 6288960a8d..11f4367544 100644 --- a/docs/accessanalyzer/12.0/admin/report/wizard/widgets.md +++ b/docs/accessanalyzer/12.0/admin/report/wizard/widgets.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Widgets Page -The Widgets page of the Report Configuration wizard allows you to configure the tables, charts, and +Use the Widgets page of the Report Configuration wizard to configure the tables, charts, and text that form the report. ![Widgets page](/images/accessanalyzer/12.0/admin/report/wizard/widgets.webp) @@ -17,13 +17,13 @@ locations where widgets need to be configured. ![Configure widgets](/images/accessanalyzer/12.0/admin/report/wizard/widgetsconfigure.webp) To add a new widget to an empty element, click **Configure** and select the desired widget type from -the drop-down menu. The following widgets are available: +the dropdown menu. The following widgets are available: - [Grid](#grid) - [Chart](#chart) - [Text](#text) -The editor or wizard for the selected widget opens. See the relevant section below for information +The editor or wizard for the selected widget opens. See the relevant section for information about configuring it. ![Table with configured widgets](/images/accessanalyzer/12.0/admin/report/wizard/widgetsconfigured.webp) @@ -38,26 +38,25 @@ following actions by selecting a row and clicking the relevant button: ## Grid -The Grid widget type allows you to configure a table to be displayed on generated reports. +Use the Grid widget type to configure a table to be displayed on generated reports. ![Grid configuration window](/images/accessanalyzer/12.0/admin/report/wizard/widgetgrid.webp) ### Options -The Options section allows you to configure the title and data source for the Grid element. +Use the Options section to configure the title and data source for the Grid element. ![Options section](/images/accessanalyzer/12.0/admin/report/wizard/widgetgridoptions.webp) The section contains the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. **DataSource Options** -In order to generate results, a location must first be selected as the source of the data. +To generate results, select a location as the data source. -- Table – Use the drop-down to select the required data source. The drop-down contains the list of +- Table – Use the dropdown to select the required data source. The dropdown contains the list of jobs within Access Analyzer that have been executed. - Current job only – Select this checkbox to only display data from the current job. This option is selected by default. @@ -81,7 +80,10 @@ You can configure the table to allow the data to be exported as a CSV file. as a CSV file from the generated report - When it is configured, you can click the **All Data** button on the table section of the report to save the report as a CSV file. See the - [Interactive Grids](/docs/accessanalyzer/12.0/admin/report/interactivegrids/overview.md) topic for more information. + [Interactive Grids](/docs/accessanalyzer/12.0/admin/report/interactivegrids/overview.md) topic for details about interactive grids. + :::warning + Only interactive grids can be exported. Non-interactive grids display an "EOIeError" pop-up when you attempt to export a non-interactive grid as CSV. + ::: - Rows – Limits the amount of rows exported to the CSV file. The default is **Visible**. - Visible – Only includes the amount of rows set by the **Limit Maximum number of displayed rows to** option in the DataSource Options section @@ -93,7 +95,7 @@ You can configure the table to allow the data to be exported as a CSV file. ### Table Properties -The Table Properties section allows you to configure the display features of the grid. +Use the Table Properties section to configure the display features of the grid. ![Table Properties section](/images/accessanalyzer/12.0/admin/report/wizard/widgetgridtableproperties.webp) @@ -105,8 +107,7 @@ There are two types of grid displays: disables all the fields within the Table Properties section. :::note - In order to view user configured Grouping in emailed reports, the report must be - emailed as a **Non Interactive Grid**. + To view user-configured Grouping in emailed reports, email the report as a **Non Interactive Grid**. ::: @@ -116,7 +117,7 @@ The following settings are available when Interactive grid is selected: - Treat interactive grid contents as plain text (not HTML) – Enables interactive grid functionality. This option is selected by default. -- Enable Paging – Enables Paging in reports. Paging allows users to interact with large sets of data +- Enable Paging – Enables Paging in reports. With Paging, users can interact with large sets of data more efficiently when viewing, filtering, and sorting generated report tables by limiting the amount of data being displayed at a given time. Paging is enabled by default. See the [Paging](/docs/accessanalyzer/12.0/admin/report/interactivegrids/paging.md) topic for additional information. @@ -126,7 +127,7 @@ The following settings are available when Interactive grid is selected: - Group Column – Arranges the table to be grouped by the attributes of the selected column :::note - Paging and grouping are not compatible. When Paging is enabled, the Grouping options + Paging and grouping aren't compatible. When Paging is enabled, the Grouping options are disabled in the Table Properties section and in the generated report. ::: @@ -138,8 +139,8 @@ The following settings are available when Interactive grid is selected: ### Data -The selected data for the table is shown in the section at the bottom of the window. This section -allows you to configure the data to be displayed in the table. +The selected data for the table is shown in the section at the bottom of the window. Use this section +to configure the data to be displayed in the table. ![Data display](/images/accessanalyzer/12.0/admin/report/wizard/widgetgriddata.webp) @@ -147,20 +148,20 @@ The buttons above the column names provide you options for configuring the table - Clear Sorting – Restores columns to the default placement - Column Chooser – Opens a pane where you can remove unwanted columns or add hidden columns -- Filter Editor – Opens the Filter Editor which allows you to add custom filters with conditional +- Filter Editor – Opens the Filter Editor, where you can add custom filters with conditional statements and logical connectives - Best Fit (all columns) –  Adjusts the width of the columns to display all the data within the cells ## Chart -Chart widgets allow you to create various chart types to represent data. A Chart Section can only +Use Chart widgets to create various chart types to represent data. A Chart Section can only display one chart type at a time. Charts are configured using the Chart Configuration wizard. See the [Chart Configuration Wizard](/docs/accessanalyzer/12.0/admin/report/chartwizard/overview.md) topic for additional information. ## Text -There are two types of text editor that allow you to configure a text element on a report. +Two text editor types are available for configuring a text element on a report. - Basic Text Editor – Provides basic functionality like font size and style. Works with HTML script. - Advanced Text Editor – Provides advanced functionality like document formatting, inserting tables, @@ -173,7 +174,7 @@ Text Editor. On this dialog, select either the Basic or Advanced Text Editor and Editor**. The selected editor then opens. :::note -Once a Text Editor is selected for a Text element, it cannot be changed. +Once a Text Editor is selected for a Text element, it can't be changed. ::: @@ -183,17 +184,15 @@ Once a Text Editor is selected for a Text element, it cannot be changed. The Basic Text Editor has the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. - Editor / Preview tabs – You can switch between the Editor and Preview tabs. The Editor tab allows you to edit the text and apply formatting. The Preview tab shows you how the formatted text will look in the generated report.. - Convert Carriage Returns to HTML – This checkbox is selected by default. When selected, text - displays on a new line in the generated output where a carriage return has been used. If it is not + displays on a new line in the generated output where a carriage return has been used. If it isn't selected, the text continues on the same line. -The icons listed in the table below are available in the Basic Editor (and Advanced Editor) to -provide basic editing options for text entries. +The following table lists the icons available in the Basic Editor (and Advanced Editor) for basic editing options. | Icon | Description | | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | @@ -212,15 +211,12 @@ provide basic editing options for text entries. The Advanced Text Editor has the following options: -- Element Title – Enter a title for the element in the text box. This will be displayed in the - element's header on the generated report. +- Element Title – Enter a title for the element in the text box. The generated report displays this in the element's header. - Editor / Preview tabs – You can switch between the Editor and Preview tabs. The Editor tab allows you to edit the text and apply formatting. The Preview tab shows you how the formatted text will look in the generated report.. -The Advanced Editor contains all the icons from the Basic Editor, see above. In addition to these, -it has the icons with higher level editing options for text entries that are listed in the table -below. +The Advanced Editor contains all the icons from the Basic Editor, listed in the [Basic Text Editor](#basic-text-editor) section. In addition, it has the icons with higher level editing options for text entries that are listed in the following table. | Icon | Description | | -------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/applications.md index 656b18acd6..8701772a5c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/applications.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/applications.md @@ -6,9 +6,9 @@ sidebar_position: 80 # Applications -## What are applications? +## Applications overview -Applications can be used to configure automated logins to various systems. Especially when combined +Applications lets you configure automated logins to various systems. Especially when combined with various protective mechanisms, the company benefits in terms of security because complex passwords are automated and entered in the login masks in concealed form. Various types are available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**) @@ -22,28 +22,28 @@ automatic logon to almost any kind of software. ## The four types of applications -Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web +Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO, and web applications. ![new application](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_2-en.webp) -In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types +**RDP and SSH** applications can be covered together in terms of how they're handled. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then opens in its own tab in the [Reading pane](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also -applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded +applications for websites. In contrast to RDP and SSH applications, they can't be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as [Learning the applications](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). -In contrast, RDP and SSH can be both completely defined and also started within Netwrix Password +RDP and SSH applications, in contrast, can be both completely defined and started within Netwrix Password Secure. ## RDP and SSH -A new RDP/SSH application can be created via the ribbon or also the context menu that is accessed +A new RDP/SSH application can be created via the ribbon or also the context menu that's accessed using the right mouse button. A corresponding form opens in each case where the variables for a connection can be defined. @@ -51,7 +51,7 @@ connection can be defined. These variables also correspond precisely to those (using the example of RDP here) that can be configured when creating an RDP connection via “mstsc”. Whether the connections should be started in -a tab, full screen mode or in a window can be defined in the field **"window mode"**. +a tab, full screen mode, or in a window can be defined in the field **"window mode"**. ## Working with RDP and SSH applications @@ -61,19 +61,19 @@ The connection to the desired session can be established via the icon **Establis ![estabish RDP](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) Netwrix Password Secure now attempts to log in to the target system with the information available. -Data that are not saved in the form will be directly requested when opening the session. It is thus +Data that aren't saved in the form are directly requested when opening the session. It's thus also possible to only enter the IP address and/or the password after starting the Netwrix Password -Secure application. If all data has been retrieved, the RDP session will open in a tab – if so +Secure application. If all data has been retrieved, the RDP session opens in a tab – if so defined (Window mode field in the application): ![RDP session](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_5-en.webp) ## Logging in via SSH certificates -It is also possible to complete the authentication process using SSH certificates. For this purpose, +It's also possible to complete the authentication process using SSH certificates. For this purpose, the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this file ending in the settings). The document is then linked to the record via the footer. The record -does not need to have a password. However, it is necessary for the record to be linked to a SSH +doesn't need to have a password. However, it's necessary for the record to be linked to a SSH application. ## Linking records and applications @@ -82,7 +82,7 @@ The application defines the requirements for the desired connection and also opt target system. By linking records with applications, the complete login process can be automated. If the record now also supplies the user name and password, all of the information required for the login is available. Applications and records are linked via the "Start" tab in the ribbon. If this -link to a record is established, a 1-click login to the target system is possible. +link to a record is established, a 1-click log in to the target system is possible. ![linking RDP](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_6-en.webp) @@ -97,16 +97,16 @@ multiple access points. ![multiple access points](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_8-en.webp) -This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple -servers with one single password is questionable from a security standpoint. It is generally +This is generally a very common scenario. Nevertheless, accessing multiple +servers with one single password is questionable from a security standpoint. It's generally recommended that a unique password is issued for every server/access point. -NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP -address** field exists in the linked record then this address will be used. If there is also no IP -address in the record, a popup window will appear in which the desired IP address can be entered -manually. +:::note +It's possible to leave the **IP address** field empty in the application. If an **IP address** field exists in the linked record then this address is used. If there's also no IP address in the record, a popup window appears where the desired IP address can be entered manually. +::: -Alternatively, it is possible to connect several records with one RDP connection. In this way, you -can combine different users with an RDP connection and register them straightforward. +Alternatively, it's possible to connect several records with one RDP connection. In this way, you +can combine different users with an RDP connection and register them. ![connect RDP sessions](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_9-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md index 29ba772f75..fe2d206c7a 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md @@ -6,12 +6,12 @@ sidebar_position: 30 # Configuration of SAML -## What is SAML? +## SAML overview The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and authorization information. It provides functions to describe and transmit security-related information. This means that you can use one set of credentials to log in to many different -websites. It is much easier to manage one login per user than separate logins for email, Customer +websites. It's much easier to manage one login per user than separate logins for email, Customer Relationship Management (CRM) software, Active Directory, and more. ## Preconditions @@ -22,13 +22,13 @@ Web Application must already be "set up or installed". ## Configuration -In order to create **SAML applications**, SAML must **first** be activated. +To create **SAML applications**, SAML must **first** be activated. This is implemented in the settings of the database in the Server Manager: ![activate SAML](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_1-en.webp) -As soon as the check box is ticked, the next step is to enter the URL of the Web Application. The +As soon as the checkbox is ticked, the next step is to enter the URL of the Web Application. The SAML configuration screen should then look like this: ![SAML configuration ](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_2-ewn.webp) @@ -37,8 +37,9 @@ The screen is left open and the configuration is continued at the Advanced view. to the client as usual and switch to the **Applications** module. Select a **new SAML application** and fill it with the relevant data from the service provider. -NOTE: The data of the service provider, which are entered in the Advanced view, can be found at the -respective provider. This differs from provider to provider. +:::note +The data of the service provider, which are entered in the Advanced view, can be found at the respective provider. This differs from provider to provider. +::: ![new SAML application](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_3-en.webp) @@ -53,13 +54,11 @@ himself. After verification, the **SAML application** can be started from the Basic view view. :::warning -As this is a passwordless authentication, it is not necessary to link the **SAML +As this is a passwordless authentication, it isn't necessary to link the **SAML application** with a password. ::: +:::note +Setup and configuration instructions for [SAML Application for Dropbox](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and [SAML application for Postman](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be found in the corresponding chapters. +::: -NOTE: Setup and configuration instructions for -[SAML Application for Dropbox](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) -and -[SAML application for Postman](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can -be found in the corresponding chapters. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md index 6c4a0fffd9..10654c2192 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md @@ -8,16 +8,16 @@ sidebar_position: 30 ## SAML configuration example for Postman -This chapter explains how to configure the SAML application for **Postman**. It is assumed that +This chapter explains how to configure the SAML application for **Postman**. It's assumed that [Configuration of SAML](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been activated in the Server Manager. - First, you register with Postman. -- After logging in, click on the avatar and select "**Settings**". +- After logging in, click the avatar, and select "**Settings**". ![settings postman](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_1-en.webp) -- Then click on **Authentication**. Select a new method in the upper right corner. +- Then click **Authentication**. Select a new method in the upper right corner. ![option authentication postman](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_2-en.webp) @@ -38,5 +38,7 @@ Then you come to the actual configuration. ![postman service provider details](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_5-en.webp) -NOTE: Please note that a **Relay State** is required. This value can be created in the **Configure -Identity Provider Details View**. +:::note +A **Relay State** is required. This value can be created in the **Configure Identity Provider Details View**. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index 663605b05f..c3b55842b2 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -10,7 +10,7 @@ sidebar_position: 10 Logging into SAP can be achieved via the usage of [Start Parameter](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). -The prerequisite here is for the login process to be carried out via the "SAPshortcut". All +The prerequisite here is for the login process to be performed via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 617b9b0465..842d210208 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -6,13 +6,13 @@ sidebar_position: 10 # Learning the applications -## Which applications need to be learned? +## Applications that require learning -As already indicated in the previous section, RDP and SSH applications are completely embedded in -Netwrix Password Secure. These applications thus do not need to be specially learned. All other +As already indicated in the previous section, RDP, and SSH applications are completely embedded in +Netwrix Password Secure. These applications thus don't need to be specially learned. All other applications in Windows need to be learned once. -## What does learning mean? +## Learning process overview The record contains the user name and password. Learning involves defining the steps required. The result is equivalent to a script that defines where precisely the login data should be entered. In @@ -36,13 +36,13 @@ First, a new SSO application is created via the ribbon. ![new sso application](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp) Various properties for the application can now be defined in the tab that opens. The fields **Window -title**, **Application** and **Application path** are not manually filled. This is done via the +title**, **Application** and **Application path** aren't manually filled. This is done via the **Create application** button in the ribbon: ![new sso application](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp) A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields. -You can see the field assignment for the user name below using a login to an SQL server as an +You can see the field assignment for the user name below using a log in to an SQL server as an example. All of the other fields that should be automatically entered are assigned in the same way. The process is always the same. You select the field that needs to be automatically filled and then decide which information should be used to fill it. @@ -51,17 +51,15 @@ decide which information should be used to fill it. In parallel to the previous step, all of the already assigned fields will be displayed on the right edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP, -user name, password and clicking the button to subsequently confirm the login. +user name, password, and clicking the button to subsequently confirm the login. ![connected fields](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp) -NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It -can be used to define other factors for the SSO. An area is defined that then serves as the output -for the comparison (e.g. for login masks with an image). In order to activate the graphical -recognition function, click on the eye at the top right after assigning the fields! The area that -will serve as the output point is then marked. +:::note +"Graphical recognition:" The graphical recognition function provides additional protection. It lets you define other factors for the SSO. An area is defined that then serves as the output for the comparison (e.g. for login masks with an image). To activate the graphical recognition function, click the eye at the top right after assigning the fields. The area that serves as the output point is then marked. +::: -Once you have assigned all of the fields, you can exit the application process using the enter +After you have assigned all of the fields, you can exit the application process using the enter button. The fields "Window title", "Application" and "Application path" mentioned at the beginning are now automatically filled. @@ -75,8 +73,8 @@ storage location for all users, it can then also be accessed by all other users. In the [Passwords](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly linked. To do this, mark the record to be linked -and open the "Connect application" menu in the "Start" tab via the ribbon. This will open a list of -all the available applications. It is now possible here to link to the previously created +and open the "Connect application" menu in the "Start" tab via the ribbon. This opens a list of +all the available applications. It's now possible here to link to the previously created application "VMware". ![connect application with record](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_6-en.webp) @@ -88,7 +86,8 @@ future. Pressing the button directly opens the linked application. :::warning With respect to permissions, applications are subject to the same rules as for -passwords, roles or documents. It is possible to separately define which group of users is permitted +passwords, roles, or documents. It's possible to separately define which group of users is permitted to use each application. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index 11611df314..f76dda6fd8 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -18,7 +18,7 @@ form appears in which you define the variables for a connection. These variables correspond exactly to those that can be configured (here using the RDP example) when creating an RDP connection via "mstsc". The window mode defines whether the connection should be -started in a tab, in full screen mode or in a separate window. +started in a tab, in full screen mode, or in a separate window. ## Working with RDP and SSH Applications @@ -28,18 +28,20 @@ the icon "Establish RDP connection" the connection to the desired session will b ![establish RDP](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) Netwrix Password Secure now tries to log in to the target system with the available information. All -missing information will be requested directly after the connection is established. It is therefore +missing information will be requested directly after the connection is established. It's therefore also possible to enter the IP address and/or password after starting the application. ![RDP connection](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications_3-en.webp) ## Login via SSH certificates -It is also possible to use SSH-certificates for authentication. For this purpose, the certificate is +It's also possible to use SSH-certificates for authentication. For this purpose, the certificate is stored as a document in .ppk format. The document is then linked to the data record via the footer. -The data record does not have to contain a password, but it must be linked to an SSH application. +The data record doesn't have to contain a password, but it must be linked to an SSH application. -NOTE: The file extension may first have to be enabled via the settings. +:::note +The file extension may first have to be enabled via the settings. +::: ## Keyboard shortcuts @@ -47,3 +49,4 @@ Netwrix Password Secure supports various [Keyboard shortcuts](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md). For example transferring user name and password to the corresponding application. However, it should be noted that this only works if the application is opened directly from Netwrix Password Secure + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index 7257321e82..4c719166cf 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Recording a session -## What is session recording? +## Session recording overview -Session recording can be used to make a visual recording of RDP and SSH sessions. These recordings -can then be subsequently viewed and evaluated. In this context, it is also possible to limit this +Session recording lets you make a visual recording of RDP and SSH sessions. These recordings +can then be subsequently viewed and evaluated. In this context, it's also possible to limit this functionality so that only the user themselves or an assigned person e.g. security officer can view and evaluate these recordings. @@ -23,10 +23,9 @@ The following options are required to manage sessions for an application. - Can manage recordings for an application -NOTE: Please note that session recording uses disk space in the database. Although the way the -recordings are saved is efficient in terms of resources, the required amount of disk space varies -greatly depending on the content. The more that is done during the recorded session, the higher the -disk space usage. +:::note +Session recording uses disk space in the database. Although the way the recordings are saved is efficient in terms of resources, the required amount of disk space varies greatly depending on the content. The more that's done during the recorded session, the higher the disk space usage. +::: Session recording firstly needs to be activated for the relevant RDP or SSH application before it can take place. @@ -39,27 +38,27 @@ can take place. ![activating session recording](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_3-en.webp) -If the setting has been activated, the recording will start automatically the next time a connection +If the setting has been activated, the recording starts automatically the next time a connection is established. -NOTE: The recordings are already streamed to the server and saved into the database during the -recording process. Therefore, no recordings are lost even if the connection is terminated. They are -immediately saved until the connection is terminated or until the end of the session. +:::note +The recordings are already streamed to the server and saved into the database during the recording process. Therefore, no recordings are lost even if the connection is terminated. They're immediately saved until the connection is terminated or until the end of the session. +::: ## Viewing the session recordings -If recordings exist for an application, these can be called up and viewed in the Applications +If recordings exist for an application, these can be opened, and viewed in the Applications module. ![viewing session recording](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_4-en.webp) -It is possible to search the session recordings using the filter as usual. It is also possible here -to limit the search results based on the date and user. In the section on the right, it is also +You can search the session recordings using the filter as usual. You can also +to limit the search results based on the date and user. In the section on the right, it's also possible to further filter the searched list based on all column contents. ![session records](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_5-en.webp) -Once a session recording has been selected, a new tab will open in which you can view the recording. +Once a session recording has been selected, a new tab opens where you can view the recording. The function "Skip inactivity" can be activated via the ribbon so that a recording can be effectively and quickly viewed so as only to see the relevant actions. @@ -75,3 +74,4 @@ effectively and quickly viewed so as only to see the relevant actions. If desired, recordings can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section [Managing databases](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md)s. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md index 3488c1113e..1da9bdc659 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Client Module -## What are modules? +## Modules overview Netwrix Password Secure can be customized according to the needs of the users. This requirement can be applied by the user, and can also be applied by administrative users. This means that everyone @@ -25,7 +25,9 @@ individually within the user rights. ![user settings](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/client_modules_2-en.webp) -NOTE: The visibility of modules can always be adapted to the needs of individual user groups +:::note +The visibility of modules can always be adapted to the needs of individual user groups +::: ## Sorting modules @@ -37,10 +39,12 @@ example). ![sorting modules](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/client_modules_3-en.webp) -The navigation options enable you to define the maximum number of visible elements and also how they +The navigation options let you define the maximum number of visible elements and also how they are sorted. ![sorting modules](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/client_modules_4-en.webp) -NOTE: The previously described visibility of the modules is a basic requirement for viewing and -sorting them in the navigation options +:::note +The previously described visibility of the modules is a basic requirement for viewing and sorting them in the navigation options +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index 4d53bb3c5d..2b3cb203a6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -19,7 +19,9 @@ table: ![discovery service entries](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-2-en.webp) -NOTE: The information can be grouped together using the column editor. +:::note +The information can be grouped together using the column editor. +::: ## Network Scan @@ -64,7 +66,7 @@ finished, the **Network Scan** scans the **network** according to these guidelin 1. **Password** and **Computer scan variants**: The required password must already have been issued and it requires corresponding rights for the domain. Active Directory computer: Only those - computers that are in Active Directory are scanned (there is also the option of using it + computers that are in Active Directory are scanned (there's also the option of using it individually or pinging the network). Ping network: A network filter for the configuration of the network is displayed. 2. **Network filter**: This defines the network to be scanned: either using an IP range or an IP @@ -80,11 +82,10 @@ finished, the **Network Scan** scans the **network** according to these guidelin user of services or _Local user_. :::warning -The system executing the scan – on which the Server Manager is installed – is not -scanned! +The system executing the scan – on which the Server Manager is installed – isn't +scanned. ::: - ## Interval / Executing server / Tags This section is used to enter information about the start of the task and other additional @@ -111,6 +112,7 @@ Depending on the message, the **Discovery Service Task** may need to be amended. :::warning The **default setting** for the **Discovery Service Task** after it has been saved is **Activated!** It will **immediately actively** scan the network for data. This data is **read** but -not amended! +not amended. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md index faea8fe463..11d9dae862 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -9,13 +9,13 @@ sidebar_position: 40 An important element for the **Discovery Service** is the **Conversion Wizard**. It processes the discovered **entries** and then creates corresponding **passwords** and **Password Resets**. -The **Conversion Wizard** is started in the Start ribbon and it is also possible to switch here to +The **Conversion Wizard** is started in the Start ribbon and it's also possible to switch here to the **System Tasks**. ![ribbon](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_1-en.webp) After the **Discovery Service Task** has been successfully executed, the entries are available in -the **Discovery Service**. Further processing of the entries is then carried out using the +the **Discovery Service**. Further processing of the entries is then performed using the **Conversion Wizard**. For processing in the **Conversion Wizard**, the network is scanned for the following types: @@ -24,7 +24,7 @@ following types: 3. Discovered type: User account !! hint Only those **services are recorded** to which at least one **AD user** or **user account** -can be assigned! Only **AD users** and **user accounts** to which **at least one service** can be +can be assigned. Only **AD users** and **user accounts** to which **at least one service** can be assigned are recorded. ## Execution @@ -44,12 +44,13 @@ In the **Discovery Service** table, the user selects the entries for which he wa has been entered. 3. This column shows the **discovered type** for the entry. 4. This column shows already existing passwords in Netwrix Password Secure that match the discovered - **Active Directory user** or **user account**. It is possible to select here which password can - be used when creating a **Password Reset** (it is then used as the only password linked to the + **Active Directory user** or **user account**. It's possible to select here which password can + be used when creating a **Password Reset** (it's then used as the only password linked to the Password Reset). Alternatively, these passwords can also be newly created. -NOTE: Logically, **every root node** corresponds to **one user** and all of its associated data -(e.g. services). A **Password Reset** is created later for **every user** and its associated data. +:::note +Logically, **every root node** corresponds to **one user** and all of its associated data (e.g. services). A **Password Reset** is created later for **every user** and its associated data. +::: The following image shows the options **add new password** or retain **existing password**. @@ -63,32 +64,32 @@ The **Password Reset** is configured in the **Settings Ribbon**. ![reset setting](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_4-en.webp) -The **settings** will be described in more detail below: +The **settings** are described in more detail in the following section: 1. The organisational unit in which the **Password Reset** should be created is entered here. In addition, a template for the rights inheritance can be entered here. 2. The **responsible user** for the **password** is entered here. A special tag can be set here. 3. Adding a **Password Reset** Option 1: **Do you also want to add a Password Reset?** Adds a - **Password Reset** If **option 1** is not selected, the following options are not displayed. + **Password Reset** If **option 1** isn't selected, the following options aren't displayed. 4. Setting for executing a **Password Reset** Option 2: **(Execute Password Resets immediately after - they are created)** means that the **Password Reset** will be executed as soon as you click on + they're created)** means that the **Password Reset** is executed as soon as you click **Finish**. 5. The **responsible user for the Password Reset** is entered here. 6. Various **triggers for the Password Reset** can be selected here. :::warning -After clicking on **Finish**, the **Password Resets** will be **immediately executed** -and the **passwords changed!**. This also applies to **Windows passwords!** +After clicking on **Finish**, the **Password Resets** are **immediately executed** +and the **passwords changed.**. This also applies to **Windows passwords.** ::: - -If option 1: **Do you also want to add a Password Reset?** is not selected, \*steps 4, 5 and 6 are +If option 1: **Do you also want to add a Password Reset?** isn't selected, \*steps 4, 5, and 6 are not displayed for configuration. ![password reset option](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_5-en.webp) -NOTE: After clicking on **Finish**, one or more **passwords will be created** but **no corresponding -Password Resets will be created!** +:::note +After clicking on **Finish**, one or more **passwords are created** but **no corresponding Password Resets are created.** +::: ## Assignment (Active Directory user) @@ -112,8 +113,8 @@ The following images shows the **Assignment (Active Directory user)** Ribbon ### Procedure 1. An **Existing form** is selected here -2. The **assignment** to the fields is carried out here Important assignments are **Type: General** - and **Type: Password Reset**. An amendment can be carried out here +2. The **assignment** to the fields is performed here Important assignments are **Type: General** + and **Type: Password Reset**. An amendment can be performed here ### "New form" selected @@ -123,12 +124,12 @@ The following images shows the **Assignment (Active Directory user)** Ribbon 1. A name for the **New form** needs to be entered here 2. The discovered entries are **automatically** assigned as standard Important assignments are - **Type: General** and **Type: Password Reset**. An amendment can be carried out here + **Type: General** and **Type: Password Reset**. An amendment can be performed here ### Summary -A brief overview of the actions that will be carried out with the added configuration is displayed -in the **Summary** Ribbon. These actions will then be carried out if you click on **Finish**. +A brief overview of the actions performed with the added configuration is displayed +in the **Summary** Ribbon. These actions are then performed when you click **Finish**. ![summary](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_9-en.webp) @@ -136,40 +137,38 @@ in the **Summary** Ribbon. These actions will then be carried out if you click o An important aspect of Netwrix Password Secure V8 is the **security** of passwords on systems. In the **Discovery Service**, a **security measures** is thus triggered at the **last step** for -creating **Password Resets**. If the option **Execute Password Resets immediately after they are +creating **Password Resets**. If the option **Execute Password Resets immediately after they're created** is used in the configuration, the **selected passwords** are immediately changed after clicking on **Finish**. :::warning -**If you are not paying careful attention, this could have inconvenient consequences.** +**If you aren't paying careful attention, this could have inconvenient consequences.** ::: - **Security level 1:** An **Important note** is displayed in the **Summary** after clicking on **Finish**. :::warning -**Please observe the note and read it through carefully!** +**observe the note and read it through carefully.** ::: - -An **Overview** of which actions will be carried out is displayed for the user together with this -note. The user can then still decide to **Cancel** the process. If you click on **OK**, an +An **Overview** of the actions to be performed is displayed for the user together with this +note. The user can then still decide to **Cancel** the process. If you click **OK**, an **additional confirmation warning** will be displayed. ![important note](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_10-en.webp) **Security level 2:** -Another **confirmation prompt** highlights that it is important to understand what you are about to -do. It will no longer be possible to reverse the actions afterwards! +Another **confirmation prompt** highlights that it's important to understand what you're about to +do. It is no longer possible to reverse the actions afterwards. :::warning -**Last chance to cancel the execution!** +**Last chance to cancel the execution.** ::: - ![securtiy warning](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_11-en.webp) After **entering the displayed number** and **confirming with OK**, the process is **executed -immediately** and the **Password Resets** are carried out and the **associated passwords changed**. +immediately** and the **Password Resets** are performed and the **associated passwords changed**. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md index 73db2be6ac..789d396fd7 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -12,14 +12,14 @@ Service Task** that was executed and can be found and displayed using the filter ## Deletion process -The discovered data in the **Discovery Service** cannot simply be deleted and removed from the -**Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it is +The discovered data in the **Discovery Service** can't simply be deleted and removed from the +**Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it's necessary to delete the discovered entries via the **Discovery Service Task** that was created. If -entries were discovered using a joint **Discovery Service Task**, it is not possible to simply -delete them. This is the case if two different users have carried out a scan on the same area. If +entries were discovered using a joint **Discovery Service Task**, it isn't possible to simply +delete them. This is the case if two different users have performed a scan on the same area. If you delete one of the two **Discovery Service Task**, only the entries that had a single link to -this **Discovery Service Task** will be deleted. The entries for the other **Discovery Service -Task** will be retained and must be deleted via the associated **Discovery Service Task**. You can +this **Discovery Service Task** are deleted. The entries for the other **Discovery Service +Task** are retained and must be deleted via the associated **Discovery Service Task**. You can find out which **Discovery Service Task** found a particular entry by selecting the entry via the **Conversion Wizard**. @@ -29,9 +29,9 @@ find out which **Discovery Service Task** found a particular entry by selecting If the IP range for an existing **Discovery Service Task** is changed and the **Discovery Service Task** is then executed for this new IP range, the previously discovered entries from the previous -executed **Discovery Service Task** will be deleted from the **Discovery Service**. If you want to -carry out a **Discovery Service Task** for a different IP range, you should create a new **Discovery -Service Task**. This will prevent any already discovered entries from being deleted. However, if the +executed **Discovery Service Task** are deleted from the **Discovery Service**. To +carry out a **Discovery Service Task** for a different IP range, create a new **Discovery +Service Task**. This prevents any already discovered entries from being deleted. However, if the existing entries are no longer required, you can delete them by using the same **Discovery Service Task** with a different IP range. @@ -44,8 +44,10 @@ Task** with a different IP range. 7. Exception: 8. Task B scans the IP address: 192.168.150.1 9. The same entries for IP address 192.168.150.1 are discovered as for 1. -10. A new scan using Task A with a different IP address 192.168.150.2 will not delete the data from +10. A new scan using Task A with a different IP address 192.168.150.2 won't delete the data from Task B -NOTE: The **Password Resets** and **passwords** created using the **Conversion Wizard** are not -deleted when the **Discovery Service Tasks** are deleted. +:::note +The **Password Resets** and **passwords** created using the **Conversion Wizard** aren't deleted when the **Discovery Service Tasks** are deleted. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md index 312dcdb6b1..0538e1171d 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -8,8 +8,8 @@ sidebar_position: 30 The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can take some time for all the data on the systems for the entered IP network to be collected. This can -be easily recognized by the **blue arrow** symbol on the **Discovery Service Task** and a -corresponding message is also shown in the General display. Once the **Discovery Service Task** has +be recognized by the **blue arrow** symbol on the **Discovery Service Task** and a +corresponding message is also shown in the General display. After the **Discovery Service Task** has been completed, the data will be shown in the **Discovery Service module**. ![new discovery service task](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_1-en.webp) @@ -25,10 +25,11 @@ described below. 3. **Overview**: Current data for the **Discovery Service Task** about its progress and subsequent executions are shown here. 4. **Logbook**: The **logbook** can be found in the **footer** of the **Discovery Service Task**. - The latest activities carried out by the **Discovery Service Task** are shown here. + The latest activities performed by the **Discovery Service Task** are shown here. -NOTE: The **data** is **not kept up-to-date while the task is being executed** and does not always -show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**! +:::note +The **data** is **not kept up-to-date while the task is being executed** and doesn't always show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**. +::: ## Using the Discovery Service entries @@ -45,20 +46,21 @@ Task** and selected for the **Conversion Wizard** are displayed. If multiple entries are selected for a **Password Reset**, a corresponding number of **passwords** and **Password Resets** need to be added in the **Conversion Wizard**. Depending on the entries -selected (service, Active Directory user, user account), it is necessary to carry out corresponding +selected (service, Active Directory user, user account), it's necessary to carry out corresponding **assignments** in the **Conversion Wizard** for the **passwords**. ![Discovery service conversion wizard ](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_3-en.webp) -Every line must be connected to a **password** in the end. Therefore, it is necessary to carry out +Every line must be connected to a **password** in the end. Therefore, it's necessary to carry out an assignment process in the **Conversion Wizard** for every entry. ![Discovery service conversion wizard ](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_4-en.webp) -For **Active Directory users**, it is possible to assign an existing **password**. +For **Active Directory users**, it's possible to assign an existing **password**. -NOTE: The subsequent process is carried out in the same way as when only one **Discovery Service -entry** is selected. +:::note +The subsequent process is performed in the same way as when only one **Discovery Service entry** is selected. +::: ## Filter settings @@ -83,3 +85,4 @@ Description of the **filter with the special options for the Discovery Service e 5. **Transferred as Password Reset**: Indicates whether a Password Reset can be created via the Conversion Wizard 6. **Discovery service system tasks**: The entries are filtered here based on the System Task. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md index d9dc37f534..1a2051e409 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -9,13 +9,13 @@ sidebar_position: 100 ## The problem **Service accounts** are used on most networks. These accounts are used, for example, to carry out -certain services. It is not uncommon for **one and the same password** to be used here for multiple +certain services. It isn't uncommon for **one and the same password** to be used here for multiple accounts. Manually changing these passwords is extremely time consuming. Therefore, this process is often ignored for reasons of convenience. The result is that the same outdated passwords are often used for many **security-critical access -points**. This naturally represents a **severe security risk** and leaves the door wide open for any -attacker who gains access to just one of the passwords! +points**. This represents a **severe security risk** and leaves the door wide open for any +attacker who gains access to just one of the passwords. ## The solution diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index ce9096bd91..f736b554be 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -37,10 +37,10 @@ If an error occurs during the execution of the **Discovery Service Task**, this In general, the **logbook module** displays more detailed information about the **Discovery Service Task**. The [Filter](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md) -can be used to select which data is displayed. The same **events** as for the footer for the +lets you select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. ![logbook entries](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-3-en.webp) -The column editor can be used to arrange and display the data in the table according to their +The column editor lets you arrange and display the data in the table according to their importance. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/requirements.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/requirements.md index 15ea8a804d..5ae2c7f11b 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/requirements.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -26,10 +26,9 @@ can use a domain administrator. :::warning A corresponding **password** with **rights** for the **domains** must exist before -adding a **Network Scan**! +adding a **Network Scan**. ::: - ### Password - Required for the **authentication** process with the **Active Directory computer**. @@ -40,19 +39,21 @@ adding a **Network Scan**! - The computer to be scanned and AD controller must be accessible via the network. - The service: “Windows Management Instrumentation” must have been started on the computer to be - scanned (carried out by Windows as standard). + scanned (performed by Windows as standard). - Help section for starting the service: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa826517(v=vs.85).aspx) -- The firewall must not block WMI requests (not blocked as standard). +- The firewall mustn't block WMI requests (not blocked as standard). - Help section for configuring the firewall: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa822854(v=vs.85).aspx) -NOTE: Only **IPv4 addresses** can currently be scanned. +:::note +Only **IPv4 addresses** can be scanned. +::: ### Open ports for the scan (necessary) -LDAP: Port 389(TCP,UDP) RPC/WMI: Port 135(TCP) (Windows Server 2008, Windows Vista and higher -versions) – port 49152-65535 (TCP) or a static WMI port (Windows 2000, Windows XP and Windows +LDAP: Port 389(TCP,UDP) RPC/WMI: Port 135(TCP) (Windows Server 2008, Windows Vista, and higher +versions) – port 49152-65535 (TCP) or a static WMI port (Windows 2000, Windows XP, and Windows Server 2003) – port 1025-5000 (TCP) or a static WMI port ### Computer name (Hostname) @@ -61,8 +62,9 @@ Server 2003) – port 1025-5000 (TCP) or a static WMI port it was found (the IP address of the domain controller in the case of an Active Directory user). 2. Computer name and associated IP address: The computer name is first requested on the **DNS server** for the domain. The computer name returned by the server also contains the domain names - as a postfix (e.g. Client01.domain.local). If there is no entry on the domain for the requested - IP address, the computer name is determined via **NetBIOS**. The domain name is not displayed on + as a postfix (e.g. Client01.domain.local). If there's no entry on the domain for the requested + IP address, the computer name is determined via **NetBIOS**. The domain name isn't displayed on the computer (e.g. Client01). In Netwrix Password Secure V8, the **DNS request** is the preferred function for determining the computer name. If no result is delivered, a request via **NetBIOS** is made. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/documents.md index e08bfccb90..f420138f51 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/documents.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/documents.md @@ -6,15 +6,14 @@ sidebar_position: 20 # Documents -## What are documents? +## Documents overview -Security-critical data does not necessarily need to be in the form of passwords. To enable the +Security-critical data doesn't necessarily need to be in the form of passwords. To enable the uniform and secure storage of data other than passwords, Netwrix Password Secure version 8 offers effective tools for the professional handling of sensitive documents and files. The ability to share documents with others according to their permissions gives you access to the current status of a document and helps avoid redundancies. The documents module is complemented by a sophisticated -version management system, which records all versions of a document that were saved in the past and -thus enables you to revert back to historical versions. The configuration of visibility is explained +version management system, which records all versions of a document that were saved in the past, and thus lets you revert back to historical versions. The configuration of visibility is explained in a similar way to the other modules in one place.. ![Document modul](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/documents/documents_1-en.webp) @@ -31,10 +30,10 @@ The following option is required to add new documents. There are two ways to manage documents and files in Netwrix Password Secure v8: -- **Creating a link**: In this case, only a file that is located locally or on a network drive will - be linked. The file itself is not stored in the database. Neither version management nor the +- **Creating a link**: In this case, only a file that's located locally or on a network drive will + be linked. The file itself isn't stored in the database. Neither version management nor the traceability of changes in the history are possible. -- **Storing the document in the database**: The file becomes part of the encrypted database. It is +- **Storing the document in the database**: The file becomes part of the encrypted database. It's saved within the database and can be made available selectively to employees for further processing in the future based on their permissions. @@ -57,12 +56,14 @@ history in the ribbon, as well as in the footer area for ​​the detailed view be used in the same way as the [History](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list -of all information that is relevant to the handling of sensitive data. Version management can be +of all information that's relevant to the handling of sensitive data. Version management can be used to restore any historical versions of a document. -NOTE: The file size for a **linked document** can only be updated if the document was opened using -Netwrix Password Secure. +:::note +The file size for a **linked document** can only be updated if the document was opened using Netwrix Password Secure. +::: + +:::note +If desired, the document history can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section Managing databases. +::: -NOTE: If desired, the document history can be automatically cleaned up. This option can be -configured on the **Server Manager**. Further information can be found in the section Managing -databases. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/change_form.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/change_form.md index 18648f03c2..570c6f930f 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/change_form.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/change_form.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Changing forms -It is necessary in some cases to change the form for a record. In these cases, this is mostly to +It's necessary in some cases to change the form for a record. In these cases, this is mostly to consolidate existing data or to adapt the form to match changes in the data structure. These functionalities are available under "Extras/Settings" in the ribbon. @@ -20,11 +20,11 @@ previously used form to the new form. In this example, a record that previously ![change form](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/change_form_2-en.webp) -The drop-down menu allows you to select the target form. The comparison of current and new form +The dropdown menu lets you select the target form. The comparison of current and new form fields is shown in the lower section. - Fields **marked in green** have already been assigned to the new form -- Fields **marked in red** indicate fields that have not been assigned +- Fields **marked in red** indicate fields that haven't been assigned ### Relevant rights @@ -35,15 +35,14 @@ The following options are required to change forms. - Can change form for a password :::warning -Please note that information could be lost during this process! In the example, this +Information could be lost during this process. In the example, this applies to the fields "Website" and "Information". ::: - ## The effects of changes to forms on existing records -In general, changes to forms do not effect existing records. This means that a record that was -created with a certain form will not itself be changed after this form has been adapted/changed. It +In general, changes to forms don't effect existing records. This means that a record that was +created with a certain form won't itself be changed after this form has been adapted/changed. It remains in its original state. However, there are methods by which changes to forms could be adopted by existing records. There are two possibilities in this context: @@ -51,15 +50,15 @@ by existing records. There are two possibilities in this context: If you press the "Change form" button (as mentioned in the previous section), the already existing form will be used by default. If this form has been changed in the meantime, the new form field will -be directly shown and adopted after it is saved. +be directly shown and adopted after it's saved. ![New Form](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/change_form_3-en.webp) ### Apply form changes to passwords The setting "Apply form changes to passwords" makes it possible to force the change to the form to -be adopted. This becomes effective when editing the record! It is immaterial here whether changes -are being made to the record. Simply re-editing and saving the record will cause the adjustment to +be adopted. This becomes effective when editing the record. It's immaterial here whether changes +are being made to the record. Re-editing and saving the record will cause the adjustment to the form. ### The following permissions/configuration must exist @@ -70,7 +69,7 @@ the form. ## Conclusion -A common feature of both variants is that adjustments to forms cannot be automatically triggered. +A common feature of both variants is that adjustments to forms can't be automatically triggered. Already existing records are thus not automatically adjusted. The adjustment thus needs to be -carried out manually. In the first case, the manual step is to use the function "Change form". In -the second case, it is sufficient to simply edit and save the record. +performed manually. In the first case, the manual step is to use the function "Change form". In +the second case, it's sufficient to edit and save the record. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/forms.md index 9da29da663..6547eeb22c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/forms.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/forms/forms.md @@ -6,13 +6,13 @@ sidebar_position: 60 # Forms -## What are forms? +## Forms overview -When creating a new data record, it is always indispensable to query all relevant data for the +When creating a new data record, it's always indispensable to query all relevant data for the intended application. In this context, **Forms** represent templates for the information which have to be stored. The manageability of existing forms primarily ensures the completeness of the data -which have to be stored. Nevertheless, their use as an effective filter criterion is not to be -ignored! Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed +which have to be stored. Nevertheless, their use as an effective filter criterion isn't to be +ignored. Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed and maintained with the necessary care by the administration. ![form module](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_1-en.webp) @@ -29,7 +29,7 @@ The following options are required to add new forms. ## Standard forms Netwrix Password Secure is supplied with a series of standard forms – these should generally cover -all standard requirements. Naturally, it is still possible to adapt the standard forms to your +all standard requirements. it's still possible to adapt the standard forms to your individual requirements. ![forms](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) @@ -43,7 +43,7 @@ Both the field name and also the field type are visible. ## Creating new forms The wizard for creating new forms can be started via the ribbon, the keyboard shortcut "Ctrl + N" or -also the context menu that is accessed using the right mouse button. The same mechanisms can now be +also the context menu that's accessed using the right mouse button. The same mechanisms can now be used to create new form fields within the wizard. Depending on the selected field type, other options are available in the **field settings** section. This will be clearly explained below using the example of the field type "Password". The sequence in which form fields are requested when @@ -53,24 +53,23 @@ relevant buttons in the ribbon. ![Creating new forms](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_3-en.webp) The following field settings thus appear for the field type "Password": "Mandatory field, reveal -only with reason, check only generated passwords and password policy". These can now be defined as -desired. (**Note**: It is possible to select +only with reason, check only generated passwords, and password policy". These can now be defined as +desired. (**Note**: It's possible to select [Password rules](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md) -within the field settings; they are defined as part of the options in the main menu) +within the field settings; they're defined as part of the options in the main menu) :::warning If a form has been created, it can then be selected for use when creating new records. The prerequisite is that the logged-in user has at least read rights to the form. ::: - ## Permissions for forms In the same way as for other objects (records, roles, documents,…), permissions can also be granted for forms. On the one hand, this ensures that not everyone can edit existing forms, while on the -other hand, it allows you to make forms available to selective groups. This ensures that clarity is -maintained and that users are not confronted with information that is irrelevant to them. The form -"Credit cards" may be relevant within the accounting department but administrators do not generally +other hand, it lets you make forms available to selective groups. This ensures that clarity is +maintained and that users aren't confronted with information that's irrelevant to them. The form +"Credit cards" may be relevant within the accounting department but administrators don't generally need to use it. ## Configuring the info field @@ -81,16 +80,15 @@ The name of the form is displayed in between in a blue font. ![Configuring the info field](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_4-en.webp) -The name of the record (192.168.150.236) and the form (password) cannot be adjusted – these are -always displayed. The user (Administrator) that is still saved for the record is currently -displayed. This can be configured in the info field for the form. It is thus possible to separately +The name of the record (192.168.150.236) and the form (password) can't be adjusted – these are +always displayed. The user (Administrator) that's still saved for the record is displayed. This can be configured in the info field for the form. It's thus possible to separately define for each form what information for a record can be directly seen in list view. In the form module, the info field is configured by opening the form which has to be edited in editing mode by double clicking on it and then pressing the \*Configure info field” button in the ribbon. ![Configuring the info field](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_5-en.webp) -This will open a separate tab that enables you to design the info section via drag & drop. The +This will open a separate tab where you can design the info section via drag & drop. The fields that are available on the right can be "dragged" onto the configuration window on the left. In the following example, "Start RDP session2 will be made visible in the info section, whereby only the word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the @@ -98,15 +96,14 @@ top section. ![preview form](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_6-en.webp) -The info field for the form is now updated. It is now possible to start the RDP session directly in +The info field for the form is now updated. It's now possible to start the RDP session directly in the RDP session. ![updated form](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) -NOTE: The **forms module** is based on the -[Web Application](/docs/passwordsecure/9.1/configuration/webapplication/web_application.md) -module of the same name. Both modules have a different scope and design but are almost identical to -use. +:::note +The **forms module** is based on the [Web Application](/docs/passwordsecure/9.1/configuration/webapplication/web_application.md) module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## Standard form @@ -119,3 +116,4 @@ There are two possible ways to define a standard form. ### Via the form selection ![default form](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/forms/forms_9-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/logbook.md index bd0a52c7b2..a888609620 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/logbook.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/logbook.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Logbook -## What is a logbook? +## Logbook overview Netwrix Password Secure logs all user interactions. These entries can be viewed and filtered via the logbook. The logbook records which user has made exactly what changes. This module is @@ -25,7 +25,7 @@ The following options are required: ## Use of the filter in the logbook -You can also use the filter in the logbook. This enables you to limit the number of displayed +You can also use the filter in the logbook. This lets you limit the number of displayed elements based on the defined criteria. In the following example, the user is searching for logbook entries relating to the object type “Password” that also match the event criteria "Change". In short: The entries are being filtered based on changes to passwords. @@ -36,7 +36,7 @@ short: The entries are being filtered based on changes to passwords. This list can also be grouped together by dragging and dropping column headers – see the following grouping of the columns for **computer user**. The filtered results now show all changes to -passwords carried out by the computer user "administrator". +passwords performed by the computer user "administrator". ![Logbook entries](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/logbook/logbook_3-en.webp) @@ -44,15 +44,16 @@ passwords carried out by the computer user "administrator". In Netwrix Password Secure, an uncompromising method is used when handling the logbook: Every change of state is recorded and saved in the MSSQL database. There are no plans to allow triggers for -logbook entries to be selectively defined. It is only by using this process that changes are +logbook entries to be selectively defined. It's only by using this process that changes are completed in a traceable and audit-proof manner to prevent falsification. -NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the -Server Manager. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md). +:::note +If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section [Managing databases](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md). +::: ## Transferring to a Syslog server The logbook can also be completely transferred to a [Syslog](/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/syslog.md) server. Further information on this subject can be found in the section Syslog. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/notifications.md index ee1fc61ca4..207c512fc0 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/notifications.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/notifications.md @@ -6,11 +6,11 @@ sidebar_position: 30 # Notifications -## What are notifications? +## Notifications overview -With the notification system, you are always up-to-date on all events that you consider important. -Almost all modules allow users to configure notifications. All configured messages are only created -for the currently registered Netwrix Password Secure user. It is not possible to create a +With the notification system, you're always up-to-date on all events that you consider important. +Almost all modules let users configure notifications. All configured messages are only created +for the registered Netwrix Password Secure user. It isn't possible to create a notification for another user. Each user can and should define himself which passwords, which triggers as well as changes are important and informative for him. The configuration of visibility is explained in a similar way to the other modules in one place @@ -18,28 +18,29 @@ is explained in a similar way to the other modules in one place ![Notifications modul](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) -NOTE: The reading pane is deactivated in this module by default. It can be activated in the -"Display" tab in the ribbon. +:::note +The reading pane is deactivated in this module by default. It can be activated in the "Display" tab in the ribbon. +::: ## Module-specific ribbon functions There are also some ribbon functionalities that are exclusively available for the notification -module. In particular, the function **Forward important notifications to email addresses** enables -administrators and users to maintain control and transparency independent of the location. +module. In particular, the function **Forward important notifications to email addresses** lets +administrators and users maintain control and transparency independent of the location. ![Ribbon notifications](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/notifications/notifications_2-en.webp) ### Mark notifications as read -The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +The two buttons on the ribbon let you mark notifications as read/unread. In particular, the filter criterion available in this context (see following screenshot) enables fast sorting according to current and also historical notifications. ![filter notifications](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) -It is possible to mark the notifications as read/unread via the ribbon and also via the context menu -that is accessed using the right mouse button. If the corresponding setting has been activated, -opening a notification will also mean that it is marked as read. +It's possible to mark the notifications as read/unread via the ribbon and also via the context menu +that's accessed using the right mouse button. If the corresponding setting has been activated, +opening a notification will also mean that it's marked as read. ## Manual configuration of notifications @@ -54,13 +55,13 @@ following dialogue can be opened via the ribbon in the "Actions" tab: - **Event type**: The event type for the generated notifications can be either "Info", "Warning" or "Error". This information can also be used e.g. as an additional filter criterion. -In contrast to previous editions, it is best to configure the notifications manually. This ensures +In contrast to previous editions, it's best to configure the notifications manually. This ensures that a notification is really only triggered for relevant events. ## Other triggers for notifications As well as manually configurable notifications, there are other triggers in Netwrix Password Secure -which will result in notifications. +that result in notifications. - [Seals](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests to release sealed records are handled via the notification system @@ -76,3 +77,4 @@ which will result in notifications. If desired, notifications can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section [Managing databases](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md). + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md index f4263843a1..0e4f527ba5 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Active Directory link -## What are active directory profiles? +## Active directory profiles overview The connection to Active Directory (AD) is established via so-called AD profiles. These profiles contain all of the information relevant for establishing a connection to AD and enable -imports/synchronization of users, organisational units or roles. To connect to various different -ADs, it is naturally also possible to create multiple AD profiles. +imports/synchronization of users, organisational units, or roles. To connect to various different +ADs, it's also possible to create multiple AD profiles. ## Two import modes in comparison @@ -23,15 +23,16 @@ differ significantly and are explained in separate sections. In principle, the two variants differ by the presence of the encryption mentioned above. In the solution with active end-to-end encryption (**E2EE**), the process may be less convenient (see -table) but there is a huge benefit in terms of security. In Master Key mode, a master key is created -on the server that has full permissions for all users, organisational units and roles. This -represents an additional attack vector, which does not exist in end-to-end mode. In return, however, +table) but there's a huge benefit in terms of security. In Master Key mode, a master key is created +on the server that has full permissions for all users, organisational units, and roles. This +represents an additional attack vector, which doesn't exist in end-to-end mode. In return, however, in Master Key mode, users can be updated via synchronization with the Active Directory. Memberships of organisational units and roles are also imported. In the more secure end-to-end mode, this -synchronization of the changes must be carried out manually. +synchronization of the changes must be performed manually. -NOTE: It is technically possible to create several profiles with different modes. However, this is -not recommended for the sake of clarity. +:::note +It's technically possible to create several profiles with different modes. However, this isn't recommended for the sake of clarity. +::: | Comparison of the modes | End-to-end mode | Master key mode | | ---------------------------------------------------------- | --------------- | --------------- | @@ -46,7 +47,7 @@ not recommended for the sake of clarity. | Organization unit can be edited in Netwrix Password Secure | + | - | | Roles can be edited in Netwrix Password Secure | + | - | | Password can be edited in Netwrix Password Secure | + | - | -| Login with domain password | - | + | +| Log in with domain password | - | + | | Netwrix Password Secure is the leading system | + | - | | Active Directory is the leading system | - | + | | Autologin | + | + | @@ -54,10 +55,10 @@ not recommended for the sake of clarity. As can be seen **E2EE offers the highest level of security**. The aim is merely to import users, organisational units and roles. Those must be administered and configured in Netwrix Password Secure. In contrast, a connection in **Master Key mode offers the highest level of convenience**. It -imports not only users, organisational units and roles but also their links and assignments. +imports not only users, organisational units and roles but also their links, and assignments. Synchronization with Active Directory is possible – **The AD is used as the leading system**. -## Users, groups and roles +## Users, groups, and roles When importing or synchronizing from Active Directory, users are also added as users in Netwrix Password Secure. Netwrix Password Secure also uses the organisational units as such. @@ -66,13 +67,14 @@ In order for Netwrix Password Secure to be quickly integrated into the given inf can also be directly imported from the Active Directory. Namely Active Directory Groups are used to password-safe roles. -NOTE: Groups in groups Memberships, which may be present in the Active Directory, will not be -displayed within Netwrix Password Secure. Both groups are imported as roles, but independent and not -linked in any way. +:::note +Groups in groups Memberships, which may be present in the Active Directory, won't be displayed within Netwrix Password Secure. Both groups are imported as roles, but independent, and not linked in any way. +::: :::warning If Master Key mode has been selected for the Active Directory profile, the AD is the -leading system. In this mode, roles that have been imported cannot be changed locally in Netwrix +leading system. In this mode, roles that have been imported can't be changed locally in Netwrix Password Secure. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index e475cf2b86..3d765c8bce 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -9,14 +9,14 @@ sidebar_position: 10 ## Maximum encryption [Active Directory link](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) -with active end-to-end encryption currently offers **maximum security**. Only users, organisational +with active end-to-end encryption offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is “defused” as a possible insecure gateway. In Master Key mode, users who control Active Directory receive de facto complete access to -all passwords because resetting a Windows user name enables users to log in under another person’s +all passwords because resetting a Windows user name lets users log in under another person’s name. Active Directory is thus the leading system. **Using an active E2EE connection, users require -their own password for Netwrix Password Secure**. There is thus no access to users’ data via Active +their own password for Netwrix Password Secure**. There's thus no access to users’ data via Active Directory. ## Relevant rights @@ -35,15 +35,17 @@ The process for creating a new profile is started via the icon "manage profiles" ![New AD profile](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_1-en.webp) -NOTE: "End-to-end" needs to be set in the "Encryption" field +:::note +"End-to-end" needs to be set in the "Encryption" field +::: A **user** is required to access the AD. The user should be formatted as follows: Domain\user. It must have access to the AD. - The relevant **user password** (domain password) is required for the user mentioned above - **Direct search** is recommended for very large domain trees. The representation of the tree - structure is omitted, elements can only be found and selected via the search. -- The **filter** can be used to directly specify an AD path as an entry point via an LDAP query. + structure is omitted, elements can only be found, and selected via the search. +- The **filter** lets you directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration – can be selected for the connection of the AD to Netwrix Password Secure: - Secure @@ -73,16 +75,16 @@ organisational units and/or users for the import. A search is available for this ![Import wizard/AD objects](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_4-en.webp) It can be seen that the organisational units **Jupiter** and **Contoso** contain items to be -imported. The organisational units themselves will not be imported. The check next to the group +imported. The organisational units themselves won't be imported. The check next to the group **Accounting** indicates that the group itself will be imported along with some of its sub-elements. There are different symbols which indicate the elements to be imported. - The element itself and all possible sub-elements will be imported - The element itself and some of its sub-elements will be imported -- The element will not be imported; however, it contains elements that will be imported +- The element won't be imported; however, it contains elements that will be imported -A context menu that is accessed using the right mouse button is available within the list that +A context menu that's accessed using the right mouse button is available within the list that provides helpful functions for selecting the individual elements. ![context menu](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) @@ -91,13 +93,14 @@ provides helpful functions for selecting the individual elements. - Deselect sub-objects removes tags from all sub-objects that are located directly below the current object - Reset all items removes all previously set tags -- Display element details lists all information that is available for the current element +- Display element details lists all information that's available for the current element In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. -NOTE: If individual users, organisational units, or roles cannot be selected for import, they have -already been imported via another profile +:::note +If individual users, organisational units, or roles can't be selected for import, they have already been imported via another profile +::: ## Summary @@ -108,20 +111,21 @@ element is imported. The number of objects is added together at the bottom. ![Import wizard/Summary](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) -NOTE: Depending on the amount of data, it may take several minutes to create the summary. +:::note +Depending on the amount of data, it may take several minutes to create the summary. +::: ## Importing -The import itself is carried out by the server in the background. The individual elements then +The import itself is performed by the server in the background. The individual elements then appear in the list one by one. This may take some time, depending on the amount of import data. If -the import is terminated, you will receive a confirmation. +the import is terminated, you'll receive a confirmation. ![confirmation](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) -NOTE: As end-to-end encryption is retained in this mode, the server does not receive a key to match -already imported users with the AD. There is thus no synchronization with the AD. Similarly, no -memberships can be imported. After the import, users must be manually assigned to the appropriate -organisational units and roles. +:::note +As end-to-end encryption is retained in this mode, the server doesn't receive a key to match already imported users with the AD. There's thus no synchronization with the AD. Similarly, no memberships can be imported. After the import, users must be manually assigned to the appropriate organisational units and roles. +::: ## Imported users and organisational units @@ -151,11 +155,14 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | None | None | None | -NOTE: In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +:::note +In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +::: ## Logging into Netwrix Password Secure -Users imported in this mode can not login with the domain password. Rather, a password is generated -during import. This password is sent to the users by e-mail. If a user has not entered an e-mail +Users imported in this mode can't log in with the domain password. Rather, a password is generated +during import. This password is sent to the users by e-mail. If a user hasn't entered an e-mail address, the user name is entered as the password. The initial password can be changed by the administrator or the user himself at the first login. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index 5eafd11a84..29012c67d1 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -11,7 +11,7 @@ sidebar_position: 20 In contrast to [End-to-end encryption](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on security, Masterkey mode provides the maximum level of convenience. -It not only imports users, organisational units and roles but also their links and affiliations. It +It not only imports users, organisational units and roles but also their links, and affiliations. It can be synchronized to update the information and affiliations. **In this scenario, Active Directory is used as a leading system**. @@ -37,7 +37,9 @@ The following information must be provided in the profile: - An optional **description** - Masterkey mode is selected for the **encryption** -NOTE: In the case of already created profiles, the encryption can no longer be changed. +:::note +In the case of already created profiles, the encryption can no longer be changed. +::: - The **domain** field is used to define which domain is to be read. The value entered here will also be used for authentication if no alternative spellings have been saved under **Other domain @@ -51,13 +53,13 @@ NOTE: In the case of already created profiles, the encryption can no longer be c elements can then only be found and selected via the search. - By activating the checkbox **Restrict user import to role members only**, a simplified mode is activated. In this mode, only AD users who are members of at least one role are imported. As soon - as they are no longer a member of at least one role, they are deleted from Netwrix Password + as they're no longer a member of at least one role, they're deleted from Netwrix Password Secure. - By activating the checkbox **Force update on next synchronization**, **ALL** records will be updated on the next synchronization, regardless of whether the record has changed in the Active Directory or not. (This checkbox is automatically activated when you have edited the other responsible users and is deactivated again after the next synchronization). -- The **LDAP filter** can be used to directly specify an AD path as an entry point via an LDAP +- The **LDAP filter** lets you directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration (**Flags**) – can be selected for the connection of the AD to Netwrix Password Secure: @@ -67,26 +69,27 @@ NOTE: In the case of already created profiles, the encryption can no longer be c - Signing - Sealing -NOTE: The first two options are already activated by default when configuring a new profile. If a -connection is not possible, deactivate SecureSocketsLayer and try again. +:::note +The first two options are already activated by default when configuring a new profile. If a connection isn't possible, deactivate SecureSocketsLayer, and try again. +::: -- **Other responsible users or roles** can be used to define who is permitted to carry out the +- **Other responsible users or roles** lets you define who's permitted to carry out the synchronization with the AD. -- The option **Other domain names** can be used to save alternative spellings of the login domain. +- The option **Other domain names** lets you save alternative spellings of the login domain. These must correspond to the spelling entered in the login window. For example, if a connection is being established to the domain **jupiter.local** or an IP address, the login can only be carried out with **jupiter\user** if **jupiter** has been saved here. :::warning -The master key is added in form of a certificate. It is **essential to back up** the -generated certificate! If the database is being moved to another server, the certificate also needs -to be transferred! Further information can be found in the section +The master key is added in form of a certificate. It's **essential to back up** the +generated certificate. If the database is being moved to another server, the certificate also needs +to be transferred. Further information can be found in the section [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md). ::: - -NOTE: You can now use the option to integrate a RADIUS server. Read more in -[RADIUS authentication](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +:::note +You can now use the option to integrate a RADIUS server. See [RADIUS authentication](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +::: ## Import @@ -104,13 +107,13 @@ the database yet, as in this example, the data is imported into the **main organ ### Active Directory objects -In the next step, select the profile you will use to import the data. Then, select organisational +In the next step, select the profile you'll use to import the data. Then, select organisational units and/or users for the import. A search is available for this purpose. ![import wizard / AD objects](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_4-en.webp) As you can see, the organisational units **Jupiter** and **Contoso** contain items to be imported. -The organisational units themselves will not be imported. The group **1099 Contractor** is imported +The organisational units themselves won't be imported. The group **1099 Contractor** is imported including all sub-elements. The check next to the group **Accounting** indicates that the group itself will be imported along with some of its sub-elements. The ticks in the last column ensure that the elements are observed in future synchronization sequences. @@ -118,7 +121,7 @@ that the elements are observed in future synchronization sequences. There are different symbols which indicate the elements to be imported. The element itself and all possible sub-elements will be imported The element itself and some of its -sub-elements will be imported The element will not be imported; however, it contains elements that +sub-elements will be imported The element won't be imported; however, it contains elements that will be imported Right-clicking in the list will launch a context menu. It provides helpful functions for the @@ -126,8 +129,9 @@ selection of the individual elements. ![select subjects](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) -NOTE: If individual users cannot be selected for import, they have already been imported via an -end-to-end encrypted profile. +:::note +If individual users can't be selected for import, they have already been imported via an end-to-end encrypted profile. +::: In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. @@ -151,8 +155,8 @@ this is symbolized by a hint. ## Imported users and organisational units -The users and organisational units imported in Masterkey mode cannot be edited in Netwrix Password -Secure. Therefore, any changes must be made in AD and synchronized. AD thus becomes the leading +The users and organisational units imported in Masterkey mode can't be edited in Netwrix Password +Secure. Therefore, any changes must be made in AD, and synchronized. AD thus becomes the leading system. Affiliations to roles are also synchronized and must be set in the AD. In organisational units or roles created in Netwrix Password Secure, the users can be included directly in Netwrix Password Secure. @@ -179,53 +183,54 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | All with the "authorize" right | None | All with the "authorize" right | -NOTE: If a user is imported, he will be given those roles that he also had in AD insofar as these -roles already exist in Netwrix Password Secure or have also been imported. +:::note +If a user is imported, he will be given those roles that he also had in AD insofar as these roles already exist in Netwrix Password Secure or have also been imported. +::: ## Logging into Netwrix Password Secure -Users who are imported using this mode can log in with the domain password. Please note that no +Users who are imported using this mode can log in with the domain password. No domain needs to be specified when logging in. Of course, the login process can also be supplemented with [Multifactor Authentication](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). -NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server -is accessible, the users in the domain authenticate themselves via Kerberos using their domain -password. If the logon via Kerberos does not work – e.g. due to incorrect configuration of the -domain controller – the logon via the NTLM protocol is attempted. However, these are all settings -that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. +:::note +Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain password. If the logon via Kerberos doesn't work – e.g. due to incorrect configuration of the domain controller – the logon via the NTLM protocol is attempted. However, these are all settings that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. +::: :::warning -Logging on to Netwrix Password Secure using SSO via Kerberos is currently not possible. +Logging on to Netwrix Password Secure using SSO via Kerberos isn't possible. ::: - ## Permissions to imported objects The rights to be issued to imported users are explained in the following example: ![Permission MKM User](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode_7-en.webp) -1. In Master Key mode, **all** users will be issued with the **read** right. -2. The **responsible user** will be issued with all rights and the key. This ensures that he can +1. In Master Key mode, **all** users are issued with the **read** right. +2. The **responsible user** is issued with all rights and the key. This ensures that he can also synchronize or change the user in the future 3. **Other responsible users** are issued with the same rights as the **responsible user** 4. The **Master Key** for the **Active Directory** profile will also be issued with all rights and - keys as it will be used for the synchronization -5. Finally, users will be issued with the rights for themselves + keys as it'll be used for the synchronization +5. Finally, users are issued with the rights for themselves -NOTE: All users and roles issued with **rights** to the imported object also receive its rights key. +:::note +All users and roles issued with **rights** to the imported object also receive its rights key. +::: ## Synchronization -During synchronization, all relevant information for users, organisational units and roles (names, +During synchronization, all relevant information for users, organisational units, and roles (names, email, etc.) is updated. Changed affiliations for roles are adjusted. Likewise, users are activated or deactivated according to the settings in the AD. If the membership of organisational units is to be changed, this can be done by **Drag & Drop**. New users and correspondingly defined roles are imported. -NOTE: If the tick was not set in the Synchronization column when a user is imported, no changes are -made. +:::note +If the tick wasn't set in the Synchronization column when a user is imported, no changes are made. +::: ### Manual synchronization @@ -238,19 +243,20 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks -The synchronization can also be carried out automatically. This is made possible via the +The synchronization can also be performed automatically. This is made possible via the [System tasks](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users -If a user is deleted in Active Directory, it is also deleted in Netwrix Password Secure during the -next synchronization. For this purpose, it is necessary for the user to be imported as a +If a user is deleted in Active Directory, it's also deleted in Netwrix Password Secure during the +next synchronization. For this purpose, it's necessary for the user to be imported as a **synchronizable** user. If the user is only deleted from Netwrix Password Secure but retained in Active Directory, a -synchronization needs to be carried out to delete it from the database. For this purpose, the wizard -is called up via **import**. The first step is to select an organisational unit. This has no effect +synchronization needs to be performed to delete it from the database. For this purpose, the wizard +opens via **import**. The first step is to select an organisational unit. This has no effect when simply deleting a user. The second step is to search for the user. Both ticks are removed. After checking the summary, the process is concluded. The synchronization is completed and the user is deleted from the database. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md index 5c49fa2c73..01d2bc0ab1 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 30 # RADIUS authentication -## What is the RADIUS authentication? +## RADIUS authentication overview RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol used primarily for authentication and authorization of users during dial-up connections in corporate networks. Netwrix diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md index 3615fc30a4..a4d7b899f3 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Directory services -It is possible to use existing user and group structures from external directories with Netwrix +It's possible to use existing user and group structures from external directories with Netwrix Password Secure. Choose your preferred integration method: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md index 3043fdd4e0..11ce54eff6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -13,14 +13,14 @@ from multiple Entra IDs, you can create multiple profiles. ## Introduction -## Why Entra ID? +## Benefits of Entra ID More and more companies use cloud services. Therefore, also the management of users is outsourced. Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password Secure integrates the possibility to bring in users and roles from Azure. To use users and roles from multiple Entra IDs, you can create multiple profiles. -Remember, In order to use Azure login with the windows application, +Remember, To use Azure log in with the windows application, [WebView2](https://developer.microsoft.com/de-de/microsoft-edge/webview2/) from Microsoft must be installed on the client device. @@ -28,19 +28,19 @@ installed on the client device. The connection to the Entra ID differs in one special point from the connection to a conventional Active Directory. While Netwrix Password Secure queries the users, groups, and roles actively from -the conventional AD, the Entra ID is pushing them automatically to our server. For this a so-called +the conventional AD, the Entra ID pushes them automatically to the server. For this a so-called [SCIM service](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) is used. -To login to Netwrix Password Secure, after entering the username a popup opens for the +To log in to Netwrix Password Secure, after entering the username a popup opens for the authentication with the entered Microsoft account. Here, a possible configured second factor is also requested. The authentication is handled via the [Open ID Connect protocol](https://openid.net/connect/). ### Linking Entra ID -Below you will find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure +Below you'll find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure portal, go to the management page of your Microsoft Entra ID. Use an account with administrative -permissions for this. During this, login to Netwrix Password Secure with an account that has the +permissions for this. During this, log in to Netwrix Password Secure with an account that has the user right "Display organisational structure module", "Can manage Entra ID profiles", and "Can create new Entra ID profiles" enabled. @@ -48,45 +48,44 @@ create new Entra ID profiles" enabled. ### New enterprise application -Login to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of +Log in to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of your Microsoft Entra ID. **NOTE: You need an account with administrative permissions** - Write down your "Tenant ID" shown in the Azure console or by using PowerShell: - ``` Connect-AzureAD ``` - Navigate in your Entra ID to "Enterprise applications" -- Add an own application, that is not listed in the Azure Gallery – in our example, we name it +- Add an own application, that isn't listed in the Azure Gallery – in this example, the application is named "Netwrix Password Secure" -NOTE: A key feature of Netwrix Password Secure is, that it is self-hosted by our customers. However, -to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure is not -available in the Azure Gallery. +:::note +A key feature of Netwrix Password Secure is, that it's self-hosted by customers. However, to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure isn't available in the Azure Gallery. +::: -- When the application was created successfully, you are redirected to it automatically +- When the application was created successfully, you're redirected to it automatically - Write down the "Application ID" - In the navigation, click "Users and groups" - Add the Users and groups that should be available to Netwrix Password Secure :::warning The import of Azure groups as Netwrix Password Secure roles is only possible if you -have booked the Azure package Entra ID Premium P1! +have booked the Azure package Entra ID Premium P1. ::: - - Navigate to the "Provisioning" page - Configure the Provisioning Mode to "Automatic" ### Netwrix Password Secure Entra ID configuration -NOTE: Your Netwrix Password Secure user need the following permissions: - +:::note +Your Netwrix Password Secure user need the following permissions: +::: ``` - Display organisational structure module @@ -96,7 +95,7 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ``` - Navigate to the module "Organisational structure" -- In the toolbar, click on "Manage profiles" in the category "Entra ID" +- In the toolbar, click "Manage profiles" in the category "Entra ID" - Create the profile with your information - Insert the `Tenant ID` and the `Application ID` - As soon as the profile has been saved, a popup opens for generating a token @@ -106,22 +105,22 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ### Azure provisioning configuration Fill the fields "Tenant URL" and "Secret Token" with the information provided by Netwrix Password -Secure Click "Test Connection" When the test has been successful, click on "Save" at the top of the +Secure Click "Test Connection" When the test has been successful, click "Save" at the top of the page Back on the "Provisioning" page, click "Start provisioning" In the settings of the provisioning, check if "Provisioning Status" is set to "On" All allocated users and groups are created in Netwrix Password Secure now -NOTE: Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and -roles are shown in Netwrix Password Secure. +:::note +Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and roles are shown in Netwrix Password Secure. +::: :::warning -Please note that Azure establishes the connection to Netwrix Password Secure. For this, +Azure establishes the connection to Netwrix Password Secure. For this, the client URL must be accessible from an external network / provisioning agent and any used SSL -certificate must be valid! If the users are not created in Netwrix Password Secure, consult the -Azure Enterprise Application Provisioning log for more information. +certificate must be valid! If the users aren't created in Netwrix Password Secure, consult the +Azure Enterprise Application Provisioning log for details. ::: - ### Azure login configuration To enable the Azure login for your users, a few more steps are required: @@ -129,8 +128,8 @@ To enable the Azure login for your users, a few more steps are required: - Navigate to the Overview page of your Entra ID - Navigate to "App registrations" - If no application is displayed, click "All applications" -- Click on "Netwrix Netwrix Password Secure" and navigate to "Authentication" -- Click on "Add a platform", select "Web" and configure the required URIs: +- Click "Netwrix Password Secure" and navigate to "Authentication" +- Click "Add a platform", select "Web" and configure the required URIs: | Client | URI | | ------------------------ | ------------------------------------------------------------------------- | @@ -142,7 +141,7 @@ To enable the Azure login for your users, a few more steps are required: ![web_configuration_entra_id](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/web_configuration_entra_id.webp) -Click on "Add a platform", select "Mobile & desktop applications" and configure the required +Click "Add a platform", select "Mobile & desktop applications" and configure the required mobile-app URI: | Client | URI | @@ -153,7 +152,7 @@ mobile-app URI: #### Create client secret -Navigate to your Netwrix Netwrix Password Secure App registration -> Certificates & secrets -> +Navigate to your Netwrix Password Secure App registration -> Certificates & secrets -> Client secret Create a client secret: @@ -166,11 +165,12 @@ Copy it over to the Netwrix Password Secure Entra ID profile: #### Set API permissions -Finally, the API permissions for the Azure API have to be set, so the login to can be performed +Finally, the API permissions for the Azure API have to be set, so the log in to can be performed successfully. 1. Navigate to "API permissions" and click "Add a permission" 2. Select "Microsoft Graph" and then "Delegated permissions" 3. Set the checkboxes for "openid" and "profile" just under "OpenId permissions" -4. Click on "Add permissions" -5. Click on "Grant admin consent for YOUR_AD_NAME" +4. Click "Add permissions" +5. Click "Grant admin consent for YOUR_AD_NAME" + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md index 8825ca490e..9d4e866063 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -6,25 +6,25 @@ sidebar_position: 10 # Microsoft Entra ID Services FAQ -## Is it possible to migrate from LDAP to Entra ID? +## Migrating from LDAP to Entra ID -Currently, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is -not possible! +an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is +not possible. -## Which port is used for the SCIM endpoint for provisioning users/groups from Entra ID to the Application Server? +## SCIM endpoint port for Entra ID provisioning 11015 is the port that will be used for the communication from Entra ID to Netwrix Password Secure. -## Does the Entra ID connection support nested groups? +## Entra ID nested group support -Due to Azure based technical limitations, Netwrix Password Secure does not support nested groups. +Due to Azure based technical limitations, Netwrix Password Secure doesn't support nested groups. -## Does Entra ID work on servers that are only available internally? +## Entra ID on internally available servers -An integration on servers, that are not accessible from external sources, the integration of Entra +An integration on servers, that aren't accessible from external sources, the integration of Entra ID is also possible. For this, you can use the [Entra ID on-premises application provisioning to SCIM-enabled apps](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning). -This can be installed on all or only one application server. It must be noted that the IP or DNS +This can be installed on all or only one application server. The IP or DNS name of the "Tenent URL" specified in the subsequently created enterprise application is present in the alternative application names in the server certificate. Tip: `https://127.0.0.1:11015/scim` can also be specified as the "Tenent URL", in which case 127.0.0.1 must again be present in the @@ -52,6 +52,6 @@ alternative application names in the server certificate. - Click "Get started" - Set provisioning mode "Automatic" - Unhide "On-Premises Connectivity" -- Assign the just installed agent to this application by selecting it and click "Assign Agent(s)" +- Assign the just installed agent to this application by selecting it and click "Assign Agents" - It takes about 20 minutes until the agent is correctly connected to your application and you can proceed. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index b179acfbee..2a643e0297 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -6,9 +6,9 @@ sidebar_position: 40 # First factor -## What is meant by first factor? +## First factor overview -It is a process that regulates access to our system. +It's a process that regulates access to the system. ## Requirements @@ -25,7 +25,9 @@ The configuration is done via the user setting **First factor**. ![Smartcard 1st factor](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_2-en.webp) -NOTE: This option is only valid for users in master key mode +:::note +This option is only valid for users in master key mode +::: :::warning Be Aware" The smartcard logon tries to determine whether the certificate belongs to the @@ -33,20 +35,19 @@ user to be logged on based on the applicant in the smartcard certificate. This i the default regex `^{username}[.@\\/-_:]({domain})$` or `^({domain})[.@\\/-_:]({username})$` is applied to the applicant. In this case, `{username}` is replaced with the user to be registered and `{domain}` is replaced with the domain in the AD profile in the regex and if the regex query is -positive, the user is registered. If the format of your applicant in your certificates is not +positive, the user is registered. If the format of your applicant in your certificates isn't compatible with these two regex queries, you must set a custom regex query in the Server Manager. -Please note that `{username}` for username and `{domain}` for the AD domain SHOULD be present in the +`{username}` for username and `{domain}` for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters. ::: - -In addition, the smartcard certificate must of course also be valid on the server! +In addition, the smartcard certificate must also be valid on the server. ## Fido2 (only at the Web Application) ## Requirement -For Fido2 it is mandatory that +For Fido2 it's mandatory that SMTP ([Advanced settings](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/advanced_settings.md)) is configured. In addition, an e-mail address must be stored for the AD users. @@ -65,3 +66,4 @@ As soon as an AD user logs on to the Web Application, he gets the following prom ![prompt](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_5-en.webp) After clicking on **Setup Fido2 access** in the mail, Fido2 is configured. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md index bfed323abe..f08b9ba11c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Managing users -## How are users managed in Netwrix Password Secure? +## User management in Netwrix Password Secure The way in which users are managed is highly dependent on whether Active Directory is connected or not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then @@ -25,14 +25,14 @@ The following options are required to add local users. ## Adding local users In general, new users are added in the same way as creating a local organisational unit. Therefore, -only the differences will be covered below. +only the differences are covered in the following section. ### Creating users ![create user](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/create-user-wc.webp) -- **Allocated roles**: New users can directly be allocated one or more rolls when they are created -- **Change password on next login**: The user will be requested to change their user password on the +- **Allocated roles**: New users can directly be allocated one or more rolls when they're created +- **Change password on next login**: The user is requested to change their user password on the next login (obligatory) - **Account is deactivated**: The user is created with the status "deactivated". The account is thus not useable. The write rights for a user can be set/removed with this option. In editing mode, the @@ -41,17 +41,17 @@ only the differences will be covered below. checking the integrity and hierarchies of various pieces of information with one another but are not required to productively work with the information themselves. This could be a data protection officer or also an administrator in some cases. This would be the case if an administrator was - responsible for issuing permissions to other people but should not be able to view the data + responsible for issuing permissions to other people but shouldn't be able to view the data themselves. The property **restricted user** is used to limit the visibility of the password field. It thus deals with purely administrative users or controlling entities. -**NOTE: Restricted users cannot view any passwords** +**NOTE: Restricted users can't view any passwords** ### Configuring rights -The second tab of the wizard allows you to define the permissions for the newly created user. If an +The second tab of the wizard lets you define the permissions for the newly created user. If an allocated organisational unit or a rights template group was defined in the first tab, the new user -will inherit its permissions. Here, these permissions can be adapted if desired. +inherits those permissions. Here, these permissions can be adapted if desired. ### Configuring user rights @@ -61,29 +61,30 @@ globally defined user rights. ## Importing users -Importing from Active Directory can be carried out in two ways that are described in a separate +Importing from Active Directory can be performed in two ways that are described in a separate section. ## User licenses There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all -other editions you can only purchase Advanced view licenses. Please note that licensed Basic view -users are not able to use the Advanced view. However, Advanced view Users can also switch to the +other editions you can only purchase Advanced view licenses. Licensed Basic view +users can't use the Advanced view. However, Advanced view Users can also switch to the Basic view. :::warning -For licensing reasons, it is not intended to switch from a Advanced view user to a -Basic view user! +For licensing reasons, it isn't intended to switch from a Advanced view user to a +Basic view user. ::: +The sales team will be happy to answer any questions you may have about licensing. -Our sales team will be happy to answer any questions you may have about licensing. - -Display data to which the user is authorized In order to display the data to which a user is -authorized, you must right-click on the corresponding user in the organisational structure. In the -context menu that opens, you will find the following options under **displaying data records**: +Display data to which the user is authorized To display the data to which a user is +authorized, you must right-click the corresponding user in the organisational structure. In the +context menu that opens, you'll find the following options under **displaying data records**: Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates -NOTE: All authorizations for a data record are taken into account, regardless of whether you are -authorized by a role or the user. +:::note +All authorizations for a data record are taken into account, regardless of whether you're authorized by a role or the user. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index 155d0232a2..cca4221c3e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -8,49 +8,48 @@ sidebar_position: 10 ## User passwords -Depending on the type of user, they will either be allocated their password in Netwrix Password -Secure or the login will be carried out using access data for the domain. How the user logs in also +Depending on the type of user, they are either allocated their password in Netwrix Password +Secure or the login will be performed using access data for the domain. How the user logs in also differs according to the type of user. ### Differences between users and passwords - **Local users** Local users are those users that were directly created in Netwrix Password Secure. - These users must be directly assigned a password when they are created. If local users are - migrated from older versions, they receive a randomly generated password that is sent to them via + These users must be directly assigned a password when they're created. If local users are + migrated from older versions, they receive a randomly generated password that's sent to them via email. - **AD users in end-to-end mode** These users must also be assigned a password in Netwrix Password - Secure. A new password will also be issued via email for these users in the case of a possible + Secure. A new password is also issued via email for these users in the case of a possible migration. -- **AD users in Master Key mode** These users log in directly with access data for the domain. It is +- **AD users in Master Key mode** These users log in directly with access data for the domain. It's thus not necessary to assign them a password. As these users directly authenticate themselves via - Active Directory, the currently saved password in Active Directory is thus always valid. These + Active Directory, the saved password in Active Directory is thus always valid. These users can still directly log in using the existing password even after a migration ### Required rights -Various rights are required in order to issue or change user passwords. One prerequisite is the user +Various rights are required to issue or change user passwords. One prerequisite is the user right **Can display organisational structure module**. **Read** and **write** rights for the user -are also required. Finally, membership of the user is required. Normally, the user themselves and -the user who created or imported the user have the right to change their password. +are also required. Finally, membership of the user is required. Normally, the user themselves, and the user who created or imported the user have the right to change their password. ![Permission for user](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_1-en.webp) ### Assigning and changing passwords As already explained, local users are directly assigned their initial password when the user is -created. The situation is different for users that are imported in end-to-end mode. They do not -possess a password directly after the import and can thus not log in. It is thus necessary to assign +created. The situation is different for users that are imported in end-to-end mode. They don't +possess a password directly after the import and can thus not log in. It's thus necessary to assign passwords after the import. -The passwords can be directly assigned or changed via the ribbon. Naturally, it is also possible to +The passwords can be directly assigned or changed via the ribbon. it's also possible to select multiple users if e.g. several imported users should be assigned the same password. ![change password](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_2-en.webp) ### Change password on next login -Even if several users receive the same initial password, it is sensible to force them to change it -to an individual password. There is a corresponding option for this purpose. In the case of **local +Even if several users receive the same initial password, it's sensible to force them to change it +to an individual password. There's a corresponding option for this purpose. In the case of **local users**, this can be activated during the creation of the user. In the case of **users in end-to-end mode**, this option is directly activated during import for security reasons. This option is automatically deactivated after the user has successfully logged in and changed the password. @@ -59,9 +58,9 @@ automatically deactivated after the user has successfully logged in and changed ### Security of passwords -To guarantee that passwords are sufficiently strong, it is recommended that corresponding +To guarantee that passwords are sufficiently strong, it's recommended that corresponding [Password rules](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md) -are created. It is especially important to ensure here that user names are excluded. The password +are created. It's especially important to ensure here that user names are excluded. The password rule then still needs to be defined as a user password rule. ## Logging in to the database @@ -78,14 +77,15 @@ Local users simply log in using their user name and the assigned password. ## AD user -If only one domain has been configured, the users from AD can also log in with their user name and -password the same as local users. If multiple domains have been configured or there is a local user +If only one domain has been configured, the users from AD can also log in with their user name, and password the same as local users. If multiple domains have been configured or there's a local user with the same name, the name of the domain must be entered in front of the user name -The name of the domain must be entered as it is configured in the AD profile under **Domains**. The -option **Other domain names** can be used to save other forms of the domain name. +The name of the domain must be entered as it's configured in the AD profile under **Domains**. The +option **Other domain names** lets you save other forms of the domain name. ![AD User](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_6-en.webp) -NOTE: The logon to the client is automatically forwarded to the Autofill Add-on and other clients on -the same computer. The same applies to logging on to the Autofill Add-on. +:::note +The logon to the client is automatically forwarded to the Autofill Add-on and other clients on the same computer. The same applies to logging on to the Autofill Add-on. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index 6cf959f22b..6f22b687a6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Multifactor authentication -## What is multifactor authentication? +## Multifactor authentication overview By means of multifactor authentication, you can save the login – in addition to the password – with a further factor. Setting up a multifactor authentication can be done by either the administrator or @@ -19,25 +19,25 @@ Manager. In the database module, open the settings for the selected database via ![database settings](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_1-en.webp) -It is possible to separately define in the settings whether it is permitted to use each interface on +It's possible to separately define in the settings whether it's permitted to use each interface on the database. ![multifactor authentication](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_2-en.webp) ### Other settings -In the user settings, it is also possible to define the "Length of validity of a multifactor +In the user settings, it's also possible to define the "Length of validity of a multifactor authentication token" in minutes. -NOTE: In order for a user (administrator) to be able to **configure** multifactor authentication for -other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It is -important that these rights exist before Multifactor Authentication is set up. +:::note +In order for a user (administrator) to be able to **configure** multifactor authentication for other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It's important that these rights exist before Multifactor Authentication is set up. +::: ## Configuration of multifactor authentication In the [Organisational structure](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -module, you select the user and the interface "Multifactor authentication" in the ribbon. +module, you select the user, and the interface "Multifactor authentication" in the ribbon. ![TOTP](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_3-en.webp) @@ -52,18 +52,19 @@ QR code is displayed, which must be scanned using the Google Authenticator app o ![google authenticator](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_4-en.webp) -Once the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must -then enter it in the appropriate field. Finally, click on **Create** in the ribbon. +After the Google Authenticator app has detected the QR code, it'll return a 6-digit PIN. You must +then enter it in the appropriate field. Finally, click **Create** in the ribbon. ## RSA SecurID Token -To set up multifactor authentication using RSA SecurID, simply enter the RSA user name and click +To set up multifactor authentication using RSA SecurID, enter the RSA user name, and click **Create** directly in the ribbon. ![RSA SecurID Token](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_5-en.webp) -NOTE: The prerequisite for the use of RSA SecurID token is that the access data has been stored in -the Database settings on the Server Manager. +:::note +The prerequisite for the use of RSA SecurID token is that the access data has been stored in the Database settings on the Server Manager. +::: ## Public key infrastructure @@ -85,10 +86,11 @@ The multifactor authentication can be deleted by the user himself or by another authorization. The rights **Read**, **Write**, **Authorize** and **Delete** are required for another user to perform the deletion. -In order to delete a file, you should go to the main menu. Under **Account** you will find the item +To delete a file, you should go to the main menu. Under **Account** you'll find the item **Multifactor Authentication**. An alternative way is to enter the management of multifactor -authentication via the organisational structure. To do so, select the corresponding user and click +authentication via the organisational structure. To do so, select the corresponding user, and click on the **Multifactor Authentication** ribbon. -In the administration of the multi-factor authentication you will then find in the ribbon the +In the administration of the multi-factor authentication you'll then find in the ribbon the possibility to delete the stored MFA. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/one_time_password.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/one_time_password.md index b244688c5a..67835baf50 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/one_time_password.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/one_time_password.md @@ -8,8 +8,8 @@ sidebar_position: 20 ## Using OTP in Netwrix Password Secure -A one-time password is a password that is valid once and can be used for authentication or -transactions. Accordingly, each additional authentication or authorization requires a new one-time +A one-time password is a password that's valid once and supports authentication or +transactions. Accordingly, each additional authentication, or authorization requires a new one-time password. ## Establishment @@ -43,13 +43,15 @@ How to use the HTML WebViewer can be read in the chapter with the same name. ##### OTP in Emergency WebViewer -NOTE: The special feature of the Emergency WebViewer is that the stored OTP secret is also -displayed. +:::note +The special feature of the Emergency WebViewer is that the stored OTP secret is also displayed. +::: -In order to use the One-Time-Password in the +To use the One-Time-Password in the [EmergencyWebViewer](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: 1. Set up OTP 2. Emergency HTML WebViewer Export Task Create 3. Open the created emergency WebViewer + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index 12c596c2dc..415df4f3ac 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -16,7 +16,7 @@ The following firewall release must be granted: ### Requesting the Yubico API key -An API key must be requested for configuration. For this purpose, use the following link and enter +An API key must be requested for configuration. For this purpose, use the following link, and enter an e-mail address: [Yubico Website](https://upgrade.yubico.com/getapikey/) ![yubico setup](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_1-en.webp) @@ -30,13 +30,13 @@ The **One Time Password** is entered directly into the corresponding field. ![yubico OTP](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_3-en.webp) -Once the general terms and conditions have been approved, the API Key can be requested. +After the general terms and conditions have been approved, the API Key can be requested. ![yubico key](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_4-en.webp) ### Configuring the Yubikey API -The actual setting up of the multifactor authentication is carried out on the Server Manager in the +The actual setting up of the multifactor authentication is performed on the Server Manager in the **Database** module. First select the required data base; then open the "Features" in the ribbon. The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and saved. @@ -44,16 +44,16 @@ The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and The interface is now ready and can be used. -NOTE: The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for -communication with Yubico. Please make sure that the Netwrix Password Secure Server can connect to -this endpoint. +:::note +The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for communication with Yubico. ensure that the Netwrix Password Secure Server can connect to this endpoint. +::: ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md) -menu. In order to configure the Yubikey, simply select **Yubico OTP**. +menu. To configure the Yubikey, select **Yubico OTP**. ![setup second factor](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) @@ -63,21 +63,22 @@ only need to touch the touch panel. The same applies to **Yubikey Nano**. ![yubico stick](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) The token is entered directly into the corresponding field. The multifactor authentication is -configured once you’ve clicked on configure. +configured after you’ve clicked on configure. ![Configuration yubico](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_8-en.webp) ## Logging in with the Yubikey -To login with Multifactor Authentication, the database is first selected and then **User Name** and +To log in with Multifactor Authentication, the database is first selected, and then **User Name** and **Password** are entered and confirmed. After the first password authentication, another window for the **Yubico Key** is displayed. ![Login yubico](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_10-en.webp) -Click on the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. +Click the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. ![yubico stick](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) The user is now logged on. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md index 6afa679a2f..999216521c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Organisational structure -## What are organisational structures? +## Organisational structures overview The storage of passwords or documents always takes place according to the defined organisational structures. The module enables complex structures to be defined, which later form the basis for the -systematic storage of data. It is often possible to define them on the basis of already existing -organization diagrams for the company or department. It is also possible to use other criteria, such -as the function / activity performed, as the basis for creating hierarchies. It is always up to the -customer themselves to decide which structure is most useful for the purpose of the application. +systematic storage of data. It's often possible to define them on the basis of already existing +organization diagrams for the company or department. It's also possible to use other criteria, such +as the function / activity performed, as the basis for creating hierarchies. It's always up to the +customer themselves to decide which structure is most useful for the application. ![Organizational structure modul](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) @@ -35,10 +35,10 @@ remaining actions have already be explained for the password module. ![create new user/organisational unit](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_2-en.webp) - **New organisational unit/user**: New organisational units or new users can be added via the - ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right - mouse button. Due to its complexity, there is a separate section for this function: + ribbon, the keyboard shortcut "CTRL + N" or also the context menu that's accessed using the right + mouse button. Due to its complexity, there's a separate section for this function: [User management](/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) -- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational +- **Drag & Drop**: If this option has been activated, it's possible to move users or organisational units in list view via drag & drop - **Permissions**: The configuration of permissions within the organisational structure is important both for the administration of the structure and also as the basis for the permissions in @@ -56,29 +56,30 @@ remaining actions have already be explained for the password module. - **Multi Factor authentication**: Additional security during login is provided through positive authentication based on another factor. More on this subject… - **Reset password**: Administrators can reset the passwords with which users log in to Netwrix - Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Password Secure to a defined value. this is only possible if the connection to Active Directory is configured via[End-to-end encryption](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the alternative [Masterkey mode](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the authentication is linked to the correct entry of the AD password. -NOTE: To reset a user password, membership for the user is a prerequisite. +:::note +To reset a user password, membership for the user is a prerequisite. +::: The example below shows the configuration of a user where only the user themselves is a member. ![permission for user](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) -This configuration means that the user password cannot be reset by administrators. The disadvantage -is that if the password is lost there is no technical solution for "resetting" the password in the +This configuration means that the user password can't be reset by administrators. The disadvantage +is that if the password is lost there's no technical solution for "resetting" the password in the system. :::warning -It is not recommended to configure the permissions so that only the user themselves has +It isn't recommended to configure the permissions so that only the user themselves has membership. No other interventions can be made if the password is then lost. ::: - ## Adding local organisational units Both users and also organisational units themselves can be added as usual via the ribbon @@ -90,29 +91,32 @@ wizards. The example below shows the creation of a new organisational unit: ![Add new organisational unit](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) - **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, - it is not allocated to an existing organisational unit + it isn't allocated to an existing organisational unit - **Rights template group**: If an already existing organisational unit was selected under "allocated organisational unit", you can select one of the existing rights template groups. -NOTE: The organisational unit marked in list view will be used as a default. This applies to the -fields "allocated organisational unit" and also "rights template". +:::note +The organisational unit marked in list view will be used as a default. This applies to the fields "allocated organisational unit" and also "rights template". +::: ### Create role ![Create role](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) -When creating a new organisational unit, the second tab in the wizard enables you to directly create -a new role. This role will not only be created but also given "read permission" to the newly created +When creating a new organisational unit, the second tab in the wizard lets you directly create +a new role. This role won't only be created but also given "read permission" to the newly created organisational unit. ### Configuring rights ![Configuring rights](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) -The third tab of the wizard allows you to define the permissions for the newly created +The third tab of the wizard lets you define the permissions for the newly created organisational unit. If an allocated organisational unit or a rights template group was defined in the first tab, the new organisational unit will inherit its permissions. These permissions can be adapted if desired. -NOTE: The **organisational structure** module is based on the Web Application module of the same -name. Both modules have a different scope and design but are almost identical to use. +:::note +The **organisational structure** module is based on the Web Application module of the same name. Both modules have a different scope and design but are almost identical to use. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md index 30a7b1a206..46b3a323b8 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Inheriting permissions -## What is inherited in organisational structures? +## Inheritance in organisational structures -If you open the permissions for an organisational structure, the currently configured permissions +If you open the permissions for an organisational structure, the configured permissions will be visible. In the following example, there are a total of four roles with varying permissions for the organisational structure. @@ -26,16 +26,16 @@ The following options are required to view "**inherit**" and "**overwrite**" ico The two highlighted options are now available on the ribbon. - **Inherit**: This means that all of the configurations defined in the current permissions mask are - inherited by underlying organisational structures when it is saved. The permissions are added to + inherited by underlying organisational structures when it's saved. The permissions are added to existing ones - **Overwrite**: This means that all of the configurations defined are applied to underlying - organisational structures when it is saved. The previous permissions are lost. + organisational structures when it's saved. The previous permissions are lost. Both mechanisms are protected by a confirmation prompt. If both "inherit" and also "overwrite" are selected, "overwrite" is considered the overriding function. :::warning -Both mechanisms are not protected by user rights. The **authorize** right for the +Both mechanisms aren't protected by user rights. The **authorize** right for the organisational structure is required to activate the inheritance or overwrite functions. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index 5bcedca105..747f077828 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -16,12 +16,12 @@ permissions for organisational structures. [Visibility](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective [Protective mechanisms](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). - Configuration of the visibility is carried out directly when issuing permissions to + Configuration of the visibility is performed directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: [Inheritance from organisational structures](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) - is defined as a system standard. This means that there is no difference between the permissions - for an organisational structure and the permissions for data that is stored in these + is defined as a system standard. This means that there's no difference between the permissions + for an organisational structure and the permissions for data that's stored in these organisational structures. The way in which permissions for organisational structures are designed thus effects the subsequent @@ -32,37 +32,38 @@ interfaces. ## Permissions -The visibility and also inheritance mechanisms are not considered below. This section exclusively +The visibility and also inheritance mechanisms aren't considered below. This section exclusively deals with permissions for the actual organisational structure. It deals with which users and roles have what form of permissions for a given organisational structure. Permissions for organisational -structures can be defined via the ribbon or also the context menu that is accessed using the right +structures can be defined via the ribbon or also the context menu that's accessed using the right mouse button. A permissions tab appears: ![Permissions for OU](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_2-en.webp) -NOTE: The basic mechanisms for setting permissions is described in detail in the Authorization -concept. +:::note +The basic mechanisms for setting permissions is described in detail in the Authorization concept. +::: :::warning -It is important that the permissions displayed here are interpreted correctly! The +It's important that the permissions displayed here are interpreted correctly. The example above shows the permissions for the "organisational structure IT". ::: - The user Max Muster possesses all rights to the organisational structure IT and can thus edit, -delete and also grant permissions for this structure. +delete, and also grant permissions for this structure. ## The add right -The "add" right holds a special position amongst the available rights because it does not refer to -the organisational unit itself but rather to data that will be created within it. In general, it is +The "add" right holds a special position amongst the available rights because it doesn't refer to +the organisational unit itself but rather to data that will be created within it. In general, it's fair to say that to add objects in an organisational unit requires the add right. If a user wants to add a new record to an organisational unit, the user requires the above-mentioned right. In the example above, only the administrator has the required permissions for adding new records. Even the -IT manager – who possess all other rights to the organisational structure "IT" – does not have the +IT manager – who possess all other rights to the organisational structure "IT" – doesn't have the right to add records. :::warning The add right merely describes the right to create objects in an organisational unit. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/configuration_2.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/configuration_2.md index 867f8b7556..0445fb6410 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/configuration_2.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -10,7 +10,7 @@ sidebar_position: 20 New Password Resets can be directly added via the ribbon or the keyboard shortcut "Ctrl + N" in the Password Reset module. With regards to setting permissions, a Password Reset behaves in precisely -the same way as every other object. It is thus possible to precisely control which users can view +the same way as every other object. It's thus possible to precisely control which users can view and use which Password Resets. ## Configuration Guide @@ -25,16 +25,16 @@ and "Linked passwords". - **Name**: Designation for the Password Reset - **Responsible user**: All completed Password Resets are also recorded within Netwrix Password - Secure (logbook,…). To ensure these steps can be allocated to a user, a user who is registered in + Secure (logbook,…). To ensure these steps can be allocated to a user, a user who's registered in Netwrix Password Secure is selected in the field "Responsible user". ### Trigger -Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. +Triggers describe the conditions that need to be fulfilled so that a Password Reset is performed. There are a total of three possible triggers available: - Reset the password x minutes after the password has been viewed -- Reset the password when it has not been changed for x days +- Reset the password when it hasn't been changed for x days - Reset the password when it has been expired for x days At least one trigger must be activated so that the Password Reset is activated. Deactivating all @@ -42,8 +42,9 @@ triggers is equivalent to deactivating the Password Reset. All three triggers ca deactivated independently of one another. Only one selection can be made in each of the three categories. -NOTE: A separate system task within Netwrix Password Secure checks every minute whether a trigger -applies. +:::note +A separate system task within Netwrix Password Secure checks every minute whether a trigger applies. +::: ### Scripts @@ -54,16 +55,19 @@ A new dialogue appears after the selection in which the type of system "to be re - **Script type**: You select here from the possible script types. - **Password**: The credentials for the record that will ultimately carry out the Password Reset. The required information is specifically requested in each case. For example, if the reset is for - an MSSQL user, the MSSQL instance and the port used needs to be entered. + an MSSQL user, the MSSQL instance, and the port used needs to be entered. The functions and configuration process are described in detail in the section Scripts. -NOTE: It is not possible to create a Password Reset without an associated script. +:::note +It isn't possible to create a Password Reset without an associated script. +::: ### Linked passwords All records that should be reset with the Password Reset according to the selected trigger are listed under “Linked passwords”. Multiple objects can be entered. The linked Password Reset is also -visible in the footer of the reading pane once it has been successfully configured. +visible in the footer of the reading pane after it has been successfully configured. ![new script password reset](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index 315cdac525..d4e52f16af 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/heartbeat.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -6,10 +6,10 @@ sidebar_position: 50 # Heartbeat -## What is the heartbeat? +## Heartbeat overview The heartbeat checks whether passwords in Netwrix Password Secure match the login data on the -relevant systems. This process ensures that the passwords do not differ from one another. +relevant systems. This process ensures that the passwords don't differ from one another. ## Requirements @@ -33,19 +33,19 @@ The testing process using the heartbeat can be executed via various methods. ## Testing via Password Reset -The heartbeat is always carried out before the first resetting process using a Password Reset. After -the script has run, the testing process is carried out again. Further information on this process +The heartbeat is always performed before the first resetting process using a Password Reset. After +the script has run, the testing process is performed again. Further information on this process can also be found in the section [Rollback](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing The heartbeat can be executed in the ribbon for the password module by clicking on **Check login -data**. The currently marked password is always tested. +data**. The marked password is always tested. ### Automatic testing via the password settings -It is also possible to configure the heartbeat to run cyclically. It can be configured either via +It's also possible to configure the heartbeat to run cyclically. It can be configured either via the [User settings](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md) or directly in the @@ -64,8 +64,8 @@ can be displayed by moving the mouse over the icon. The icon has three different versions. These have the following meanings: -The last test was successful. The password is correct The test could not be performed. For example, -the password could not be reached. The last test was completed. However, the password is different +The last test was successful. The password is correct The test couldn't be performed. For example, +the password couldn't be reached. The last test was completed. However, the password is different to the one on the target system. ## Filtering the results diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md index 6b9cc63df7..897427e618 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -27,7 +27,7 @@ logbook entries are written: | Execution Error | Password Reset | | Error during rollback | Password Reset | -If an attempt was made to perform a rollback, but the rollback cannot be performed because the old +If an attempt was made to perform a rollback, but the rollback can't be performed because the old password was incorrect before the reset, or the first script is of the type “user-defined”, the following logbook entry is written: @@ -36,7 +36,7 @@ following logbook entry is written: | Error during rollback | Password Reset | If a password reset has failed and an attempt is made to perform a rollback, the reset is blocked -for one day and the following logbook entry is written: (It does not matter if the rollback worked +for one day and the following logbook entry is written: (It doesn't matter if the rollback worked or not) | Logbook type | Logbook record | diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md index e31f3a92b7..c6fdd0531b 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Password Reset -## What is a Password Reset? +## Password reset overview The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to a new and unknown value according to freely definable triggers. A trigger could be a definable time @@ -21,8 +21,9 @@ system to a new value. ![Password reset process diagram](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/password_reset_2-en.webp) -NOTE: If an error occurs during the execution of a password reset, the affected reset is blocked -with all associated passwords. This is noted in the logbook with an entry "blocked". +:::note +If an error occurs during the execution of a password reset, the affected reset is blocked with all associated passwords. This is noted in the logbook with an entry "blocked". +::: :::warning Due to the complexity of the process, it is strongly recommended that Password Reset is @@ -30,3 +31,4 @@ configured **in combination with certified partners**. The desired simplificatio using the above-mentioned automated functions is accompanied by numerous risks. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/rollback.md index b4774f59a7..ce822b3572 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/rollback.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Rollback -## What is a rollback? +## Rollback overview If an error occurs while running a script, a rollback is initiated. This ensures that the original password is restored. -## When does a rollback run? +## Rollback triggers The following diagram shows when and according to which criteria a rollback is initiated: @@ -25,5 +25,5 @@ rollback. ## Logbook -The logbook can be used to see if a rollback has been run and if it was successful. After a +The logbook lets you see if a rollback has been run and if it was successful. After a rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/scripts.md index 0c33c61ad9..c41a31084b 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/scripts.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -9,12 +9,12 @@ sidebar_position: 30 ## Available scripts The following scripts are supplied and can be directly used. In all scripts, a password is firstly -selected in the upper section. This is not the password that will be reset on the target system. +selected in the upper section. This isn't the password that is reset on the target system. Instead, a user should be entered here that can complete the rest of the process on the target system. This password thus requires administrative rights to the target system. A delay can also be configured in every script. This may be necessary, for example, if a password is -changed in AD and it is firstly distributed to other controllers. +changed in AD and it's firstly distributed to other controllers. ![new script](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_1-en.webp) @@ -32,7 +32,7 @@ changed. The **host name** – i.e. the target computer – and the **service na ![Service accounts scripts](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) -Please note that the **display name** for the **service** needs to be used. +The **display name** for the **service** needs to be used. ![display name service](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) @@ -48,21 +48,21 @@ The access data in the associated password can be saved as follows: ## Windows user -This script can be used to reset the passwords for local Windows users. Only the **host name** needs +This script lets you reset the passwords for local Windows users. Only the **host name** needs to be saved here. ![Windows user script](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) ## Linux user -Linux users can also be reset in the same way as Windows users. It is also only necessary to enter +Linux users can also be reset in the same way as Windows users. It's also only necessary to enter the **host name** and the **port** here. ![Linux user script](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_6-en.webp) ## MSSQL user -This script resets passwords for local MSSQL users. It is only necessary to enter the **MSSQL +This script resets passwords for local MSSQL users. It's only necessary to enter the **MSSQL instance** and the **port**. ![MSSQL user script](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_7-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 83c4ab0d77..27f4569f15 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -8,12 +8,12 @@ sidebar_position: 40 ## Individual solutions using your own scripts -If your requirements cannot be met using the +If your requirements can't be met using the [Scripts](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/scripts.md), -it is also possible to create your own Powershell scripts. These scripts need to meet certain +it's also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. -## Storage location, name and call +## Storage location, name, and call The scripts must be saved in the following directory: `C:\ProgramData\MATESO\Password Safe and Repository Service\System\PowerShell` @@ -28,7 +28,6 @@ The PowerShell scripts must have the following structure: Netwrix Password Secure always calls the RunScript function. - ``` function RunScript param ( @@ -44,19 +43,18 @@ The following standard parameters can be used here: - UserName: The user name for which the password should be changed - Password: The password that should be reset -- CredentialsUserName: The user name of the user authorized to carry our the reset (e.g. +- CredentialsUserName: The user name of the user authorized to carry out the reset (e.g. administrator) - CredentialsPassword: The password of the authorized user ### Scriptblock The **scriptblock** can be used when the script should run in the context of another user. The -actual change is then carried out in the **scriptblock**. +actual change is then performed in the **scriptblock**. -It is important in this case that you provide Netwrix Password Secure with feedback about what has +It's important in this case that you provide Netwrix Password Secure with feedback about what has been changed via a **Write-Output**. The following example simply uses the outputs **true** or -**false**. However, it is also conceivable that an error message or similar is output. - +**false**. However, it's also conceivable that an error message or similar is output. ```     $scriptBlock = {param ($UserName, $Password) @@ -68,11 +66,11 @@ been changed via a **Write-Output**. The following example simply uses the outpu     } ``` -Naturally, CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. +CredentialsUserName, and CredentialsPassword can also be directly used in the script (i.e. without the **scriptblock**). You can view the supplied MSSQL script as an example. ### Invoke A credential then still needs to be created. This is then transferred to the **scriptblock** using -the **invoke** command. It is also important in this case to provide Netwrix Password Secure with +the **invoke** command. It's also important in this case to provide Netwrix Password Secure with feedback about all errors via **Write-Output** or **throw [System.Exception]**. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md index 044df1f01c..7549a4074c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -6,11 +6,11 @@ sidebar_position: 10 # Creating new passwords -## What does creating new passwords/records mean? +## New passwords and records overview Saving a record/password stores information in the MSSQL database. This process is started in the -Passwords module for the client. It is accessed either via the icon in the ribbon, using the -keyboard shortcut "CTRL + N" or via the context menu that is accessed using the right mouse button +Passwords module for the client. It's accessed either via the icon in the ribbon, using the +keyboard shortcut "CTRL + N" or via the context menu that's accessed using the right mouse button in list view. The next step is to select a suitable form that will open in a modal window. ## Requirements @@ -22,7 +22,7 @@ The following 2 user rights are required: ## Selecting a form -When creating a new record, it is possible to select from all the forms for which the logged-in user +When creating a new record, it's possible to select from all the forms for which the logged-in user has the required permissions. To make the selection process as easy as possible, a preview of the form fields included in the form is shown on the right hand side. @@ -44,14 +44,14 @@ record can be saved via the ribbon when all fields have been filled. ## Validity and tags -Irrespective of the selected form, it is always possible to define the validity and tags for a +Irrespective of the selected form, it's always possible to define the validity and tags for a record. Both values are optional. ![Validity and tags](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_3-en.webp) - The **validity** defines an end date until which the record is valid. This information can be - evaluated e.g. in the logbook or in reports. It is thus possible to create a list of all expired - passwords for a user or an authorized entity. However, it is not possible to limit the usability + evaluated e.g. in the logbook or in reports. It's thus possible to create a list of all expired + passwords for a user or an authorized entity. However, it isn't possible to limit the usability of expired passwords for security reasons. - **Tags** are freely definable properties of records that can be used as search criteria. This also allows thematically linked information to be grouped together. @@ -59,32 +59,34 @@ record. Both values are optional. ## Setting permissions for new records In principle, there are various approaches for setting permissions for newly created records. All of -them have already been described in the Authorization concept section. It is important to note here +them have already been described in the Authorization concept section. It's important to note here that **manual setting of permissions is only possible after saving** a record. Automatic permissions are set before the record is saved. In this context, the selection of the organisational structure and the permissions for a record are important aspects. ![permissions new record](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_4-en.webp) -- **Manual setting of permissions**: If you want to manually set permissions for the record, select +- **Manual setting of permissions**: To manually set permissions for the record, select the organisational structure in which the record should be saved. After saving the record, the - permissions can be manually amended via the permissions tab in the ribbon. If you only want to - create a personal record for which no other user will receive permissions, simply select your own + permissions can be manually amended via the permissions tab in the ribbon. To + create a personal record for which no other user receives permissions, select your own organisational structure and conclude the process with "save" via the ribbon. -NOTE: If any kind of automatic permissions have been activated for the selected OU, this will always -be prioritized. +:::note +If any kind of automatic permissions have been activated for the selected OU, those permissions always take priority. +::: :::warning Even when creating private records, inheritance of permissions based on the logged-in user can also be activated as an option. This option is described in a separate section. ::: +:::note +The user right Allow sharing of personal passwords lets you define that personal passwords can't be released to other users. +::: -NOTE: The user right Allow sharing of personal passwords can be used to define that personal -passwords cannot be released to other users. - -**Automatic setting of permissions**: Automatic setting of permissions is carried out before the +**Automatic setting of permissions**: Automatic setting of permissions is performed before the record is saved. Irrespective of whether predefined rights or rights inheritance is being used, the -configuration is always carried out in the organisational structure or permissions area. Saving the +configuration is always performed in the organisational structure or permissions area. Saving the record thus completes the process for creating the password including the issuing of permissions. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/form_field_permissions.md index 1e5a0be193..558adfb9db 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/form_field_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -6,11 +6,11 @@ sidebar_position: 40 # Form field permissions -## What are form field permissions? +## Form field permissions overview The authorization concept allows separate permissions to be set for each object. These objects could -be records, forms or users. Netwrix Password Secure goes one step further in this context. Every -single form field for a record can also be granted with separate permissions. It is thus possible to +be records, forms, or users. Netwrix Password Secure goes one step further in this context. Every +single form field for a record can also be granted with separate permissions. It's thus possible to grant different permissions for the password field of a record than are set for the other fields. ## Relevant rights @@ -25,11 +25,11 @@ The following options are required to view "inherit" and "overwrite" icons. ## Configuration The associated form field permissions for the marked record can be opened via the ribbon using the -drop-down menu under "Permissions". +dropdown menu under "Permissions". ![form field permissions](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/form_field_permissions_1-en.webp) -The window that opens allows you to select the relevant form field for which you want to grant +The window that opens lets you select the relevant form field for which you want to grant permissions. The following example focuses on the password field. ![permissions of password field](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/form_field_permissions_2-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/history.md index 1f16cee3bf..a3d1496acd 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/history.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/history.md @@ -6,17 +6,17 @@ sidebar_position: 60 # History -## What is the history? +## History overview Alongside saving passwords and keeping them safe, the ability to trace changes to records also has great relevance. The history maintains a seamless account of the versions for all form fields in a -record. Every change to records is separately recorded, saved and can thus also be restored. In -addition, it is always possible to compare historical values with the current version. The history +record. Every change to records is separately recorded, saved, and can thus also be restored. In +addition, it's always possible to compare historical values with the current version. The history is thus an indispensable component of every security concept. ## The history in the reading pane -The optional footer area can be used to already display the history when in the reading pane. All of +The optional footer area lets you already display the history when in the reading pane. All of the historical entries are listed and sorted in chronological order. ![history in footer](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) @@ -29,7 +29,7 @@ in the ribbon or via a double click. ## Detailed history in the Extras -The detailed history for the record marked in list view can be called up in the Start/Extras tab. +The detailed history for the record marked in list view can be opened in the Start/Extras tab. ![History](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) @@ -40,7 +40,7 @@ versions with the date and time of their last change are sorted in chronological ## Comparison of versions -At least two versions need to be selected in order to carry out a comparison. In list view, mark the +At least two versions need to be selected to carry out a comparison. In list view, mark the first version and then add another version via the “Add” button on the right of the reading pane to compare with the first one. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/moving_passwords.md index 3e08744889..8344293611 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/moving_passwords.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -6,16 +6,16 @@ sidebar_position: 30 # Moving passwords -## What happens when records are moved? +## Record movement behavior -Data can be moved within Netwrix Password Secure to another organisational structure. This does not +Data can be moved within Netwrix Password Secure to another organisational structure. This doesn't necessarily have to be linked to a change in permissions (the effects are described separately below). Moving records without changing the permissions mainly has effects on the filtering or search functions for records. -## How do you move a record? +## Move a record -The (marked) records are moved either via the ribbon or via the context menu that is accessed using +The (marked) records are moved either via the ribbon or via the context menu that's accessed using the right mouse button. ![moving password](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/moving_passwords_1-en.webp) @@ -25,7 +25,7 @@ records in this case. ### Required permissions -No special user rights/settings are required in order to move records. The “move” right for the +No special user rights/settings are required to move records. The “move” right for the record is the only deciding factor. ![required permissions](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/moving_passwords_2-en.webp) @@ -34,7 +34,7 @@ record is the only deciding factor. ![effects on existing permissions](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/moving_passwords_3-en.webp) -- **Retain permissions**: The permissions for the record are not changed by moving it and are +- **Retain permissions**: The permissions for the record aren't changed by moving it and are retained - **Overwrite permissions**: The permissions for the record are overwritten by the target OU - **Extend permissions**: The existing permissions are extended to include the permissions for the @@ -43,9 +43,9 @@ record is the only deciding factor. :::warning From a technical perspective, all rights will be removed from the record when overwriting the permissions. The permissions will then be applied to the record in accordance with -the rights template or inheritance from organisational structures. It is important to note here that -it is theoretically possible to remove your own rights to the record! The rights change will only be -carried out if at least one user retains the right to issue permissions as a result. Otherwise, the +the rights template or inheritance from organisational structures. It's important to note here that +it's theoretically possible to remove your own rights to the record. The rights change will only be +performed if at least one user retains the right to issue permissions as a result. Otherwise, the rights change will be cancelled with a corresponding message. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/password_settings.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/password_settings.md index d2ceafc6f4..c5fe3529ef 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/password_settings.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -6,16 +6,16 @@ sidebar_position: 50 # Password settings -## What are password settings? +## Password settings overview -The password settings can be used to define a diverse range of options. These can be found in the +The password settings lets you define a diverse range of options. These can be found in the ribbon in the subsection “Extras”. The settings open up in a new tab. ![password settings](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/password_settings_1-en.webp) ### Category: Browser -- **Default browser**: This option can be used to define a default browser for every record +- **Default browser**: This option lets you define a default browser for every record separately. You can select from all browsers that have been registered as a browser in Windows. ### Category: SSO @@ -26,7 +26,7 @@ ribbon in the subsection “Extras”. The settings open up in a new tab. - **Browser Extensions**: Automatically fill login masks: This setting defines whether the login masks are automatically filled when logging in via SSO. This is the case when the user is located on a login page. If the record for this page has been saved, the login mask will be filled if this - option has been activated. Otherwise, this step needs to be carried out manually via the add-on. + option has been activated. Otherwise, this step needs to be performed manually via the add-on. If multiple records have been saved for this page, the user must complete this step manually via the add-on in both cases. - **Browser Extensions**: Automatically send login masks: If this option has been activated, the diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/passwords.md index 5d600c7ed7..e240265bb9 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/passwords.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/passwords.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Passwords -## What are passwords? +## Passwords overview In Netwrix Password Secure v8, the data record with the passwords represents the central data object. The Passwords module provides administrators and users with central access to the passwords -for the purpose of handling this sensitive data that requires protection. Search filters in -combination with color-highlighted tags enable very focussed work. Various approaches can be used to +to handle this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. Various approaches lets you help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module helps all users to use Netwrix Password Secure in an efficient and targeted manner. @@ -35,12 +35,12 @@ The module-specific ribbon functions will be explained below. ### New - **New password**: New passwords can be added via this icon in the ribbon, via the context menu - that is accessed using the right mouse button and via the shortcut (Ctrl + N). The next step is to + that's accessed using the right mouse button and via the shortcut (Ctrl + N). The next step is to select a suitable form. - **Open**: Opens the object marked in list view and provides further information about the record in the reading pane. - **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). -- **Reveal**: The function **Reveal** can be used for all records that have a password field. The +- **Reveal**: The function **Reveal** supports all records that have a password field. The passwords in the reading pane will be revealed. In the example, the passwords have been revealed and can be hidden again with the **Hide** button. @@ -49,10 +49,10 @@ The module-specific ribbon functions will be explained below. ### Actions - **Notifications**: Defining notifications enables a constant flow of information about any type of - interaction. The issuing of notifications is carried out in the module designed for this purpose. + interaction. The issuing of notifications is performed in the module designed for this purpose. - **Duplicate**: Duplicating creates an exact copy of the record in a new tab. - **Move**: Moves the record marked in list view to another organisational structure. -- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch +- **Toggle** **Favorite**: The selected record is marked as a favorite. It's possible to switch between all records and favorites at any time. - **Quick view**: A modal window opens for the selected record for 15 seconds and displays all available information **including the value of the password**. @@ -60,7 +60,7 @@ The module-specific ribbon functions will be explained below. ### Permissions -- **Permissions**: The drop-down menu can be used to set both password permissions and also form +- **Permissions**: The dropdown menu lets you set both password permissions and also form field permissions. This method only allows the manual setting of permissions for data (see **authorization concept)** @@ -83,10 +83,10 @@ default. In the present case, this has been adjusted via the user settings.) ### Start Conveniently working with passwords is only possible via the efficient usage of automated accesses -via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with +via RDP, SSH, general Windows applications, or websites. This makes it possible to dispense with (unsecure) entries via "copy & paste". -- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open +- **Open web page**: If an URL is saved in the record, this menu option lets you directly open it. - **Applications**: If applications have been linked to records, they can be directly opened via the "start menu". @@ -103,16 +103,17 @@ If several sessions are opened on a client, an external link is always called in first session. ::: - - **History**: This icon opens the history for those records selected in list view in a new tab. Due - to the comprehensive recording of historical versions of passwords, it is now possible to compare + to the comprehensive recording of historical versions of passwords, it's now possible to compare several versions with one another. -- **Print**: This option can be used to open the print function. -- **Export**: It is possible to export all the selected records and also the data defined by the +- **Print**: This option lets you open the print function. +- **Export**: It's possible to export all the selected records and also the data defined by the filter to a .csv file. -- **Change form**: It is possible to change the form used for individual records. "Mapping" of the - previous form fields can be directly carried out in the process. +- **Change form**: It's possible to change the form used for individual records. "Mapping" of the + previous form fields can be directly performed in the process. - **Settings**: The password settings are described in a separate section. -NOTE: The password module is based on the module of the same name in the Web Application. Both -modules have a different scope and design. However, they are almost identical to use. +:::note +The password module is based on the module of the same name in the Web Application. Both modules have a different scope and design. However, they're almost identical to use. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/recycle_bin.md index f2007476b0..d84e3e4e5e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -6,17 +6,17 @@ sidebar_position: 70 # Recycle Bin -This option allows you to view and permanently delete deleted passwords to which you are entitled. +This option lets you view and permanently delete deleted passwords to which you're entitled. ## Procedure for deleting passwords To put passwords into the recycle bin there are 2 possible procedures. Select the passwords you want -to delete and click on **Move to bin (1)** or right-click on the passwords and select **Move to +to delete and click **Move to bin (1)** or right-click the passwords and select **Move to bin(2)**. ![bin_2](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/bin_2.webp) -You will then be asked if you actually want to perform this action. +You'll then be asked if you actually want to perform this action. ![bin_3](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/passwords/bin_3.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/revealing_passwords.md index aea3f34d0f..b93e6f6c61 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/revealing_passwords.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Revealing passwords -## What is involved in revealing passwords? +## Revealing passwords overview Not all information is encrypted by the MSSQL database in Netwrix Password Secure for performance reasons. Only the password itself (=secret) is encrypted with the help of the used encryption @@ -29,7 +29,7 @@ means the user can view the value of the password using the "reveal" function. ## Revealing passwords – diagram -In this context, it is important to note that the word "reveal" does not really accurately describe +In this context, the word "reveal" doesn't really accurately describe this process. It creates the **incorrect** impression that the client already has the password and only needs to reveal it. However, the processes running in the background until the password are revealed are much more complex and will thus be described below. @@ -39,22 +39,22 @@ revealed are much more complex and will thus be described below. ### Saving the password on the server Even though you would assume the opposite, at the start a masked password (\*) is neither available -on the client nor the server in plain text! The password is stored as part of the MSSQL database in -a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it is not -currently possible either on the server or the client to view the password. If you mark a record, -the password is not available at all on the client and is encrypted on the server before it is +on the client nor the server in plain text. The password is stored as part of the MSSQL database in +a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it isn't +possible either on the server or the client to view the password. If you mark a record, +the password isn't available at all on the client and is encrypted on the server before it's revealed. ### The encrypted password is requested Pressing the "reveal"- button triggers the process for requesting the password. A request is sent to -the server to apply for the encrypted password to be released. The server itself does not possess +the server to apply for the encrypted password to be released. The server itself doesn't possess the required key (private key) to decrypt the password. Therefore, it can only deliver the **encrypted value**. ### Checking the permissions -Whether the request sent in step 2 is approved is defined in the authorization concept. Once the +Whether the request sent in step 2 is approved is defined in the authorization concept. After the request has been received, the server checks whether the user possess the required rights. It also checks the possible existence of other security mechanisms such as a seal or password masking. If the necessary requirements for releasing the password have been met, the server now sends the diff --git a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md index 15bf96e22b..941a91426d 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md @@ -6,15 +6,15 @@ sidebar_position: 50 # Roles -## What are roles? +## Roles overview Each employee in a company is ultimately a member of a department and / or part of a particular function level. These departments or groups are mapped within Netwrix Password Secure using the role concept. The authorizations can be configured and inherited in a role-based manner. The **Roles -module** should only be made available to administrators. Accordingly, it is recommended to limit -the visibility of the role management. It is also possible to delegate the management of departments +module** should only be made available to administrators. Accordingly, it's recommended to limit +the visibility of the role management. It's also possible to delegate the management of departments or separate areas completely to third parties via the role concept. The authorization concept -ensures that users are only granted access to those roles to which they are entitled. +ensures that users are only granted access to those roles to which they're entitled. ![Roles module](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/roles/roles_1-en.webp) @@ -41,9 +41,9 @@ between users and authorizations of any kind. ## Creating and granting permissions for new roles -If you are in the **roles module**, the process for creating new roles is the same as for +If you're in the **roles module**, the process for creating new roles is the same as for [Creating new passwords](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md). -Roles can be created via the ribbon and also via the context menu that is accessed using the right +Roles can be created via the ribbon and also via the context menu that's accessed using the right mouse button. ![creating new role](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/roles/roles_3-en.webp) @@ -57,27 +57,29 @@ present in a company is the starting point for the success of Netwrix Password S design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all the requirements of all project participants have been met. -## Why are there no groups? +## Roles instead of groups Netwrix Password Secure enforces the avoidance of unnecessary structures through the role concept. A -group-in-group nesting is not supported – and is not necessary at all. The resultant increase in +group-in-group nesting isn't supported – and isn't necessary at all. The resultant increase in performance as well as increased overview promotes efficiency and effectiveness. The elegant interplay of organisational structures, roles, and granular filter options can cover all customer-specific scenarios. -NOTE: This architecture makes nesting of roles obsolete. +:::note +This architecture makes nesting of roles obsolete. +::: ## Overview of members for a role As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the [Reading pane](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md). -All of the other users with permissions but without membership of the role are not taken into +All of the other users with permissions but without membership of the role aren't taken into account. ![role overview](/images/passwordsecure/9.1/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) -NOTE: The roles module is based on the -[Roles module](/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md) -of the Web Application. Both modules have a different scope and design but are almost identical to -use. +:::note +The roles module is based on the [Roles module](/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md index 6887ccc7bd..ab9e9d9617 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Account -## What is an account? +## Account overview -Users can configure all user-specific information in their account. It should be noted that if the +Users can configure all user-specific information in their account. If the [Masterkey mode](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) -process is used, user data will always be taken from Active Directory – editing this information in +process is used, user data is always taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. ![account](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/account/installation_with_parameters_123-ewn.webp) @@ -21,35 +21,40 @@ All of the information in the contact and address sections can be defined under areas of the profile overlap with the **management of users.** This information is explained in [Managing users](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). -NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this -case, all information will be imported from AD. +:::note +No changes can be made to users that were imported from AD using Master Key mode. In this case, all information will be imported from AD. +::: #### Editing user image A new image can be added or the existing one replaced or deleted by clicking on the profile image. -NOTE: No changes can be made to users that were imported from AD with the aid of Master Key mode. If -an image has been saved in AD, it will be used here. +:::note +No changes can be made to users that were imported from AD with the aid of Master Key mode. If an image has been saved in AD, it'll be used here. +::: #### Change password -It is recommended that the user password is changed on a regular basis. If you want to use a new -password, it is necessary to enter the existing password in advance. The strength of the password -will be directly displayed. +It's recommended that the user password is changed on a regular basis. To use a new +password, enter the existing password first. The strength of the password +is displayed immediately. -NOTE: Users who were imported from AD with the aid of Master Key mode log in with the domain -password. Therefore, no password can be configured in this case. +:::note +Users who were imported from AD with the aid of Master Key mode log in with the domain password. Therefore, no password can be configured in this case. +::: -NOTE: The strength of the user password can be stipulated by administration through the issuing of -password rules. +:::note +The strength of the user password can be stipulated by administration through the issuing of password rules. +::: -NOTE: If a user changes his or her password, all sessions that are still open are automatically -terminated. +:::note +If a user changes his or her password, all sessions that are still open are automatically terminated. +::: #### Multifactor authentication Multifactor authentication provides additional protection through a second login authentication -using a hardware token. The configuration is carried out via the ribbon in the “Security” section. +using a hardware token. The configuration is performed via the ribbon in the “Security” section. See also in [Multifactor authentication](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) @@ -57,10 +62,10 @@ See also in #### Configure autologin -This option can be used to automate the login to Netwrix Password Secure. For setup, just enter the +This option lets you automate the log in to Netwrix Password Secure. For setup, just enter the password twice and save it. -The autologin is linked to the hardware and thus will not work on a different computer. If you +The autologin is linked to the hardware and thus won't work on a different computer. If you change the hardware or the hardware ID, an existing autologin needs to be recreated. #### Relevant right @@ -72,13 +77,13 @@ User right - Can manage autologin :::warning -The automatic login should be handled as a process critical to security. It is -important to note that all data can be accessed, for example, if you forget to lock the computer. +The automatic login should be handled as a process critical to security. It's +important that all data can be accessed, for example, if you forget to lock the computer. ::: - -NOTE: For security reasons, the autologin is only valid for 180 days and then needs to be -subsequently renewed. +:::note +For security reasons, the autologin is only valid for 180 days, and then needs to be subsequently renewed. +::: #### Reset settings @@ -87,6 +92,7 @@ etc. to the default values. #### Start offline synchronization -If you have made changes to the database and do not want to wait for the next automatic +If you have made changes to the database and don't want to wait for the next automatic synchronization, an offline synchronization can also be started manually. The synchronization runs in the background and is indicated by a status bar in the footer as well as by the icon. More… + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/administration.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/administration.md index af50a67892..e0a893429c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/administration.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/administration.md @@ -13,16 +13,16 @@ purely informative in character and thus no configurations can be made here. ![installation_with_parameters_120](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/administration/installation_with_parameters_120.webp) -The session view starts in the currently active module in a separate tab. +The session view starts in the active module in a separate tab. #### Locked users -All currently locked users can also be retrieved. There are two scenarios here: +All locked users can also be retrieved. There are two scenarios here: 1. User name correct, password incorrect: The user name is displayed 2. User name incorrect: The client is displayed -In addition, the number of attempted logins and the length of time that the user was locked in each +In addition, the number of attempted logins, and the length of time that the user was locked in each case can be seen. ![installation_with_parameters_121](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/administration/installation_with_parameters_121.webp) @@ -31,13 +31,13 @@ case can be seen. Password rules can be defined for both user passwords and also for WebViewer exports that then need to be fulfilled. In the following example, a user password must correspond to the “default password” -rule in order to be valid +rule to be valid ![Standard password rule](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/administration/installation_with_parameters_122-en_677x129.webp) #### Relevant right -There is a separate option for defining the password rules for named passwords. +There's a separate option for defining the password rules for named passwords. **User right** diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export.md index 1a1b3faa45..abec25a380 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Export -## What is an export? +## Export overview An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and automated @@ -14,15 +14,14 @@ automated can extract information from Netwrix Password Secure in this manner. :::warning -Please note that extracting passwords is always associated with a weakening of the +Extracting passwords is always associated with a weakening of the security concept. The informative value of the logbook will suffer when data is exported because the revision of this data will no longer be logged. This aspect needs to be taken into account particularly in conjunction with the Netwrix Password Secure [Export wizard](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export_wizard.md) -because the export result is not separately secured by a password. +because the export result isn't separately secured by a password. ::: - The export function is accessed via the Main menu/Export. There are two fundamental types of export – the WebViewer export and the export wizard. However, the latter is divided into four subcategories. @@ -31,8 +30,7 @@ subcategories. The [HTML WebViewer export](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) -creates a HTML file protected by a password. In contrast, the export wizard creates an open and -unprotected .csv file. +creates a HTML file protected by a password. In contrast, the export wizard creates an open, and unprotected .csv file. ## Requirements @@ -45,7 +43,7 @@ rights ![Export in the ribbon](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) -In this example, the marked role IT employee does not have the required permissions to export the +In this example, the marked role IT employee doesn't have the required permissions to export the record. In contrast, the IT manager does have the required permissions. In addition, the administrator possesses all rights, including the right to export. @@ -57,6 +55,7 @@ The following option is required. - Can export -NOTE: If a record is exported, this user right and also the corresponding permissions for the record -must be set. The user right defines whether a user can generally export data, while the permissions -for the record define which records can be exported. +:::note +If a record is exported, this user right, and also the corresponding permissions for the record must be set. The user right defines whether a user can generally export data, while the permissions for the record define which records can be exported. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export_wizard.md index b547a7c476..0976eab844 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export_wizard.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -6,22 +6,22 @@ sidebar_position: 20 # Export wizard -## What export wizards are there? +## Available export wizards There are a total of four different export wizards. ![installation_with_parameters_74_548x283](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_74_548x283.webp) The functionality of these wizards only differs based on the data to be exported. A distinction is -made between passwords, organisational structures, forms and applications. **As all four wizards are +made between passwords, organisational structures, forms, and applications. **As all four wizards are handled in the same way, the following section will only describe the password export wizard.** The remaining three wizards function in the same way. -## What is the password export wizard? +## Password export wizard overview This wizard allows records to be exported in standard.csv format. In contrast to the [HTML WebViewer export](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), -the resulting file is not protected by a password. It goes without saying that this feature must be +the resulting file isn't protected by a password. It goes without saying that this feature must be used carefully. ## Starting the password export wizard @@ -41,7 +41,7 @@ The export wizard can be accessed in a variety of different ways: The password export wizard can be started via the ribbon in two ways. **Selected passwords** exports only those passwords marked in list view, whereby **Passwords based on the filter** uses the -currently defined filter settings as the criteria. +defined filter settings as the criteria. **The wizard** @@ -50,14 +50,14 @@ corresponding preview is also provided. ![installation_with_parameters_76](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_76.webp) -Once the wizard has been completed, the desired export is created and saved to the defined storage +After the wizard has been completed, the desired export is created, and saved to the defined storage location. :::warning -It is important to once again point out the sensitive nature of this export function +It's important to once again point out the sensitive nature of this export function that could have critical consequences from a security perspective. As the required permissions for this export are generally only granted to users/roles with higher positions in the hierarchy, this -subject is even more relevant from a security perspective: It is possible to export all passwords +subject is even more relevant from a security perspective: It's possible to export all passwords for which a user has the required permissions. Administrators could thus (intentionally or unintentionally) cause more damage per se. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index 47ac82e713..304146bf10 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -6,17 +6,17 @@ sidebar_position: 10 # HTML WebViewer export -## What is a HTML WebViewer export? +## HTML WebViewer export overview The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the [Filter](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md) -function. The passwords for which the user has the corresponding permissions are exported. They are +function. The passwords for which the user has the corresponding permissions are exported. They're displayed in a current browse that has **JavaScript activated**. ## Data security -- Naturally, the HTML WebViewer file is **encrypted** +- the HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords @@ -98,10 +98,9 @@ stick, external HDD, …). The **HTML file** can be opened in a standard browser name** are predefined. The user \*password is used for the login. :::warning -The login mask is blocked for a period of time if the password is incorrectly entered! +The login mask is blocked for a period of time if the password is incorrectly entered. ::: - 1. Database: Predefined 2. User: Predefined 3. Password: Entered by the user @@ -113,7 +112,9 @@ The login mask is blocked for a period of time if the password is incorrectly en After logging in to Netwrix Password Secure, the overview page for the \*HTML- WebViewer \* with the passwords is displayed. -NOTE: Use the password search function in the event of more than 20 passwords! +:::note +Use the password search function if there are more than 20 passwords. +::: 1. Displayoftherecords(max.20) 2. Detailedinformationontheselectedrecord @@ -125,10 +126,13 @@ NOTE: Use the password search function in the event of more than 20 passwords! #### Closing the HTML WebViewer overview -You can log out by clicking on **Logout**. In the event of a longer period of inactivity, the user +You can log out by clicking on **Logout**. If there is a longer period of inactivity, the user will be **automatically logged out after a set period of time has expired (time until logout).** -NOTE: You have been logged out due to inactivity. +:::note +You have been logged out due to inactivity. +::: The browser will then show the **Netwrix Password Secure– HTML WebViewer / Login** again and also -the reason for being logged out. It is possible to log in again. +the reason for being logged out. It's possible to log in again. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md index 9a1e3ce3a0..8158217c06 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Extras -## What are Extras? +## Extras overview -Netwrix Password Secure provides a diverse range of supporting features that do not directly provide -added value but mostly build on existing approaches and expand their functionalities. They are +Netwrix Password Secure provides a diverse range of supporting features that don't directly provide +added value but mostly build on existing approaches and expand their functionalities. They're work-saving features that in total simplify the process of working with Netwrix Password Secure. ![installation_with_parameters_77_517x414](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/installation_with_parameters_77_517x414.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/image_manager.md index f0bdca0ed2..7319cb1f73 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/image_manager.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Image management -## What is image management? +## Image management overview All logos and icons are managed in the image management. They can then be linked to the corresponding data records. The images are then displayed in the Basic view as well as in the list @@ -21,8 +21,9 @@ The following options are required: - Can upload new password images - Can manage password images -NOTE: It is important that the setting “Ask for Favicon-Download “ is only considered, if the right -“Can upload new password images “ has been activated! +:::note +It's important that the setting “Ask for Favicon-Download “ is only considered, if the right “Can upload new password images “ has been activated. +::: #### Managing Icons/Logos @@ -30,27 +31,29 @@ There are two ways to upload icons. 1. By creating or saving the dataset. -In order to import favicons directly when saving the data set, the following preconditions must be +To import favicons directly when saving the data set, the following preconditions must be met: - Setting “Ask Favicon-Download “ is activated. - A URL is stored in the data record. If these preconditions are met, the stored URL is checked for the favicon when saving the data -record. If a favicon is found, it will be imported into the database and displayed in the data +record. If a favicon is found, it'll be imported into the database and displayed in the data record in future. -NOTE: If there are several deposited, always use the first one. +:::note +If there are several deposited, always use the first one. +::: 2. Manual filing In the main menu in [Extras](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md) -you can find the image management. Here, you have the possibility to store icons and logos manually. +you can find the image management. Here, you have the possibility to store icons, and logos manually. ![Image management](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) -Click on the + symbol to open the mask for creating images. +Click the + symbol to open the mask for creating images. ![add image](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_108-en.webp) @@ -63,9 +66,11 @@ Click on the + symbol to open the mask for creating images. - **Applications**: URL stored in the application -> attached tags -> application name - ![icon_open_folder](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/image_management/icon_open_folder.webp) - This symbol can be used to upload locally saved icons and logos. + This symbol lets you upload locally saved icons and logos. -NOTE: Please note that the icons and logos are not stored locally, but in the database. +:::note +The icons and logos aren't stored locally, but in the database. +::: ## Conditions @@ -74,3 +79,4 @@ The following conditions must be met for icons/logos to be uploaded and saved ac - The maximum size of an image file is 100 MB. - Supported formats are png, jpg, bmp, ico, .svg - Several search values can be separated by a comma (“Netflix.de, Netflix.com”). + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_generator.md index 6a13a23a9b..eea7358996 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_generator.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Password generator -## What is the password generator? +## Password generator overview -The complexity of passwords is generally determined by their randomness. In order to be able to rely +The complexity of passwords is generally determined by their randomness. To be able to rely 100% on the fact that the passwords are randomly generated, an algorithm for generating passwords is indispensable. The password generator performs this function and is completely integrated into the software. @@ -24,7 +24,7 @@ The password generator can be opened in different ways: ![Password generator](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_83-en.webp) -- **When creating new records:** Once the password field has been selected in the reading pane, the +- **When creating new records:** After the password field has been selected in the reading pane, the password generator can then be directly opened in the “Form field” tab via the ribbon. Passwords generated here can be directly entered into the password field for the new record using the “Adopt” button. Alternatively: The password generator can also be accessed on the right in the @@ -33,7 +33,7 @@ The password generator can be opened in different ways: ## Functionality The Character section is used to define the character groups that should form part of the password. -This section can also be used to exclude (special) characters. Once the password length has been +This section can also be used to exclude (special) characters. After the password length has been defined, a preview of a password that corresponds to the configured criteria is displayed on the bottom edge of the password generator. The “shuffle function” can be activated via the icon on the right next to the password preview. This will generate a new password in accordance with the defined @@ -41,8 +41,8 @@ criteria. #### Phonetic passwords -This type of password can be recognised by the fact that it is relatively easy to remember (they are -“readable”) but do not have any association to terms found in dictionaries. Only the number of +This type of password can be recognised by the fact that it's relatively easy to remember (they're +“readable”) but don't have any association to terms found in dictionaries. Only the number of syllables and the total length are defined in this case. Options that can be set are how the syllables are @@ -54,7 +54,7 @@ separated and whether to use LeetSpeak. Already defined[Password rules](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md) -can be utilised for the automatic generation of new passwords +supports the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md index aa0065fe10..eb2ad5b73c 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Password rules -## What are password rules? +## Password rules overview -It is generally recommended that passwords should consist of at least 12 different characters, be +It's generally recommended that passwords should consist of at least 12 different characters, be complex and be automatically created. Rules set guidelines that can be made binding for users – meaning that the use of passwords with a certain level of complexity is enforced. Existing rules can also be reused in other areas. @@ -26,7 +26,7 @@ The following option is required to manage password rules. ## Managing password rules If “Password rules” is selected under Main menu/Extras, the available password rules will appear in -a separate tab in the currently active module. +a separate tab in the active module. ![installation_with_parameters_98](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) @@ -41,14 +41,14 @@ on the right displays the configuration for this rule: to contain according to this rule. The required Password quality is an internal measure of security, which is calculated for this rule. This value always lies between 1 (very unsecure) and 100 (maximum security). -- **Categories:** A password can consist of a total of four categories. It is possible to define +- **Categories:** A password can consist of a total of four categories. It's possible to define which of these categories to use and also how many of them to use. -- **Forbidden characters**: It is also possible to exclude some special characters. These characters +- **Forbidden characters**: It's also possible to exclude some special characters. These characters need to be entered in the list without separators. - **Forbidden passwords:** Some passwords and the user name can also be added to the list of forbidden passwords - **Preview rules:** When new rules are created, an example password is generated that conforms to - the configured rules. This is only the case for passwords with a minimum length of 3 characters! + the configured rules. This is only the case for passwords with a minimum length of 3 characters. ## Using password rules @@ -60,12 +60,12 @@ Once password rules have been defined, they can be productively used in two diff When a password field is defined in a form, one of the defined password rules can be set as the default. This means that the default will always be used when a new password is created. In this -way, it is possible to ensure that the required level of complexity is maintained for certain +way, it's possible to ensure that the required level of complexity is maintained for certain passwords. ![installation_with_parameters_99](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_99.webp) -If one of these password rules is defined for a form, it is only possible to define a new random +If one of these password rules is defined for a form, it's only possible to define a new random value for the password if a new password is created. The icon on the right hand side of the password field is used for this purpose. @@ -73,13 +73,16 @@ field is used for this purpose. ## Defining standard rules for user passwords -If Master Key mode is not being used, users can change their passwords in Netwrix Password Secure. +If Master Key mode isn't being used, users can change their passwords in Netwrix Password Secure. The administrator can define the password strength required for these passwords by using standard password rules. ## Visibility -The password rules themselves are not subject to any permissions. All defined rules are therefore +The password rules themselves aren't subject to any permissions. All defined rules are therefore available to all users. The rules are managed from the Main menu. -NOTE: Users can only manage the rules if they have the appropriate user right +:::note +Users can only manage the rules if they have the appropriate user right +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/reports.md index 905d78de79..93dbe4cf66 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/reports.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/reports.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Reports -## What are reports? +## Reports overview Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix Password Secure. Similar to selectively configurable @@ -19,7 +19,9 @@ time – the trigger is thus the creation of a report. This process can also be ![reports](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) -NOTE: Reports only ever contain information for which the user has the required permissions. +:::note +Reports only ever contain information for which the user has the required permissions. +::: A separate tab for managing existing reports and creating new reports can be opened in the current module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the @@ -30,28 +32,29 @@ contents are always the same. The filter on the left has no relevance in relation to reports. Although reports can also be “tagged” in theory, filtering has no effect on the reports. In [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md), -there are currently three configured report requests shown. +there are three configured report requests shown. #### Creating a report request -New report requests can be created in list view via the ribbon or also the context menu that is +New report requests can be created in list view via the ribbon or also the context menu that's accessed using the right mouse button. The form for creating a new report request again opens in a separate tab. Alongside a diverse range of variables, the report type can be defined using a -drop-down list. There are currently dozens of report types available. +dropdown list. There are dozens of report types available. ![installation_with_parameters_80](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) -The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a -selection of tags. Once saved, the report will now be shown in the list of report requests. +The filter lets you define the scope of the report e.g. to focus on a certain OU or simply a +selection of tags. Once saved, the report is shown in the list of report requests. ###### Manually create reports -You can now create a manual report via the ribbon. This will open in a separate tab and can be +You can now create a manual report via the ribbon. This opens in a separate tab and can be displayed in the default web browser if desired. ![installation_with_parameters_81](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_81.webp) **Automated sending of reports via system tasks** -In general, reports are not manually created but are automatically sent to defined recipients. This +In general, reports aren't manually created but are automatically sent to defined recipients. This is apossible via system tasks, which can run processes of this nature at set times. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md index 36f94bdea8..88d58a18d4 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -6,11 +6,11 @@ sidebar_position: 50 # Seal templates -## What are the seal templates? +## Seal templates overview The configuration of [Seals](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) -must be well-thought-out and error-free. It is absolutely essential to save the once-invested effort +must be well-thought-out and error-free. It's absolutely essential to save the once-invested effort in the form of seal templates. The automation of ever-recurring tasks will, in this context, extremely speed up the timing of the work. Once defined, templates can be attached to data records in a few simple steps. The adaptation of already created stencils is presented in the seal templates @@ -18,7 +18,9 @@ as clear and very fast. ![Seal templates](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_101-en.webp) -NOTE: A separate tab opens in the active module in order to edit the default templates +:::note +A separate tab opens in the active module to edit the default templates +::: ## Creating templates @@ -26,12 +28,12 @@ NOTE: A separate tab opens in the active module in order to edit the default tem The right Can manage seal templates is required ::: - When creating seals, the seal can be saved as a template using the wizard. All templates saved in -this way are listed in the overview of the seal templates. Furthermore, it is possible to edit +this way are listed in the overview of the seal templates. Furthermore, it's possible to edit existing templates directly or create new ones via the button in the ribbon. This is done in the same way as the seal assistant. ![installation_with_parameters_102](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_102.webp) Once templates have been added, they can be immediately used for the creation of new seals. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index daed9a0035..15c77e38cf 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -6,11 +6,11 @@ sidebar_position: 10 # EmergencyWebViewer -## What is an Emergency WebViewer export? +## Emergency WebViewer export overview -Safeguarding data is essential and this should be carried out using +Safeguarding data is essential and this should be performed using [Backup management](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due +However, a backup isn't sufficient in some cases e.g. if a backup can't be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -22,7 +22,7 @@ the core system of the backup mechanism. The **Emergency WebViewer Export** is created in Netwrix Password Secure as a **[System tasks](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** -and this task can be used to guarantee a regular backup of the records (passwords) by entering an +and this task lets you guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The associated key is only created once at the @@ -31,13 +31,12 @@ using this **key**. :::warning The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto -a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! +a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location. ::: - ## Data security -**• Naturally, the HTML WebViewer file is encrypted** +**• the HTML WebViewer file is encrypted** • The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md) @@ -45,10 +44,9 @@ a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! • The file can only be encrypted using the **PrivateKey.prvkey** file :::warning -The export right for the passwords is not required for the Emergency WebViewer Export! +The export right for the passwords isn't required for the Emergency WebViewer Export. ::: - ## Required rights The user requires the following right to create a **Emergency WebViewer Export system task:** @@ -62,9 +60,9 @@ The **Emergency WebViewer Export** creates two associated files. 1. The file **Emergency WebViewer.html** is created on the computer executing the task 2. The associated key **PrivateKey.prvkey** is created on the client. -## Calling up the Emergency WebViewer Export +## Opening the Emergency WebViewer Export -The Emergency WebViewer Export is set up as a **system task**. It can be called up in the main menu +The Emergency WebViewer Export is set up as a **system task**. It can be opened in the main menu under **Extras -> System Tasks**. ![installation_with_parameters_90_831x487](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_90_831x487.webp) @@ -76,7 +74,7 @@ Clicking on New opens a new window and the **Emergency WebViewer Export** can be ![installation_with_parameters_91_578x390](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_91_578x390.webp) -It is not possible to use the **Emergency WebViewer Export** with an **Active Directory user.** +It isn't possible to use the **Emergency WebViewer Export** with an **Active Directory user.** ![installation_with_parameters_92_467x103](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_92_467x103.webp) @@ -98,13 +96,12 @@ in accordance with the requirements. :::warning The private key for the Emergency WebViewer must be saved before the system task can be -saved! +saved. ::: - ## Displaying the Emergency WebViewer Export tasks -Once the configuration has been completed, the **system task** is displayed in the current module in +After the configuration has been completed, the **system task** is displayed in the current module in the **System Tasks** tab. The user has the option of checking the data here @@ -113,7 +110,7 @@ the ## Using the Emergency WebViewer.html file -After the **system task** has been successfully executed, **two files** will have been created for +After the **system task** has been successfully executed, **two files** are created for the password backup. 1. Emergency WebViewer.html @@ -123,20 +120,19 @@ the password backup. The file Emergency WebViewer.html is saved on the server executing the task. The ::: - :::warning key PrivateKey.prvkey needs to be securely saved by the user!\* ::: - The **Emergency WebViewer Export** is used in the same way as the **WebViewer export**. The **passwords** are displayed in a current browser. The passwords are accessed in the **Emergency WebViewer Export** with the **user password** and the **key** saved for the user. The search function is used to select the **key (PrivateKey.prvkey)** and also to check its **validity**. If -all data has been correctly entered, it is then possible to log in. +all data has been correctly entered, it's then possible to log in. -NOTE: The current user needs to log in using their password. If an incorrect password is entered, -access is temporarily blocked. +:::note +The current user needs to log in using their password. If an incorrect password is entered, access is temporarily blocked. +::: **Login data** @@ -161,7 +157,7 @@ The following data is displayed in the overview: Overview data: -1. Display of the currently available records +1. Display of the available records 2. Detailed information on the selected record 3. Search, logout, timeout until logout 4. Copy password to clipboard @@ -175,7 +171,10 @@ closed by clicking on **Logout**. If the user is **inactive** for **60 seconds**, he is automatically **logged out** and the **login** is displayed with additional information. -NOTE: You have been logged out due to inactivity +:::note +You have been logged out due to inactivity +::: The user can log in again using the **password** and **key** as described above. After successfully logging in, the **Emergency WebViewer Export overview** is displayed again. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md index f9c20d3c80..8cf4c69400 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -6,10 +6,10 @@ sidebar_position: 40 # System tasks -## What are system tasks? +## System tasks overview Netwrix Password Secure supports administrators and users by automating repetitive tasks. These are -represented as system tasks. Predefined tasks can thus be carried out at freely defined intervals. +represented as system tasks. Predefined tasks can thus be performed at freely defined intervals. ![System Tasks](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_85-en.webp) @@ -25,36 +25,35 @@ The following options are required for managing system tasks. - Can manage Emergency WebViewer export system tasks - Can manage WebViewer export system tasks -## What can be automated? +## Automation capabilities -There are currently four different work processes that can be automated using system tasks: +There are four different work processes that can be automated using system tasks: - **HTML WebViewer export:** Exports a freely definable selection of records in an AES-256 encrypted HTML file. The file is saved in the form of notifications. -- **Reports:** Automatically creates a report that is issued in the notifications. This requires a +- **Reports:** Automatically creates a report that's issued in the notifications. This requires a report request to be created in advance. - **Network service scan:** Searches for service accounts on the network at defined cycles - **Active Directory synchronization:** The comparison with Active Directory can also be automated - via system tasks. This requires an active directory profile to be created in advance. It is - important to note that only the Master Key profile can be automatically compared. + via system tasks. This requires an active directory profile to be created in advance. Only the Master Key profile can be automatically compared. ## Creating system tasks -System tasks can be initiated as usual via the ribbon or also the context menu that is accessed +System tasks can be initiated as usual via the ribbon or also the context menu that's accessed using the right mouse button. The desired process to be automated using system tasks is then selected from the four above-mentioned work processes. ![installation_with_parameters_86](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_86.webp) -Naturally, the four work processes also share some similarities in their configuration. +The four work processes also share some similarities in their configuration. - **Status:** The system task is normally activated and then starts immediately after it has been - saved according to the defined intervals. If the system task is deactivated here, it is still - saved but is not yet activated. + saved according to the defined intervals. If the system task is deactivated here, it's still + saved but isn't yet activated. - **Next run:** This setting describes when the system task will be performed or when it was already performed for the first time (if this task was already created and is now being edited) - **Interval:** The interval at which the system task should be executed is defined here. All - increments between every minute and once only are possible. It is also possible to enter an end + increments between every minute and once only are possible. It's also possible to enter an end date. The differences between the four work processes to be automated are described below. These @@ -86,13 +85,15 @@ shows an HTML WebViewer export to be configured. **Emergency WebViewer export** - The Emergency WebViewer export creates an encrypted HTML file that contains all passwords. In an - emergency, the data required to get the system up and running again can be accessed in this file. + emergency, the data required to get the system up, and running again can be accessed in this file. -NOTE: Tags could be defined for individual tasks – yet they have no relevance and can also not be -used as filter criteria in the system tasks. +:::note +Tags could be defined for individual tasks – yet they have no relevance and can also not be used as filter criteria in the system tasks. +::: **Status** -A corresponding note will be displayed to indicate if a task is currently being executed. +A corresponding note will be displayed to indicate if a task is being executed. ![installation_with_parameters_88](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_88.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/tag_manager.md index 15902e85ad..cb9674ade6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/tag_manager.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -6,9 +6,9 @@ sidebar_position: 60 # Tag manager -## What is the tag manager? +## Tag manager overview -All existing tags can be viewed, edited and deleted directly in the tag manager. This can be +All existing tags can be viewed, edited, and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the group [Extras](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/extras.md). @@ -19,7 +19,7 @@ group The tag manager itself is a clearly structured tool with which you can view and edit all relevant information. The colours can also be assigned here. The “Number used” column indicates how often an -object has been tagged with the tag. In this way, you can keep track of and remove tags that are no +object has been tagged with the tag. In this way, you can keep track of, and remove tags that are no longer needed. ![All tags](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_105-en.webp) @@ -33,6 +33,6 @@ User right - Manage tags :::warning -It is only possible to delete tags if there are no more data associated with them +It's only possible to delete tags if there are no more data associated with them ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/general_settings.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/general_settings.md index ba06addb59..2ce8f2bae6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/general_settings.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/general_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # General settings -## What are general settings? +## General settings overview The **general settings** relate to users. Thus, each user can customize the software to their own needs. The following options can be configured: @@ -24,13 +24,13 @@ restarted. **Starting the application minimised in the notification area** -You can start the client minimized if you wish to run Netwrix Password Secure in the background. You -will be able to access it through the notification area. +You can start the client minimized to run Netwrix Password Secure in the background. You +can then access it through the notification area. **Minimise the application on closing** -If this option has been activated, the Netwrix Password Secure client will not end when the window -is closed but will merely be minimised. It will continue to run in the background. It is then only +If this option has been activated, the Netwrix Password Secure client doesn't end when the window +is closed but is minimised instead. It continues to run in the background. It's then only possible to properly end Netwrix Password Secure via the main menu. **Starting with Windows** diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/import.md index 3d6cb1e053..ec9158f581 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/import.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/import.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Import -## What is an import? +## Import overview If another password management tool was used before Netwrix Password Secure, these data can be imported into Netwrix Password Secure. The formats .csv and especially Keepass (.xml) are supported. @@ -29,7 +29,7 @@ The wizard supports the import of data into Netwrix Password Secure in four step ![installation_with_parameters_59](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/import/installation_with_parameters_59.webp) -The first step is to define the file that is to be used for the import. It is only possible to +The first step is to define the file that's to be used for the import. It's only possible to proceed to the second step when the defined type corresponds to the stated file to be imported. The second step is the settings. @@ -40,25 +40,25 @@ second step is the settings. 1. The settings are used to firstly define the level in the hierarchy for saving the imported structure. As can be seen in the example, the import will take place in the main organisational unit. One of the existing organisational units can also be defined as a parent instance via the - drop-down menu. + dropdown menu. 2. The slider defines whether the imported structures should be imported as an organisational unit or as a tag. If the slider is fully moved to the left, only tags are created. If it s moved to the right, all objects are imported as an organisational structure. In addition, every object can - be configured separately via the context menu that is accessed using the right mouse button. It + be configured separately via the context menu that's accessed using the right mouse button. It is also possible to ignore folders. -NOTE: No folders exist in Netwrix Password Secure. For this reason, it is necessary to define -whether a folder is saved as an organisational structure or as a tag during the import. The same -process is also used for the migration. +:::note +No folders exist in Netwrix Password Secure. For this reason, it's necessary to define whether a folder is saved as an organisational structure or as a tag during the import. The same process is also used for the migration. +::: **Assignment of the form fields** ![installation_with_parameters_61](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/import/installation_with_parameters_61.webp) The third step is to assign the forms from the file to be imported to already existing forms. As -form fields may also have different names, the assignment process must be carried out manually via +form fields may also have different names, the assignment process must be performed manually via drag & drop. Depending on which form was selected on the top line, form fields from the list on the -right can now be assigned to the form fields to be imported via drag & drop. It is also possible to +right can now be assigned to the form fields to be imported via drag & drop. It's also possible to create new forms. **Finish** @@ -67,3 +67,4 @@ create new forms. In the final step, the configured settings are summarised as a list of the objects to be imported. The button “Finish” closes the wizard and starts the import. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/main_menu_fc.md index 7a9440e0d7..45bd22a78e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/main_menu_fc.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Main menu -## What is the Main menu/Backstage? +## Main menu and Backstage overview -All settings that are not linked to a particular module are defined in the Backstage (main menu). +All settings that aren't linked to a particular module are defined in the Backstage (main menu). This makes it easy to access the settings at any time and in any module. ![Main menu](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md index aaac26c562..652275979e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -107,10 +107,12 @@ column. The rights are grouped according to categories to provide a better overv | Can manage Emergency WebViewer export system tasks | | | Can manage WebViewer export system tasks | | -NOTE: There is a version selection box in the user rights. The options that were newly added in the -selected version are correspondingly marked in the list. +:::note +There is a version selection box in the user rights. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) This makes it easier for administrators to correctly configure new options before they release the update for all employees. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md index 3ba6dd010b..092a1aad36 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -6,12 +6,12 @@ sidebar_position: 50 # User rights -## What are user rights? +## User rights overview In the user rights, access to functionalities is configured. Amongst tother things, this category includes both the visibility of individual [Client Module](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md), -as well as the use of the import, export or management of rights templates functions. A complete +as well as the use of the import, export, or management of rights templates functions. A complete listing is directly visible in the user rights. ## Administration of user rights @@ -21,7 +21,7 @@ thus require a disproportionate amount of care and maintenance. In the same way [Authorization and protection mechanisms](/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some -functionalities, on the other hand, should be available to all users. In order to do this, Netwrix +functionalities, on the other hand, should be available to all users. To do this, Netwrix Password Secure offers a three-step concept. ![installation_with_parameters_111](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_111.webp) @@ -39,23 +39,23 @@ one of the following three ways: it in the client settings. How a user receives a user right is irrelevant. The only important thing is that the user actually -receives a required right in one of the three ways mentioned above. It is recommended that you link +receives a required right in one of the three ways listed. It's recommended that you link user rights to roles and, if necessary, supplement them with global user rights. :::warning In addition to personal and global user rights (as opposed to settings), user rights -are assigned via roles and not via organisational units! +are assigned via roles and not via organisational units. ::: - -NOTE: Only those user rights that the current user possesses themselves can be issued. However, all -rights can be removed. +:::note +Only those user rights that the current user possesses themselves can be issued. However, all rights can be removed. +::: ![installation_with_parameters_112](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) ## Configuring the security level -The **security level** is an essential element that is also specified in the user rights. This is +The **security level** is an essential element that's also specified in the user rights. This is the basis for the configuration of the [User settings](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md). @@ -74,7 +74,8 @@ the desired configuration. This process is based as usual on the List Special attention should be given to the right Is database administrator. This right has the following effects: -- The user can also issue rights that he does not possess himself. +- The user can also issue rights that he doesn't possess himself. - The user can only have their rights removed by other database administrators. - The user can unlock other users on the Server Manager. - The user can also remove other users from the rights if they have the owner right. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md index 34d3985be7..285a17e2bd 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -160,10 +160,12 @@ The settings are grouped according to categories to provide a better overview | Clear clipboard on minimising | | | Clipboard gallery | | -NOTE: There is a version selection box in the settings. The options that were newly added in the -selected version are correspondingly marked in the list. +:::note +There is a version selection box in the settings. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) This makes it easier for administrators to correctly configure new options before they release the update for all employees. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md index 0bccf62e6d..e3fdb4cb23 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -6,11 +6,11 @@ sidebar_position: 40 # User settings -## What are user settings? +## User settings overview There are many functions within Netwrix Password Secure that can be adapted to the needs of users. -It is also possible to define various parameters for optical representations. This can be inherited -both at \* user level \*, \* global \* and \* organisational units \*. In addition, there is a +It's also possible to define various parameters for optical representations. This can be inherited +both at \* user level \*, \* global \* and \* organisational units \*. In addition, there's a security level concept, which categorizes the users into five layers. The administration of settings can thus be linked to the presence of the required security level. @@ -18,8 +18,8 @@ can thus be linked to the presence of the required security level. You can configure user settings similarly to [User rights](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md). -Here too, there are a total of three possibilities with which a user can define his settings or be -configured from another location. For the sake of easy manageability, it is again a good idea to +Here too, there are a total of three possibilities with which a user can define his settings, or be +configured from another location. For the sake of easy manageability, it's again a good idea to configure the users not individually, but to provide several equal users with settings. ![installation_with_parameters_116](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_116.webp) @@ -36,10 +36,9 @@ one of the following three ways: :::warning In addition to personal and global settings (as opposed to authorizations), settings -are not assigned via roles, but via organisational units! +aren't assigned via roles, but via organisational units. ::: - ![installation_with_parameters_112](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) ### Inheritance of user settings @@ -58,7 +57,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th ![inherit permissions](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_117-en.webp) -The “Settings” button in the ribbon allows you to see the settings for both organisational units and +The “Settings” button in the ribbon lets you see the settings for both organisational units and users. The many setting options can be restricted by the known [Search](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md) mechanisms. @@ -70,12 +69,14 @@ The diagram shows the settings for the user “Jones”. The search has been fil by the organisational unit “IT”. The top two options have no value in the column. This is because this parameter has been defined at user level. -NOTE: The inheritance for individual settings can be deactivated in the ribbon! +:::note +The inheritance for individual settings can be deactivated in the ribbon. +::: ## Security levels Option groups were created in the global settings to ensure that users can control only those -settings for which they hold permissions. Categorising security levels from 1 to 5 allows you to +settings for which they hold permissions. Categorising security levels from 1 to 5 lets you combine similar options and thus make them available to the users. ![user settings](/images/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) @@ -84,3 +85,4 @@ The [User rights](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/userrights/user_rights.md) define who has the required permissions to change which security levels. As with all rights, this is achieved either through global inheritance, the role, or as a right granted directly to the user. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index 55c3f94d84..d5cb34055a 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -6,28 +6,30 @@ sidebar_position: 80 # Dashboard and widgets -## What are dashboards and widgets? +## Dashboards and widgets overview In case of large installations, the amount of information provided by Netwrix Password Secure may seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily -customizable info area, which visually prepares important events or facts +customizable info area, which visually prepares important events, or facts ![Dashboard](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_50-en.webp) Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md)s. A separate dashboard can be set for each individual module. **Widgets** correspond to the individual -modules of the dashboard. There are various widgets, which can be individually defined and can be -configured separately. In the above example, three widgets are enabled and provide information about +modules of the dashboard. There are various widgets, which can be individually defined, and can be +configured separately. In the above example, three widgets are enabled, and provide information about current notifications, password quality, and user activity. The **maximum number of possible widgets** is managed in the[User settings](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md). -NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > -**Show dashboard** in the ribbon. +:::note +You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. +::: -NOTE: The display of the dashboard is basically uncritical since the user can only see the data on -which he is also entitled. +:::note +The display of the dashboard is basically uncritical since the user can only see the data on which he is also entitled. +::: #### Relevant settings @@ -47,7 +49,7 @@ and editing widgets is only possible in this mode. ![Adding and removing widgets](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_51-en.webp) -Use the drop-down menu to select the widget to be added \* (1) . **Then add the widget to the +Use the dropdown menu to select the widget to be added \* (1) . **Then add the widget to the dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can be added can be configured in the user settings. In editing mode, any widget can be directly removed from the dashboard via the button on the upper right edge. The processing mode is ended by saving @@ -57,13 +59,12 @@ via the ribbon. ## Customizing widgets -In the editing mode, you can customize each widget separately. To do this, select the widget and -switch to the \* widget content tab \* in the ribbon. +In the editing mode, you can customize each widget separately. To do this, select the widget, and switch to the \* widget content tab \* in the ribbon. ![Customizing widgets](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_53-en.webp) Separate variables can be customized for each widget. This example shows how often users have had -passwords displayed. Naturally, the variables are distinct for each widget since other information +passwords displayed. the variables are distinct for each widget since other information could be relevant. **Widget event** @@ -78,7 +79,8 @@ filtered “live” and displayed in real-time. ## Arranging widgets -In the edit mode, the layout of the widgets is user-defined. Drag & drop allows you to place a +In the edit mode, the layout of the widgets is user-defined. Drag & drop lets you place a widget in the corresponding position on the dashboard (left, right, top, or bottom). ![Arranging widgets](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_55-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index 26b230d12b..39fdffeb51 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -41,18 +41,18 @@ for this example. The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md). -Here, it is possible e.g. to expand the currently configured filter criteria, save the filter, or -simply clear all currently applied filters. +Here, it's possible e.g. to expand the configured filter criteria, save the filter, or +clear all applied filters. ![installation_with_parameters_20](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_20.webp) #### Saving, editing, and deleting filters -In many cases, it is recommended to store defined filters. In this way, it is possible to make +In many cases, it's recommended to store defined filters. In this way, it's possible to make efficient use of filter results from previous searches. The button **“Save filter”** directly prompts you to assign a meaningful name to this filter. The filter is saved according to the -criteria currently configured in the filter. This filter is now listed in the selection menu and can -now be selected. Note that a selected filter selection is immediately applied to the filter but is +criteria configured in the filter. This filter is now listed in the selection menu and can +now be selected. A selected filter selection is immediately applied to the filter but is not automatically executed. The filter must be used for this purpose. Both the button in the ribbon, so also the counterpart in the filter, lead to the same result here. @@ -60,14 +60,14 @@ so also the counterpart in the filter, lead to the same result here. Deleting and overwriting existing filters is identical in the procedure. The filter, which has been marked in the selection field, is always deleted. If an existing filter is to be overwritten, the -name of the filter is retained and is overwritten with the filter criteria currently configured in +name of the filter is retained and is overwritten with the filter criteria configured in the filter. **—————————** #### **Advanced filter** -In the “Extended filter” category you can adjust the filter as desired, eg by adding or removing +In the “Extended filter” category you can adjust the filter as desired, eg by adding, or removing filter groups. Clicking on **”Edit filter”** activates the processing mode. You can terminate it with **”Finish editing”.** @@ -81,7 +81,7 @@ filter. In **Edit mode**, the filter view changes, in addition to the possible actions in the ribbon. Use the arrow buttons to adjust the order of the filter groups. The icons “Plus” and “Minus” can be used to create additional instances of existing filter groups or to remove existing ones. In the -following example, a content filter was added and all other filter groups removed. +following example, a content filter was added, and all other filter groups removed. ![Filter](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced-filter-settings-3-en_923x441.webp) @@ -90,7 +90,7 @@ display all records that contain both the word “password” and the phrase “ #### Negation of filters -It is often important to be able to negate the filter. +It's often important to be able to negate the filter. **Activation** @@ -98,7 +98,7 @@ In the “Extended filter” category you have the possibility to activate the n ![allow negation](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/allow-negation-en.webp) -It is thus possible to refine very precisely filter results even further. This becomes more and more +It's thus possible to refine very precisely filter results even further. This becomes more and more important when there are a large number of records in the database and the resulting amount of data is still unmanageable despite the fact that filters has been appropriately defined. @@ -107,10 +107,10 @@ is still unmanageable despite the fact that filters has been appropriately defin Negations are defined directly in the checkbox of an element within a filter group. Without negations, you can only search e.g. for a tag. Negations make the following queries possible: -”Deliver all records that have the tag “Development” but are not tagged with “Important”! +“Deliver all records that have the tag “Development” but aren't tagged with “Important”. :::warning -In order to effectively use negations, it is important that “and links” are always -enabled. Otherwise operations with negations cannot be modelled mathematically. +To effectively use negations, it's important that “and links” are always +enabled. Otherwise operations with negations can't be modelled mathematically. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/display_mode.md index 03a8b671a0..d32e3af009 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/display_mode.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -6,18 +6,18 @@ sidebar_position: 10 # Display mode -## What display modes exist? +## Available display modes In addition to the already described [Filter](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md), -it is possible to switch to structure view. This alternative view enables you to filter solely on +it's possible to switch to structure view. This alternative view lets you filter solely on the basis of the organisational structure. Although this type of filtering is also possible in -standard filter view, you are able to directly see the complete organisational structure in +standard filter view, you're able to directly see the complete organisational structure in structure view. -NOTE: As there are no longer any folders in Netwrix Password Secure version 8, the structure view -can not mirror all of the functionalities of the folder view in version 7. However, the structure -view has been modelled on the folder view to make the changeover from the previous version easier. +:::note +As there are no longer any folders in Netwrix Password Secure version 8, the structure view can't mirror all of the functionalities of the folder view in version 7. However, the structure view has been modelled on the folder view to make the changeover from the previous version easier. +::: ![installation_with_parameters_15](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_15.webp) @@ -32,10 +32,11 @@ associated with the display mode: ![installation_with_parameters_16](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) -- **Display mode:** It is possible to define whether the standard filter, structure filter or both +- **Display mode:** It's possible to define whether the standard filter, structure filter, or both are displayed. If the last option is selected, you can switch between both views. -- **Jump to filter on quick search:** If you are using structure view, it is possible to define +- **Jump to filter on quick search:** If you're using structure view, it's possible to define whether the system should automatically jump to the standard filter if you click the quick search (top right in the client) - **Display mode status when starting the program:** This setting defines which display mode is displayed as default when starting the program. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md index b89e0d90d0..b2543f14b8 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md @@ -6,13 +6,11 @@ sidebar_position: 20 # Filter -## What is a filter? +## Filter overview The freely configurable filters of the PSR client provide all methods for easy retrieval of stored -data. The filter criteria are always adapted according to the module in which you are currently -located. When you select one or several search criteria, and click on “Apply filter”, the results -will be displayed in the list view. If necessary, this process can be repeated as desired and -further restrictions can be added. +data. The filter criteria are always adapted according to the module in which you're located. When you select one or several search criteria, and click “Apply filter”, the results +will be displayed in the list view. If necessary, this process can be repeated as desired, and further restrictions can be added. ## Relevant rights @@ -24,10 +22,10 @@ The following option is required for editing filters: ![Filter](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_10-en.webp) -## Who is allowed to use the filter? +## Filter permissions The filter is an indispensable working tool because of the possibility to restrict existing results -according to individual requirements. Consequently, all users can use the filter. It is, of course, +according to individual requirements. Consequently, all users can use the filter. It's, of course, possible to place restrictions for filter criteria. This means that the filter criteria available to individual employees can be restricted by means of [Authorization and protection mechanisms](/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md). @@ -39,8 +37,8 @@ password if he has the read permission for that form. There are no permissions for [Tags](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the -frequency of use. This process is not critical to security, since tags do not grant any permissions. -They are merely a supportive measure for filtering. +frequency of use. This process isn't critical to security, since tags don't grant any permissions. +They're merely a supportive measure for filtering. ::: @@ -55,7 +53,7 @@ authorization. ![editing criteria](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_11-en.webp) -As you can see, 133 records are not really manageable. In most situations you will need to reduce +As you can see, 133 records aren't really manageable. In most situations you'll need to reduce the number of records by adding filters. **Adding filter criteria** @@ -64,7 +62,7 @@ The filter **organization** can be applied directly to the authorizations to res records according to the authorizations granted. In this case, the logged-on user holds rights for various areas. However, it would like to see only those records which are assigned to the **Own passwords** area within the organisational structure. In addition, there should be further -restrictions, which could be formulated as in the following sentence: “Deliver all records from my +restrictions, which could be formulated as in the following sentence: “Deliver all records from the own passwords that were created with the form **password** and which contain the expression **2016** and the tag **Administrator**. @@ -74,8 +72,8 @@ As can be seen, the filter delivers the desired results. The extent to which the match the three remaining data sets is assigned in colour. :::warning -When filtering with several criteria, such as forms, content and tags, all filter -criteria must be complied with. It is therefore a logical “AND operation”. Other possible methods +When filtering with several criteria, such as forms, content, and tags, all filter +criteria must be complied with. It's therefore a logical “AND operation”. Other possible methods for linking criteria are described in detail in the Advanced Filter Settings. ::: @@ -95,15 +93,15 @@ address:** ![Content filter](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_14-en.webp) -It is very easy to abstract, because of the present example, that the filter can be adapted to your -personal requirements. It is thus the most important tool to be able to retrieve data once stored in +It's very easy to abstract, because of the present example, that the filter can be adapted to your +personal requirements. It's thus the most important tool to be able to retrieve data once stored in the database. :::warning The effectiveness of the filter is closely linked to data integrity. Only when data is -kept clean, efficient operation with the filter is ensured. It is important that employees are +kept clean, efficient operation with the filter is ensured. It's important that employees are trained in the correct handling of the filter tool as well as when creating the records. Workshops -show the best success rate in this context. If you require further information, contact us under -mail to: sales@passwordsafe.de. +show the best success rate in this context. For further information, contact the sales team at +sales@passwordsafe.de. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md index d1cc970372..6a026f86b2 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md @@ -6,27 +6,26 @@ sidebar_position: 30 # List view -## What is the list view? +## List view overview The list view is located centrally in the Netwrix Password Secure client, and is a key element of -daily work. There are also list views in Windows operating systems. If you click on a folder in +daily work. There are also list views in Windows operating systems. If you click a folder in Windows Explorer, the contents of the folder are displayed in a list view. The same is true in Netwrix Password Secure version 8. -However, instead of folders, the content of the list view is defined by the currently applied +However, instead of folders, the content of the list view is defined by the applied filter. \* This always means that the list view is the result of a filtered filter \*. For the -currently marked record in list view, all existing form fields are output to the reading pane. With +marked record in list view, all existing form fields are output to the reading pane. With the two tabs “All” and “Favourites, the filter results can be further restricted. ![List view](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) -At the bottom of the list view, the number of loaded records and the time required for this are +At the bottom of the list view, the number of loaded records, and the time required for this are shown. -NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is -to prevent excessive database queries where the results are unmanageable. In this case, it makes -sense to further refine the filter criteria. By pressing the “All” button in the header of the list -view, you can still manually switch to the complete list. +:::note +For more than 100 list elements, only the first 100 records are displayed by default. This is to prevent excessive database queries where the results are unmanageable. In this case, it makes sense to further refine the filter criteria. By pressing the “All” button in the header of the list view, you can still manually switch to the complete list. +::: ## Searching in list view @@ -47,13 +46,13 @@ the detailed list view, similar to the procedure in Microsoft Outlook. All form ## Favourites -Regularly used records can be marked as favourites. This process is carried out directly in the +Regularly used records can be marked as favourites. This process is performed directly in the [Ribbon](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. ![Favourite](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) -You can filter for favourites directly in the list view. For this purpose, simply switch to the +You can filter for favourites directly in the list view. For this purpose, switch to the “Favourites” tab ![installation_with_parameters_30](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) @@ -67,15 +66,16 @@ used. Mouseover tooltips provide more precise details. ![installation_with_parameters_31](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) -NOTE: The information visible underneath the password name is taken from the info field for the -associated form and will be explained separately +:::note +The information visible underneath the password name is taken from the info field for the associated form and will be explained separately +::: ## Workingwith records All records that correspond to the filter criteria are now displayed in list view. These can now be opened, edited, or deleted via the ribbon. Many functions are also available directly from the context menu. You can do this by right-clicking the record. Multiple selection is also possible. To -do this, simply highlight the desired objects by holding down the Ctrl key. +do this, highlight the desired objects by holding down the Ctrl key. ![installation_with_parameters_32](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) @@ -87,7 +87,7 @@ separate tab, the list view is completely hidden ![editing dataset](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) -NOTE: Working with data records depends of course on the type of the data record. Whether passwords, -documents or organisational structures: The handling is partly very different. For more information, -please refer to the respective sections on the individual -[Client Module](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md) +:::note +Working with data records depends of course on the type of the data record. Whether passwords, documents, or organisational structures: The handling is partly very different. Refer to the respective sections on the individual [Client Module](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/client_module.md) +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/operation_and_setup.md index 1cf7f4c384..31bb92e8be 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/operation_and_setup.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -34,12 +34,12 @@ operating concept ensures efficient work and a minimum of training time. ## TABs Tabs offer yet another option within the to present related information in a separate area. This tab -navigation enables you to display, quickly access and switch between relevant information. The +navigation lets you display, quickly access, and switch between relevant information. The results for a filter with specific criteria can thus be retained without the original result being overwritten when a new filter is applied. In parallel, detailed information about records can also be found in -their own tabs. It is of course possible to adjust the order of the tabs via drag & drop according +their own tabs. It's of course possible to adjust the order of the tabs via drag & drop according to your individual requirements. ![Dashboard](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/installation_with_parameters_2-en.webp) @@ -69,7 +69,7 @@ information. ## Orientation -It is possible to change the alignment of the following objects: +It's possible to change the alignment of the following objects: - [Active Directory link](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - [Applications](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/applications.md) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/print.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/print.md index 5a218162fc..eac92228b4 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/print.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/print.md @@ -6,11 +6,11 @@ sidebar_position: 70 # Print -#### What can the print function do? +#### Print function overview -It is often necessary to print out data stored in Netwrix Password Secure for documentation +It's often necessary to print out data stored in Netwrix Password Secure for documentation purposes. The Print function is available in numerous areas of Netwrix Password Secure for this -purpose. It is possible to print out records such as e.g. passwords or also information about +purpose. It's possible to print out records such as e.g. passwords or also information about organisational units and much more. #### Relevantrights @@ -37,22 +37,22 @@ The print function is available in the following modules: #### Using the print function -The print function can be called up via the ribbon. +The print function can be opened via the ribbon. ![installation_with_parameters_44](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_44.webp) -Firstly, it is necessary to select whether you want to print a table or a detailed view. The amount +Firstly, it's necessary to select whether you want to print a table or a detailed view. The amount of data can also be defined. The individual menu items are described in detail further down in this section. After making your selection, the data is firstly prepared for printing. Depending on the amount of data, this may take a few minutes. The print preview is then opened. ![print password](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_45-en.webp) -NOTE: The print preview accesses the functions of the printer driver. Depending on the printer or -driver being used, the appearance and functions offered by the print preview may vary. The -individual functions will thus not be described in detail here. +:::note +The print preview accesses the functions of the printer driver. Depending on the printer or driver being used, the appearance, and functions offered by the print preview may vary. The individual functions will thus not be described in detail here. +::: -The printing process is ultimately started via the **print preview**. It is also possible to save +The printing process is ultimately started via the **print preview**. It's also possible to save the view or adjust the layout before printing. #### Selecting the data to be printed @@ -74,23 +74,25 @@ The data is printed here in table form. #### Tableview (current filter) -All currently **filtered** records will be printed out here. In this example, all seven records are +All **filtered** records will be printed out here. In this example, all seven records are thus printed out. ![filtered password](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_48-en.webp) -They are printed out – as described above – in table form. +They're printed out – as described above – in table form. #### Detailed view (current selection) -This option also prints out the currently selected records. However, a detailed view is printed out +This option also prints out the selected records. However, a detailed view is printed out in this case. ![print filtered passwords](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_49-en.webp) #### Detailed view (current filter) -This function can be used to print out all filtered records in detailed view as described above. +This function lets you print out all filtered records in detailed view as described above. + +:::note +The amount of data generated via this function can quickly become very large. +::: -NOTE: It should be noted that the amount of data generated via this function can quickly become very -large. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md index a36b844193..f2f989116a 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Reading pane -## What is the reading pane? +## Reading pane overview The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you @@ -35,20 +35,20 @@ as well as the are displayed. :::warning -It should be noted that the details area cannot be used for editing records! Although +The details area can't be used for editing records! Although it displays all of the data, editing is only possible if the record has been opened. ::: 2. Footer area -In the footer area of the reading pane, it is possible to display various information for the -currently selected record. The button can be activated via the button provided. It is hidden by +In the footer area of the reading pane, it's possible to display various information for the +selected record. The button can be activated via the button provided. It's hidden by default. ![Footer area](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_36-en.webp) -The logbook, linked documents, history, notifications and password resets can be accessed separately +The logbook, linked documents, history, notifications, and password resets can be accessed separately here via the tabs. The individual elements can be viewed with a double-click, as well as by using the quick view (space bar). Double clicking always opens a separate tab, the quick view merely opens a modal window diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md index 8d59f1f395..059b5d5606 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/ribbon.md @@ -6,22 +6,22 @@ sidebar_position: 10 # Ribbon -## What is the ribbon? +## Ribbon overview -The ribbon is the central control element of Netwrix Password Secure Version 8. It is available in +The ribbon is the central control element of Netwrix Password Secure Version 8. It's available in all modules. Netwrix Password Secure is almost always operated via the ribbon in the header area of the PSR client. ![Ribbon](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_5-en.webp) -The features available within the ribbon are dynamic, and are based on the currently available +The features available within the ribbon are dynamic, and are based on the available actions. Various actions can be performed, depending on which object is selected. The module selected also affects the features that are available in the ribbon. Of course, the most important actions can also be controlled via the context menu (right mouse button). ![Ribbon - Item](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/ribbon/ribbon-1-en.webp) -This mainly affects the very often used features such as opening, deleting or assigning tags. +This mainly affects the very often used features such as opening, deleting, or assigning tags. However, a complete listing of the possible actions is always only possible directly in the ribbon. This ensures that the context menu can be kept lean. @@ -52,5 +52,5 @@ corresponding content tab opens in the ribbon. ![Content tabs](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_9-en.webp) Depending on the selected form field, further actions are offered in the Content tab. In the -Password field, this is, for example, calling the password generator or the screen keyboard, or the +Password field, this is, for example, calling the password generator, or the screen keyboard, or the possibility to copy it to the clipboard. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md index 2e8d80323e..e8b9f2e2ab 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md @@ -6,28 +6,30 @@ sidebar_position: 60 # Search -## What is search? +## Search overview -With the help of the search, it is possible to find data stored in the database efficiently +With the help of the search, it's possible to find data stored in the database efficiently according to selected criteria. Basically, there are 2 search modes: 1. Quick search -In the upper right section of the ribbon, there is a search field, which scans the module that is -currently open. This is a full-text search that scans all fields and tags except the password field. +In the upper right section of the ribbon, there's a search field, which scans the module that's +open. This is a full-text search that scans all fields and tags except the password field. ![quick search](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) The fast search is closely linked to the [Filter](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also -separate search terms using spaces, for example, **Cook Daniel**. Note that this search creates two +separate search terms using spaces, for example, **Cook Daniel**. This search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. The sequence is irrelevant. If the ordering needs to be taken into -account, the search term must be enclosed in quotation marks: **“Cook Daniel”**. The search is not +account, the search term must be enclosed in quotation marks: **“Cook Daniel”**. The search isn't case sensitive. No distinction is made between upper and lower case. -NOTE: You can access quick search directly via \* Ctrl + Q\*! +:::note +You can access quick search directly via \* Ctrl + Q\*. +::: **Negations in the quick search** @@ -42,8 +44,8 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis With the list search in the header of the [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every -list. Scans only the currently filtered results. Password fields are not searched. The search is -live, so the result is further refined with every additional character that is entered. Automatic +list. Scans only the filtered results. Password fields aren't searched. The search is +live, so the result is further refined with every additional character that's entered. Automatic “highlighting” takes place in yellow colour. ![list search](/images/passwordsecure/9.1/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_43-en.webp) @@ -51,4 +53,7 @@ live, so the result is further refined with every additional character that is e A direct database query is performed when the filter is executed. The list search only searches within the query already made. -NOTE: The list search is hidden by default and can be activated with “Ctrl + F” +:::note +The list search is hidden by default and can be activated with “Ctrl + F” +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md index 5804df4d43..5d871f5b3d 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md @@ -6,15 +6,17 @@ sidebar_position: 50 # Tags -## What are tags? +## Tags overview -The tag system is ubiquitous in Netwrix Password Secure. It can be used to classify and describe +The tag system is ubiquitous in Netwrix Password Secure. It lets you classify and describe almost every object. An object can have several such tags. These are always displayed in the header area of the data record. Optionally, tags can be provided with colours or a description. They determine the aesthetics of Netwrix Password Secure, and are optically a great help, in order not to loose the overview even in case of large amounts of data. -NOTE: Tags have no permissions. Any user can use any tag! +:::note +Tags have no permissions. Any user can use any tag. +::: ## Relevant rights @@ -49,3 +51,4 @@ adapted directly. A separate section is available under Extras in the client for the tag manager. This is explained in a special section. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md index c839419be6..56db0e28ae 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -15,7 +15,7 @@ Netwrix Password Secure generally differentiates between multiple methods for se 3. Using predefined rights - In the manual setting of permissions, the desired permissions are directly configured for each - record. Automatic processes and inheritance are **not** used in this case. + record. Automatic processes and inheritance **aren't** used in this case. - Both the use of predefined rights and also the inheritance from organisational structures are based on the **automated reuse** of already granted permissions according to previously defined rules. @@ -25,6 +25,7 @@ permissions?** ![manual vs automated settings](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/automated_settings/automated-setting-of-permissions-1-en.webp) -NOTE: Inheritance from organisational structures is defined by default in the system. This can be -configured in the settings. The relevant setting is “Inherit permissions for new objects (without -permission template)”. +:::note +Inheritance from organisational structures is defined by default in the system. This can be configured in the settings. The relevant setting is “Inherit permissions for new objects (without permission template)”. +::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 5f01fcf98b..a47d95ce96 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -38,7 +38,7 @@ created records. The following values can be configured: -Off: Permissions from OUs are not inherited organisational unit: When creating new objects, +Off: Permissions from OUs aren't inherited organisational unit: When creating new objects, permissions are set in accordance with the defined rights for the target organisational unit. This setting is active by default. organisational unit and user: As well as inheriting permissions for organization units, the configured permissions for the user are now also inherited when creating @@ -59,12 +59,12 @@ Increase or reduce permissions: The permissions for the passwords are retained a increased or reduced by the change. Overwrite permissions: The permissions for the passwords are completely overwritten. This means that all permissions for a password are firstly removed and then the new permissions for the organisational unit are inherited. Cancel inheritance: The permissions -are not inherited but are only changed in the organisational unit. \*The permissions are only -inherited by existing passwords within the organisational unit. Therefore, the permissions are not +aren't inherited but are only changed in the organisational unit. \*The permissions are only +inherited by existing passwords within the organisational unit. Therefore, the permissions aren't inherited downwards throughout the entire structure. Example case This example shows the creation of a new record in the organisational structure -“marketing”. It is defined in the settings for the stated organisational structure that permissions +“marketing”. It's defined in the settings for the stated organisational structure that permissions should be inherited by new objects in accordance with the organisational structure. The permissions for the organisational unit “marketing” are shown below: @@ -75,7 +75,7 @@ A new password is now created in the organisational unit “marketing”. ![new password](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-5-en.webp) -It is important that no preset is defined for this organisational unit. The permissions for the +It's important that no preset is defined for this organisational unit. The permissions for the record just created are now shown. ![permissions example](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-6-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index ec23decb16..5f252b03b2 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -6,14 +6,13 @@ sidebar_position: 10 # Manual setting of permissions -## What is the manual setting of permissions for records? +## Manual permission settings for records In contrast to the [Automated setting of permissions](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), -the manual approach does not utilize any automatic processes. This method of setting permissions is -thus carried out separately for every record – this process is not as recommended for newly created -data. If you want to work effectively in the long term, the automatic setting of permissions should -be used. However, the manual setting of permissions is generally used when editing already existing +the manual approach doesn't use any automatic processes. This method of setting permissions is +thus performed separately for every record – this process isn't as recommended for newly created +data. To work effectively in the long term, use the automatic setting of permissions. However, the manual setting of permissions is generally used when editing already existing records. ## Adding additional users with permissions @@ -30,15 +29,15 @@ there are three different ways to access the permissions in the list view: ![different ways to access the permissions](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-1-en.webp) -NOTE: The icon on the right of the reading pane shows the information whether the record is personal -or public. In case of personal data records, the user that is logged on is the only one who has -permissions! +:::note +The icon on the right of the reading pane shows the information whether the record is personal or public. In case of personal data records, the user that's logged on is the only one who has permissions. +::: The author is created with all permissions for the record. As described in the [Permission concept and protective mechanisms](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now add roles and users. 'Right click - Add' inside the userlist or use the ribbon "User and roles" to add a user. The filter helps you to quickly find those users who should be granted -permissions for the record in just a few steps. +permissions for the record. ![add user and role](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-2-en.webp) @@ -53,9 +52,9 @@ Ctrl/Shift + left mouse button. ## Set and remove permissions -By default, all added users or roles receive only the “Read” permission on the record. The “Read” +By default, all added users, or roles receive only the “Read” permission on the record. The “Read” permission at the beginning is sufficient to view the fields of the data record and to use the -password. "Write" permission allows you to edit a data record. **The permission “Authorize” is +password. "Write" permission lets you edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for the [Seals](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). @@ -63,7 +62,7 @@ necessary to authorize other users to the record**. This is also a requirement f ## Transferring permissions -A simple right-click on a user can be used to copy and transfer permission configurations of users +A simple right-click a user lets you copy and transfer permission configurations of users or roles to others in the context menu. In this context, the use of permission templates is also very practical. In the “Template” area of ​​the ribbon, you can save configured permissions, including all users, and reuse them for other records. @@ -71,7 +70,7 @@ including all users, and reuse them for other records. ![preset menu](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-5-en.webp) The transfer of permissions and their reuse can be an important building block to create and -maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize +maintain entitlement integrity. This method can't rule out misconfigurations, but it'll minimize the risk significantly. Of course, the correct configuration of these templates is a prerequisite. ## The add permission @@ -84,7 +83,7 @@ Consequently, this permission can only be set in the ## The owner permission The "owner" permission can be set for a user. This permission is more of **a guarantee**. Once -assigned, there is no way to remove the user or role. This is only possible by the user or the role +assigned, there's no way to remove the user or role. This is only possible by the user or the role itself, as well as by users with the permission “Is database administrator”. ![owner permission](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-6-en.webp) @@ -93,7 +92,8 @@ The owner permission prevents other users who have the “Authorize” permissio with the owner permission from the record. :::warning -The owner permission does not protect a record from being deleted. Any user who has -deletion permission can delete the record! +The owner permission doesn't protect a record from being deleted. Any user who has +deletion permission can delete the record. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index cd8366d93b..cb95034ab3 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -6,10 +6,10 @@ sidebar_position: 20 # Multiple editing of permissions -## How to edit multiple permissions? +## Edit multiple permissions -As part of the manual modification of permissions, it is also possible to edit multiple records at -the same time. Various mechanisms can be used to select the records to be edited. You are able to +As part of the manual modification of permissions, it's also possible to edit multiple records at +the same time. Various mechanisms lets you select the records to be edited. You're able to select the records in [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md) or you can use the filter as part of the multiple editing function. Both scenarios are described @@ -28,7 +28,7 @@ existing permissions will **not be overwritten**. ## Selecting the records -In list view, Shift or Ctrl + mouse click can be used to select multiple records. Permissions can +In list view, Shift, or Ctrl + mouse click lets you select multiple records. Permissions can also be granted for these records via the selection. The marked records are displayed in a different color. 6 records are marked in the following image. @@ -36,18 +36,19 @@ color. 6 records are marked in the following image. ## Dialogue for configuring the permissions -A new tab will be opened in the ribbon above the "Permissions" button in which the permissions can -be configured. The tab will display the number of records that will be affected by the defined +A new tab opens in the ribbon above the "Permissions" button where the permissions can +be configured. The tab displays the number of records that are affected by the defined changes. ![rights for selected passwords](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-2-en.webp) -NOTE: As the already granted permissions for the selected records may differ, it is not possible to -display the permissions here. +:::note +As the already granted permissions for the selected records may differ, it isn't possible to display the permissions here. +::: ## Adding permissions -To add a permission, a user or role is selected first in the ribbon under **Search and add** or +To add a permission, a user, or role is selected first in the ribbon under **Search and add** or **Search**. The permissions are then selected as usual in the ribbon. The :material-plus-circle-outline: symbol indicates that permissions will be added. In the following example, Mr. Steiner receives read permission to all selected records. In contrast, Mr. Brewery @@ -55,12 +56,13 @@ receives all permissions. ## Reducing permissions / removing users and roles from the permissions -If you want to remove permissions, it is also necessary to add the user or the desired role to be -edited. Clicking on **Reduce permissions** now means that permissions will be removed. This is -indicated by the :material-minus-circle-outline: symbol. The selected permissions will be removed. +To remove permissions, add the user or the desired role to be +edited first. Clicking on **Reduce permissions** now means that permissions are removed. This is +indicated by the :material-minus-circle-outline: symbol. The selected permissions are removed. -NOTE: If the **read** permission is to be removed for a user or role, the user will be completely -removed from the permissions. +:::note +If the **read** permission is removed for a user or role, the user is completely removed from the permissions. +::: ## Examples @@ -69,39 +71,37 @@ contrast, Mr. Brewery receives all permissions: ![rights for selected passwords](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-3-en.webp) -The read permission will be removed for Mr. Steiner. As removing the read permissions means that no +The read permission is removed for Mr. Steiner. As removing the read permissions means that no other permissions exist for the record, Mr. Steiner is completely removed from the permissions. The -authorize, move, export and print permissions are being removed from Mr. Brewery. Assuming that he -previously had all permissions, he will then have read, write and delete permissions remaining: +authorize, move, export, and print permissions are being removed from Mr. Brewery. Assuming that he +previously had all permissions, he then has read, write, and delete permissions remaining: ![edit rights for selected passwords](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-4-en.webp) ## Batch processing using a filter -In some cases it is necessary to edit the permissions for a very large number of records. On the one -hand, a maximum limit of 1000 records exists and on the other hand, handling a very large number of -records via list view is not always the best solution. The **Batch processing using a filter** mode +In some cases it's necessary to edit the permissions for a very large number of records. On the one +hand, a maximum limit of 1000 records exists, and on the other hand, handling a very large number of +records via list view isn't always the best solution. The **Batch processing using a filter** mode has been developed for this purpose. This is directly initiated via the ribbon. ![Batch processing using a filter](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-5-en.webp) -In the subsequent dialogue, you define whether you want to expand, reduce or completely overwrite +In the subsequent dialogue, you define whether you want to expand, reduce, or completely overwrite existing permissions. If you select **expand or reduce** at this stage, the same logic as for **editing via list view** is used. No permissions will thus be overwritten. -In the option **overwrite permissions**, the existing permissions are removed and then replaced by +In the option **overwrite permissions**, the existing permissions are removed, and then replaced by the newly defined permissions. :::warning -It is important to proceed with great caution when overwriting permissions because this +It's important to proceed with great caution when overwriting permissions because this function can quickly lead to a large number of records becoming unusable. ::: - ![permissions adapted on a filter](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-6-en.webp) -The filter itself defines the selection criteria for the records to be edited. The currently -configured filter will be used as default. The records that will be affected by the changes are also +The filter itself defines the selection criteria for the records to be edited. The configured filter will be used as default. The records that will be affected by the changes are also not displayed in this view. Only the number of records is displayed. In the following example, 9 passwords are being edited to add the read permission the role "Sales". @@ -109,23 +109,23 @@ passwords are being edited to add the read permission the role "Sales". ## Seals and password masking -Sealed or masked records cannot be edited using batch processing. If these types of passwords are -selected, a dialogue will be displayed when carrying out batch processing to inquire how these +Sealed or masked records can't be edited using batch processing. If these types of passwords are +selected, a dialogue is displayed when carrying out batch processing to inquire how these records should be handled. ![security warning because of sealed or masked passwords](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-8-en.webp) -It is possible to select whether the affected records are skipped or whether the seal or password +It's possible to select whether the affected records are skipped or whether the seal or password masking should be removed. If the **remove** option is selected, the process needs to be confirmed again by entering a PIN. ![security warning](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-9-en.webp) :::warning -The removal of seals and password masking cannot be reversed! +The removal of seals and password masking can't be reversed. ::: +:::note +Depending on the number of records, editing records may take a long time. This process is performed in the background for this reason. A hint will indicate that the permissions process has been completed. +::: -NOTE: Depending on the number of records, editing records may take a long time. This process is -carried out in the background for this reason. A hint will indicate that the permissions process has -been completed. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md index 729afea769..0e744c66d6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -12,8 +12,9 @@ Once they have been configured, permissions can be constantly reused. The functi permissions as a template** in the ribbon is used for this purpose. The templates are globally available and can also be used for other records. -NOTE: When saving templates, always select a name that will also allow it to be safely -differentiated from other templates if you have a large number of right templates. +:::note +When saving templates, always select a name that will also allow it to be safely differentiated from other templates if you have a large number of right templates. +::: Nevertheless, the use of right templates merely reduces the amount of work and still envisages the manual setting of permissions. Automatic process for the issuing of permissions also exist in @@ -21,3 +22,4 @@ Netwrix Password Secure and will be covered in the section [Predefining rights](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) and also under "[Inheritance from organisational structures](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md)". + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index 946d59b86d..c35433908e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -6,13 +6,12 @@ sidebar_position: 40 # Permission concept and protective mechanisms -## What is the permission concept? +## Permission concept overview -With Netwrix Password Secure version 8 we provide the right solution to all conceivable demands +Netwrix Password Secure version 8 provides the right solution to all conceivable demands placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md) -are a great way to efficiently manage multiple users without losing the overview. We've created -multiple methods to manually or automatically manage your permissions. More information can be seen +are a great way to efficiently manage multiple users without losing the overview. Multiple methods exist to manually or automatically manage your permissions. More information can be seen in the chapter [Multiple editing of permissions](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) @@ -24,11 +23,13 @@ diagram. ![Authorisation concept](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/permission_concept_1-en.webp) -NOTE: Applying some form of permissions is **obligatory**. Applying a protective mechanism is -**optional**. +:::note +Applying some form of permissions is **obligatory**. Applying a protective mechanism is **optional**. +::: -NOTE: The configuration of visibility is a technical part of the permissions process. However, this -mechanism has a “protective character” and is thus listed under protective mechanisms. +:::note +The configuration of visibility is a technical part of the permissions process. However, this mechanism has a “protective character” and is thus listed under protective mechanisms. +::: ## Basic mechanics of the permission concept @@ -53,22 +54,18 @@ is, of course, a good idea to manage these roles in accordance with your company role “Administrators” can therefore be provided with more extensive authorizations than, for example, the role “Sales Assistance”. This role-based inheritance allows the organization to maintain the overview in a larger corporate structure as well as a simple procedure when adding new -employees. Instead of having to entitle him individually, this is simply added to his role. +employees. Instead of having to entitle him individually, the new employee is added to his role. ![Permission only for users or roles](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/permission_concept_2-en.webp) -It is obvious to proceed with the organization of accesses using the concept of roles as a basis and +It's obvious to proceed with the organization of accesses using the concept of roles as a basis and only to grant rights individually to employees in exceptional cases. The unplanned absence of personnel must also be taken into account in such concepts. Working with roles defuses such risks significantly. -NOTE: - - -``` -Permissions are always granted to only one user or role! - -``` +:::note +Permissions are always granted to only one user or role. +::: ### 2. Membership in roles @@ -78,13 +75,9 @@ been authorized for the role. ![Membership in roles](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/permission_concept_3-en.webp) -NOTE: - - -``` -A small technical digression into the nature of the encryption can be very helpful with the basic understanding. Each role has a key pair. The first key is used to encrypt data. Access to this information is only possible with the second key. The membership in a role is equivalent to this second key. - -``` +:::note +Each role has a key pair. The first key encrypts data. Access to this information is only possible with the second key. Membership in a role is equivalent to this second key. +::: ### 3. Membership vs. permissions for roles @@ -97,28 +90,24 @@ illustrates this with an example of two users. - **User 1** is a member of the role, and is therefore authorized for all records that are assigned to the role. However, it has only “read rights” for the role itself. This means, it can see the - role, but cannot “Edit, move, or delete” it. + role, but can't “Edit, move, or delete” it. - **User 2** has all rights for the role. It can add additional users to the role by means of - “authorize”. The crucial point, however, is that it is not a member of the role. It cannot, + “authorize”. The crucial point, however, is that it isn't a member of the role. It can't, therefore, see any records for which the role is authorized. -In practice, the first user would be a classic user that is assigned, for example, to the Sales role +In practice, the first user would be a classic user that's assigned, for example, to the Sales role by the administrators, and can view the records accordingly. The second user could be one of those administrators. This user has extensive rights for the role. It can edit it, and add users to it. -However, it cannot see any data that is assigned to sales. It lacks membership in the role. - -NOTE: - +However, it can't see any data that's assigned to sales. It lacks membership in the role. -``` -As a member of a role, it must have at least the “read” right for the role! - -``` +:::note +As a member of a role, it must have at least the “read” right for the role. +::: ## Specific example and configuration Similar to the previous section on permission concept and protective mechanisms for roles, the -configuration of a role will be illustrated using two users. The configuration is performed in the +configuration of a role is illustrated using two users. The configuration is performed in the [Roles](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/roles.md). By double-clicking on the role “IT-Consultants” in the [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md), @@ -128,15 +117,16 @@ you can open their detailed view. - The user “Holste” is a member of the role and can, therefore, access those records for which the role has permissions. He has the obligatory read right for the role, which is the basic - requirement in order to be a member of the role. Which exact rights it has to the data record is + requirement to be a member of the role. Which exact rights it has to the data record is not defined within the role! This is set out in the following section. -- The user “Administrator” has all rights to the role, but is not a member! Thus, it cannot see any - records that are authorized for the role. However, it has all rights to the role and can therefore +- The user “Administrator” has all rights to the role, but isn't a member! Thus, it can't see any + records that are authorized for the role. However, it has all rights to the role, and can therefore print, assign other users to the role, and delete them. ![explanation of the authorization through a role](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/permission_concept_6-en.webp) This example clearly shows the advantages of the concept. The complete separation of administrative -users from regular users brings significant advantages. Of course, one does not necessarily exclude -the other. An administrator can, of course, have full access to the role and also be a member in it! +users from regular users brings significant advantages. Of course, one doesn't necessarily exclude +the other. An administrator can, of course, have full access to the role, and also be a member in it. The boundaries between the two often overlap, and can be freely defined in Netwrix Password Secure. + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index 6c7acbead4..aeb9a22286 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -6,16 +6,16 @@ sidebar_position: 30 # Predefining rights -## What are predefined rights? +## Predefined rights overview [Permissions for organisational structures](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) -can be carried out separately for every record. Although this method enables you to very closely -control every intended permission structure, it is not really efficient. On the one hand, there is -too much configuration work involved, while on the other hand, there is a danger that people who -should also receive permissions to access data are forgotten. In addition, many users should not +can be performed separately for every record. Although this method lets you very closely +control every intended permission structure, it isn't really efficient. On the one hand, there's +too much configuration work involved, while on the other hand, there's a danger that people who +should also receive permissions to access data are forgotten. In addition, many users shouldn't even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration -of predefined rights, please also refer to the sections +of predefined rights, also refer to the sections [Working with predefined rights](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their [Scope of validity for predefined rights](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). @@ -39,12 +39,12 @@ have been defined within this IT department: In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the O[Organisational structure](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -module, we now select those OUs (departments) for which rights should be predefined and select +module, select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. ![button of predefined rights](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-1-en.webp) -- **Creating the first template group:** A new window will appear after clicking on the icon for +- **Creating the first template group:** A new window appears after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered. @@ -61,21 +61,21 @@ structures is explained in ## Adding other template groups -It is also possible to configure several different right templates within one department. This may +It's also possible to configure several different right templates within one department. This may be necessary e.g. if there are several areas of competency within one department which should each receive different permissions. Alongside the **IT general** area, the template groups **Exchange** and **Firewall** have also been defined below. ![Standard template](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-4-en.webp) -A **default template group** can be defined directly next to the drop-down menu for selecting the +A **default template group** can be defined directly next to the dropdown menu for selecting the template group (green arrow). This is always pre-configured when you select “IT” as the OU to save records. ## Issuing tags for predefining rights -In the same way that permissions are defined within right templates, it is also possible to -automatically set **tags**. Their configuration is carried out in the same way as issuing +In the same way that permissions are defined within right templates, it's also possible to +automatically set **tags**. Their configuration is performed in the same way as issuing [Tags](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md) for records. diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md index f123918413..0617646f30 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -15,18 +15,18 @@ Nevertheless, the four user rights related to “predefining rights” are expla - **Can switch default rights templates:** When selecting the rights template, a diverse range of rights template groups can be selected. To be able to select a different template to the default - template, the right “Can switch default rights templates” is required. If this right has not been - granted, you are forced to use the default template. + template, the right “Can switch default rights templates” is required. If this right hasn't been + granted, you're forced to use the default template. - **Can manage rights templates:** If the user has the right to manage rights templates, they can open the management function for the rights template via the button “predefine rights”. To receive full rights to manage the rights templates for an organisational unit, the rights “read” and “authorize” are required for the corresponding organisational unit. - **Can view selection of rights templates:** This right controls whether the rights template - selection function is displayed or not when creating new records. If this right has not been - granted, the user is thus not able to see for which roles and users the user rights are being + selection function is displayed or not when creating new records. If this right hasn't been + granted, the user is thus not able to see for which roles, and users the user rights are being defined. -- **Can remove members from rights templates:** Roles defined within the rights templates cannot be - removed without this right. If this right has not been granted, the roles defined in the templates +- **Can remove members from rights templates:** Roles defined within the rights templates can't be + removed without this right. If this right hasn't been granted, the roles defined in the templates are always authorized for records in this organisational structure. If the user right is activated: The user can remove the roles via the “x” icon: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md index 9a2d59bdee..a6740e07a2 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -8,7 +8,7 @@ sidebar_position: 30 In general, all of the predefined rights for an organisational structure are applied to all underlying objects. These objects could be passwords, forms, form fields documents, users, -applications or also other nested organisational structures in the hierarchy. In the following +applications, or also other nested organisational structures in the hierarchy. In the following example, the rights template **IT general** has been defined for the organisational unit **IT**. ![rights template](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_1-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index a022d821ab..0ae50e7d16 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -45,7 +45,7 @@ The following color key is used with the associated permissions: | Red | Authorize | Other rights also exist that are, however, not separately indicated by a color. The overview in the -ribbon can be used to see whether the “move”, “export” and “print” rights are set or not. The +ribbon lets you see whether the “move”, “export” and “print” rights are set or not. The permissions for the selected role/user are always displayed – in this case for the role “IT management”. @@ -58,16 +58,16 @@ The enables the configuration of rights for both existing and also new records. The option of [Predefining rights](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every -record, a “preset” is defined once for each organisational structure. Once this has been done, it is +record, a “preset” is defined once for each organisational structure. After this has been done, it's sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This process is particularly advantageous for those users -who should not set their permissions themselves. +who shouldn't set their permissions themselves. ![predefined rights diagram](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_4-en.webp) :::warning -The configuration of permissions can be carried out manually or automatically as -described. If you want to change previously set permissions later, this has to be done manually. -Retrospectively defining rights is not possible. +The configuration of permissions can be performed manually or automatically as +described. To change previously set permissions later, do so manually. +Retrospectively defining rights isn't possible. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 13f0d0f8ff..7eb2767b9e 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Password masking -## What is password masking? +## Password masking overview -The safest passwords are those that you do not know. Password masking follows this approach. It +The safest passwords are those that you don't know. Password masking follows this approach. It prevents the password from being shown, while allowing the use of the automatic sign-on. You can apply it via the button of the same name in the ribbon. @@ -31,7 +31,9 @@ masking. Users who have the **authorize permission** for a record can continue t without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. -NOTE: Password masking can only be applied to records with an existing password! +:::note +Password masking can only be applied to records with an existing password. +::: ## Applying password masking @@ -45,26 +47,26 @@ As an alternative, you can also apply password masking via the [Form field permissions](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwords/form_field_permissions.md). In the [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md) -of a record, there is a separate button in the ribbon for that purpose. Ensure that the password +of a record, there's a separate button in the ribbon for that purpose. Ensure that the password field is highlighted. ![form field permissions](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_2-en.webp) The special feature when setting or editing masking via the form field permissions is that you can individually select users to whom masking will be applied. In the following example, masking has -been specified only for the role of “trainees”, although the “IT” role does not have the **authorize +been specified only for the role of “trainees”, although the “IT” role doesn't have the **authorize permission** either. In addition to the name of the role or the user, the icon symbolizes the fact that visa protection applies to trainees. ![example password masking](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_3-en.webp) -NOTE: Use the icon in the ribbon to apply password masking to all users who have read permission on -the record, but not the **authorize permission**. If you wish to specify more precisely for which -users the password masking should be applied, this is also possible via the form field permissions. +:::note +Use the icon in the ribbon to apply password masking to all users who have read permission on the record, but not the **authorize permission**. To specify more precisely which users the password masking applies to, use the form field permissions. +::: -NOTE: It is important to note that the login mask for records with password masking will be "sent -automatically", even if the setting **Browser Extensions: Automatically send login masks** has been -deactivated. +:::note +The login mask for records with password masking will be "sent automatically", even if the setting **Browser Extensions: Automatically send login masks** has been deactivated. +::: :::warning The password masking only applies to those users who are authorized at the time of @@ -72,3 +74,4 @@ attachment to the record. If a record has the password masking and a user get´s record is **not protected** for this user. The password masking should then be removed and reset. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index 4fb0efba5c..949dc6c806 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -6,26 +6,26 @@ sidebar_position: 40 # Protective mechanisms -## What are protective mechanisms? +## Protective mechanisms overview The primary goal of Netwrix Password Secure is to ensure data security at all times. The -authorization concept is naturally the most important component when it comes to granting users the +authorization concept is the most important component when it comes to granting users the intended level of permissions for accessing data. Specifically, this makes it possible to make -certain information only available to selected employees. Nevertheless, it is still necessary to -have protective mechanisms above and beyond the authorization concept in order to handle complex +certain information only available to selected employees. Nevertheless, it's still necessary to +have protective mechanisms above and beyond the authorization concept to handle complex requirements. - [Visibility](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) - is not separately configured but is instead directly controlled via the authorization concept + isn't separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. - By configuring [Temporary permissions](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md), - it is possible to grant users or roles temporary access to data. + it's possible to grant users or roles temporary access to data. - [Password masking](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. -- To link the release of highly sensitive access data to a double-check principle, it is possible to +- To link the release of highly sensitive access data to a double-check principle, it's possible to use [Seals](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a @@ -38,32 +38,33 @@ the authorization concept. In the interplay of the [Authorization and protection mechanisms](/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md), -almost all conceivable scenarios can be depicted. It is worth mentioning again that the -authorization concept is already a very effective tool, with limited visibility of passwords and -data records. This concept is present everywhere in Netwrix Password Secure, and will be explained +almost all conceivable scenarios can be depicted. It's worth mentioning again that the +authorization concept is already a very effective tool, with limited visibility of passwords, and data records. This concept is present everywhere in Netwrix Password Secure, and will be explained in more detail below. ## Visibility as a basic requirement It should always be noted that **visibility** is always a basic requirement for applying further -protective mechanisms. A record that is completely hidden from a user (= no read permission) can -naturally not be given any further protective mechanisms. +protective mechanisms. A record that's completely hidden from a user (= no read permission) can +not be given any further protective mechanisms. -NOTE: The visibility of a record is always the basic requirement for applying further protective -mechanisms +:::note +The visibility of a record is always the basic requirement for applying further protective mechanisms +::: ## Combining multiple protective mechanisms In principle, there are a diverse range of possibilities for combining the above-mentioned protective mechanisms. Temporary access to a “masked” record is possible just as having a “masked” record which is additionally secured by a double-check principle is also possible. **Nevertheless, -it should be noted that temporary permissions in combination with seals always pose a risk.** If +temporary permissions in combination with seals always pose a risk.** If releasing a seal requires approval from a person who only possesses or possessed temporary -permissions or will only possess them in future, this could naturally conflict with the configured +permissions or will only possess them in future, this could conflict with the configured release criteria. :::warning -The combination of seals and temporary permissions is not recommended if the user with +The combination of seals and temporary permissions isn't recommended if the user with permissions to issue a release has only been given temporary permissions. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index 576b868598..f9c1e44766 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Release mechanism -## What is the release mechanism? +## Release mechanism overview -A sealed password will not be released until the number of approvals required in the seal has been +A sealed password won't be released until the number of approvals required in the seal has been granted. Releases can be granted by anyone who has been defined as having the required permissions to issue the release in the seal. The mechanism describes the complete process from the first release request to the final grant of the release and the breaking of the seal. @@ -16,28 +16,29 @@ release request to the final grant of the release and the breaking of the seal. ## Users and roles in the release mechanism As noted in the previous sections, seals always restrict the right of a user to view a specific -password. Even if the configuration is usually done at the level of the role, each user is naturally +password. Even if the configuration is usually done at the level of the role, each user is responsible for his own request when carrying out the release. Even if a seal is defined for a role, technically separate seals are created for each individual member of the role. -NOTE: Requests or releases are only valid for the respective user! +:::note +Requests or releases are only valid for the respective user. +::: :::warning If a user is a member of several roles of a seal, the "stronger" right is always applied. Release rights have a priority over read rights ::: - ## 1. Requesting a release -In order to release a seal for sealed passwords, this must be requested from the user with the +To release a seal for sealed passwords, this must be requested from the user with the required permissions to issue the release. Within the Netwrix Password Secure client, this can be done via the buttons **Reveal** and **Seal** in the ribbon, as well as via the **Icon in the password field** of the data record in the reading pane. ![seal protection](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_1-en.webp) -A modal window opens, which can be used to request the seal. The reason for the entry will be +A modal window opens, which lets you request the seal. The reason for the entry will be displayed to the users with the required permissions to issue the release. ![start seal process](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_2-en.webp) @@ -51,8 +52,8 @@ as well as in the Seal overview. The [Seal overview](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) -can be opened via the seal symbol in the ribbon directly from the mentioned notification. It is -indicated by the corresponding icon that there is a need for action. All relevant data for a release +can be opened via the seal symbol in the ribbon directly from the mentioned notification. It's +indicated by the corresponding icon that there's a need for action. All relevant data for a release are illustrated within the seal overview. The reason given in the release is also evident. ![seal overview](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_3-en.webp) @@ -69,3 +70,4 @@ via the notifications as usual. The seal can now be broken. From this point on, able to see the password. ![broken seal](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_5-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md index 9f1231d93c..075d4dd85d 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Seal overview -## What is the seal overview? +## Seal overview Users with the required permissions to issue the releases receive access to the current state of the existing seals at any time via the seal overview. The overview is accessible via the ribbon as well @@ -32,7 +32,7 @@ returned to the "sealed" state. #### 2. Release process -If a user has requested a release, it is in the **release process**. This status is highlighted by +If a user has requested a release, it's in the **release process**. This status is highlighted by an icon next to the user name, since a possible release can be actively granted by the authorized user. These so-called **important entries** can also be filtered in the headline of the seal overview in via the column. The maximum duration of an release request can be configured in the @@ -53,8 +53,8 @@ be manually reset by the icon to the right of the broken seal column. The state restored. :::warning -It makes no sense to re-seal already visible passwords. The user was able to view the -password. Therefore, it is not monitorable whether the password has been saved, for example, by -screenshot. In such cases, a new password is the only way to guarantee 100% password security! +It makes no sense to re-seal already visible passwords. The user could view the +password. Therefore, it isn't monitorable whether the password has been saved, for example, by +screenshot. In such cases, a new password is the only way to guarantee 100% password security. ::: diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index da5dcc4d48..4a033d0322 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Seals -## What are seals? +## Seals overview Passwords are selectively made available to the different user groups by means of the [Authorization and protection mechanisms](/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md). -Nevertheless, there are many scenarios in which the ability to view and use a record should be +Nevertheless, there are many scenarios in which the ability to view, and use a record should be linked to a release issued in advance. In this context, the seal is an effective protective mechanism. This multi-eye principle protects passwords by securing them with granular release -mechanisms. If you want to see a password, this must be requested and released. The release can also +mechanisms. To see a password, it must be requested and released. The release can also be temporary. ## Relevant rights @@ -26,15 +26,15 @@ The following option is required to add a seal. ## Required permissions -Firstly, the user must have the **authorize permission** for the record in order to create seals. +Firstly, the user must have the **authorize permission** for the record to create seals. The read permission to all users and roles that are contained in the seal is also required. The exact configuration of password masking and permissions for records is described in detail in the Authorization concept section. -## What exactly is sealed? +## Sealed content -Technically speaking, the password itself is not sealed. It is the permission to see a password -field that is protected by a seal. This allows for the most sensitive configurations, in which one +Technically speaking, the password itself isn't sealed. It's the permission to see a password +field that's protected by a seal. This allows for the most sensitive configurations, in which one group can use the password without restrictions, but the same password is sealed for other users. The wizard assists users in applying seals, as well as in future maintenance. @@ -43,12 +43,10 @@ The complete data set is never sealed! Only the permission to view a password is protected by a seal. ::: - :::warning -Be Aware" Only records that are protected with a password can be sealed! +Be Aware" Only records that are protected with a password can be sealed. ::: - ## Seal wizard All seal configurations are performed in the wizard. Both the application of new seals as well as @@ -64,7 +62,7 @@ the configuration of the seal. ![multi-eye principe](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_2-en.webp) All objects that are sealed are displayed at the beginning. Depending on the data record, this can -be one object, or several. It is also possible to use existing +be one object, or several. It's also possible to use existing [Seal templates](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md). Optionally, you can enter a reason for each seal. @@ -77,10 +75,11 @@ release are displayed in blue. ![example permissions](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_3-en.webp) -NOTE: All users and roles for which the data set is not sealed and which are not authorized for -release are displayed in green. These can use the data record independently of the seal. +:::note +All users and roles for which the data set isn't sealed and which aren't authorized for release are displayed in green. These can use the data record independently of the seal. +::: -To avoid having to perform any configuration manually, roles and users are copied directly from the +To avoid having to perform any configuration manually, roles, and users are copied directly from the authorizations of the data record. Compare with the "permissions" for the record (can be viewed via the ribbon). @@ -89,9 +88,9 @@ the ribbon). Supervisors should issue the releases for their employees. Therefore, the checkbox also follows the existing authorizations. The following **scheme** is used: -NOTE: All users and roles that have the **authorize permission** to the record are "authorized to -issue a release" for the seal by default. All users and roles that do not have the **authorize -permissions** to the record are copied directly into the "Sealed for" column. +:::note +All users and roles that have the **authorize permission** to the record are "authorized to issue a release" for the seal by default. All users and roles that don't have the **authorize permissions** to the record are copied directly into the "Sealed for" column. +::: Here is a closer look at the permissions of the role **Administrators** on the record: @@ -102,36 +101,34 @@ Here is a closer look at the permissions of the role **Administrators** on the r Although standard authorizations are used as a basis for the sealing concept, these can be adapted. The number of releases generally required is as configurable as the required number of releases from a role. In the following example, the seal has been extended so that a total of three release -authorizations are required in order to release the seal **(Multi-eye principle)**. The role of the +authorizations are required to release the seal **(Multi-eye principle)**. The role of the administrators has been marked in the mandatory column. This means that it must grant at least one release. In summary: A total of three releases must be made, whereby the group of administrators must grant at least one release. ![edit seal](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_6-en.webp) -In order to be not only dependent on existing authorizations on the data set, other users can also +To be not only dependent on existing authorizations on the data set, other users can also be added to the seal. The role accounting under "sealed for" has been added below. ![define permission for the seal](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_7-en.webp) -NOTE: When a role or a user is added to a seal, these users also receive permissions on the record -according to the authorization granted in the seal. A role that is added under "Sealed for" receives -the **Read permission** on the record. When you add authorization permissions, these will include -the **Read**, **Write**, **Delete**, and **Authorize** permission. +:::note +When a role or a user is added to a seal, these users also receive permissions on the record according to the authorization granted in the seal. A role that's added under "Sealed for" receives the **Read permission** on the record. When you add authorization permissions, these will include the **Read**, **Write**, **Delete**, and **Authorize** permission. +::: :::warning All the roles that were once added to the seal can no longer be removed via the seal -logic. This is only possible directly via the authorizations of the data record! +logic. This is only possible directly via the authorizations of the data record. ::: - -NOTE: It is possible to seal records for a user who is also authorized to issue a release. In this -constellation, it is important to ensure that at least one other user is authorized to issue a -release. In principle, you should never be able to issue a release for yourself. +:::note +It's possible to seal records for a user who's also authorized to issue a release. In this constellation, it's important to ensure that at least one other user is authorized to issue a release. In principle, you should never be able to issue a release for yourself. +::: #### 3. Advanced settings -Advanced seal settings allow you to adjust the multi-eye principle. Both the time validity of a +Advanced seal settings let you adjust the multi-eye principle. Both the time validity of a release request as well as a granted release can be configured. Multiple break defines whether after the breaking of a seal by a user, other users may still break it. @@ -139,17 +136,17 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal -Before closing the wizard, it is possible to save the configuration for later use in the form of a +Before closing the wizard, it's possible to save the configuration for later use in the form of a template. [Seal templates](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/seal_templates.md) -can be optionally provided with a description for the purpose of overview. +can be optionally provided with a description for overview. ![save seal](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) ## Summary The permissions already present on the data set form the basis for any complex seal configurations. -It is freely definable which users have to go through a release mechanism before accessing the +It's freely definable which users have to go through a release mechanism before accessing the password. The roles, which may be granted, are freely definable. An always accessible [Seal overview](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) allows all authorized persons to view the current state of the seals. The section on @@ -158,3 +155,4 @@ describes in detail the individual steps, from the initial release request to th - [Seal overview](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) - [Release mechanism](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index 774c0fda19..f77ef17584 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Temporary permissions -## What are temporary permissions? +## Temporary permissions overview -So far, we have covered permissions that were valid for an unlimited period. However, a permission +So far, this documentation has covered permissions that were valid for an unlimited period. However, a permission can also be granted in advance with a time restriction. Examples are users who stay in the company -for a limited time, such as interns or trainees. +for a limited time, such as interns, or trainees. ## Configuration @@ -33,18 +33,20 @@ permissions: - **Green:** The temporary permission is active. - **Red:** The time period for the temporary permissions has already expired. -NOTE: Temporary permissions can also be assigned to multiple roles and users at the same time. You -can select multiple users and roles as usual with Ctrl/Shift + left mouse button! +:::note +Temporary permissions can also be assigned to multiple roles and users at the same time. You can select multiple users and roles as usual with Ctrl/Shift + left mouse button. +::: ## Special features of the authorization system Due to their very nature, temporary permissions leave lots of potential for incorrect configurations. Conceivable constellations include a situation when the only user with all rights -only has temporary permissions. When these permissions expire, there is no longer any user with full +only has temporary permissions. When these permissions expire, there's no longer any user with full permissions. To prevent this happening, users with temporary permissions are handled differently. :::warning -There must always be one user who has the “authorize” right to a record, who does not +There must always be one user who has the “authorize” right to a record, who doesn't only have temporary permissions. ::: + diff --git a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index 3431a3ccfd..15a7615ef6 100644 --- a/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md +++ b/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -11,32 +11,33 @@ sidebar_position: 10 The use of a [Filter](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility -of the records is closely interwoven with the existing permissions structure. Naturally, a user can +of the records is closely interwoven with the existing permissions structure. a user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into consideration when handling records. [Tags](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/tags.md) -are not subject to any permissions and can thus always be used as filter criteria. Nevertheless, the +aren't subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record -as personal – yet each user will naturally only be able to find their own personal records. +as personal – yet each user will only be able to find their own personal records. ## Creating independently working environments The possibility of separately defining the visibility of individual objects is one of the special features within the Netwrix Password Secure authorization concept. Irrespective of whether handling -records, documents, organisational structures, roles or forms: it is always possible to define +records, documents, organisational structures, roles, or forms: it's always possible to define whether a user or a role possesses a read permission to the object or not. The permissions for each of these objects can be defined separately via the ribbon in the permissions dialogue. This approach enables the creation of independently existing departments within a database. The permissions structure for the SAP form can be seen below. It shows that only the sales manager and the -administrators are currently permitted to create new records of type SAP. +administrators are permitted to create new records of type SAP. ![example permissions on a form](/images/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility-en.webp) -In general, each department can independently use forms, create passwords and manage hierarchies in +In general, each department can independently use forms, create passwords, and manage hierarchies in this way. Especially in very sensitive areas of a company, this type of compartmentalization is often required and also desired. -NOTE: An alternative also supported by Netwrix Password Secure is for each department to set up -their own MSSQL database. However, this physical separation requires considerably more -administration work than the above-mentioned separation of data based on permissions and visibility. +:::note +An alternative also supported by Netwrix Password Secure is for each department to set up their own MSSQL database. However, this physical separation requires considerably more administration work than the above-mentioned separation of data based on permissions and visibility. +::: + diff --git a/docs/passwordsecure/9.1/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/9.1/configuration/autofilladdon/autofill_add-on.md index 23056fd881..7a7b46f40c 100644 --- a/docs/passwordsecure/9.1/configuration/autofilladdon/autofill_add-on.md +++ b/docs/passwordsecure/9.1/configuration/autofilladdon/autofill_add-on.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Autofill Add-on -## What is the Autofill Add-on? +## Autofill Add-on overview The Autofill Add-on is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in @@ -16,7 +16,7 @@ The [Authorization and protection mechanisms](/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md) is used to define which users should receive access. -However, the password remains hidden because it is entered by Netwrix Password Secure. +However, the password remains hidden because it's entered by Netwrix Password Secure. #### Requirements @@ -28,7 +28,9 @@ necessary. A desktop link is created for both the client and also for the Autofi The right **Can create web applications** is required for creating new web applications\* -NOTE: The agent can control multiple databases at the same time +:::note +The agent can control multiple databases at the same time +::: #### Functionality @@ -38,7 +40,7 @@ The functionality of the Autofill Add-on is illustrated in the following diagram RDP and SSH sessions(![1](/images/passwordsecure/9.1/configuration/autofill_add-on/1.webp) -) are not automatically started via the Autofill Add-on. Applications are created for this purpose +) aren't automatically started via the Autofill Add-on. Applications are created for this purpose in the Netwrix Password Secure client. The creation and use of these connections is explained in detail in the corresponding section. @@ -53,13 +55,15 @@ following types of connections exist: cases, the Autofill Add-on takes over the communication between the application server and the Windows applications. -NOTE: For entering data on websites, the record must contain at least the following fields: User -name, password, URL. +:::note +For entering data on websites, the record must contain at least the following fields: User name, password, URL. +::: #### Conclusion As the Autofill Add-on is directly connected to the application server, login data can also be entered without the main client. Exceptions are the RDP and SSH connections. These are forced to remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the -client with the two limitations mentioned. Naturally, all of the steps completed are still entered +client with the two limitations mentioned. all of the steps completed are still entered in the logbook and are always traceable. + diff --git a/docs/passwordsecure/9.1/configuration/autofilladdon/configuration_autofill_add-on.md b/docs/passwordsecure/9.1/configuration/autofilladdon/configuration_autofill_add-on.md index 0a2032ae07..f5e73148ce 100644 --- a/docs/passwordsecure/9.1/configuration/autofilladdon/configuration_autofill_add-on.md +++ b/docs/passwordsecure/9.1/configuration/autofilladdon/configuration_autofill_add-on.md @@ -8,29 +8,30 @@ sidebar_position: 10 ## Starting the Autofill Add-on -The Autofill Add-on can be directly started via the desktop link that is automatically created when -it is installed. The login data correspond to the normal user data for the client. +The Autofill Add-on can be directly started via the desktop link that's automatically created when +it's installed. The login data correspond to the normal user data for the client. ![Login SSO](/images/passwordsecure/9.1/configuration/autofill_add-on/configuration/installation_with_parameters_129-en.webp) -To log in, the desired database and the associated login data are firstly selected. The Autofill -makes all of the databases configured on the client available. It is also possible to create +To log in, the desired database, and the associated login data are firstly selected. The Autofill +makes all of the databases configured on the client available. It's also possible to create profiles as usual so that the connection data for certain databases can be used efficiently in the future. -NOTE: The agent accesses the same configuration file as the client. All changes to profiles will -thus also affect the client. New profiles can thus also be created via the Autofill. +:::note +The agent accesses the same configuration file as the client. All changes to profiles will thus also affect the client. New profiles can thus also be created via the Autofill. +::: #### Context menu functionality -After successfully logging in, the Autofill Add-on firstly runs in the background. Right click on +After successfully logging in, the Autofill Add-on firstly runs in the background. Right click the icon in the system tray to open the context menu. ![icon options](/images/passwordsecure/9.1/configuration/autofill_add-on/configuration/installation_with_parameters_130-en.webp) - **Disconnect**: Connect to database/disconnect from database. (All connections are shown for multiple databases) -- **Login** enables you to log into another database +- **Login** lets you log into another database - **Disable/Enable agent** allows you the option of temporarily disabling automatic login - A diverse range of variables can be defined via the **Settings** - **Reload all Data** @@ -41,3 +42,4 @@ the icon in the system tray to open the context menu. - The desktop notifications display various information, such as when data is entered - Start with Windows includes the Autofill Add-on in the autostart menu + diff --git a/docs/passwordsecure/9.1/configuration/basicview/basic_view.md b/docs/passwordsecure/9.1/configuration/basicview/basic_view.md index d6a47c3f69..8b482b6949 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/basic_view.md +++ b/docs/passwordsecure/9.1/configuration/basicview/basic_view.md @@ -8,12 +8,12 @@ sidebar_position: 30 ![light-client-en](/images/passwordsecure/9.1/configuration/basic_view/light-client-en.webp) -## What is the Basic view about? +## Basic view overview The Basic view is a lean tool for every end user. It guarantees quick and easy access to the daily needed passwords. Although the Basic view has a limited range of functions, it can be operated intuitively and without previous knowledge or training by any user. The Basic view is designed for -up to 50 passwords. The Basic view introduces to professional password management. It is also the +up to 50 passwords. The Basic view introduces to professional password management. It's also the ideal tool for the daily handling of passwords. ![image1](/images/passwordsecure/9.1/configuration/basic_view/image1.webp) @@ -21,7 +21,7 @@ ideal tool for the daily handling of passwords. ## Requirements & required rights You don’t need any special permission to use the Basic view. However, the handling of the Basic -views can be set via rights and settings. Read more in chapter +views can be set via rights and settings. See the [To do for Administration](/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/to_do_for_administration.md). #### Installation diff --git a/docs/passwordsecure/9.1/configuration/basicview/checklist_of_the_basic_view.md b/docs/passwordsecure/9.1/configuration/basicview/checklist_of_the_basic_view.md index ee8ab0051f..e5c1fcd863 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/9.1/configuration/basicview/checklist_of_the_basic_view.md @@ -18,8 +18,8 @@ URL** 2. Set display of the Basic view or Advanced view -The setting **Display passwords in Basic view & display passwords in Advanced view** allows you to -configure the display of both clients. The passwords can be displayed with an icon, logo or in text +The setting **Display passwords in Basic view & display passwords in Advanced view** lets you +configure the display of both clients. The passwords can be displayed with an icon, logo, or in text form. 3. Are users in the right organisational unit? @@ -37,4 +37,4 @@ will prompt the user to log in to the Basic view. 5. Add default applications (optional) -It is advised to create the applications, which shall be stored as passwords, beforehand. +It's advised to create the applications, which shall be stored as passwords, beforehand. diff --git a/docs/passwordsecure/9.1/configuration/basicview/password_management.md b/docs/passwordsecure/9.1/configuration/basicview/password_management.md index 626d15f378..d8a69a8514 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/password_management.md +++ b/docs/passwordsecure/9.1/configuration/basicview/password_management.md @@ -8,21 +8,22 @@ sidebar_position: 60 ## Creating passwords -This chapter deals with the main functionality of Basic view, namely the secure storage and -management of passwords. It should be noted that a password can be stored in different ways. +This chapter deals with the main functionality of Basic view, namely the secure storage, and management of passwords. A password can be stored in different ways. -NOTE: The required settings and rights are given by the in-house administration. Further information -can be found here: To do for the administration +:::note +The required settings and rights are given by the in-house administration. Further information can be found here: To do for the administration +::: #### Create with application -**Prerequisite:** An existing application is available. It does not matter whether this is an SSO, +**Prerequisite:** An existing application is available. It doesn't matter whether this is an SSO, web, RDP, or SSH application. ![create password](/images/passwordsecure/9.1/configuration/basic_view/password_management/create-password-en.webp) -NOTE: Managing and creating the corresponding applications is the responsibility of the in-house -administration. How to create an application can be read here and in the following chapters. +:::note +Managing and creating the corresponding applications is the responsibility of the in-house administration. How to create an application can be read here and in the following chapters. +::: Clicking on the existing application opens a window that asks for the user name and password. @@ -36,13 +37,13 @@ Now the record can be opened by clicking on the corresponding tile. #### Create without application -Alternatively, it is also possible to create a data set without an application. +Alternatively, it's also possible to create a data set without an application. By clicking on the + symbol or right click ->New or CTRL+N a new window opens. In this window, the -information relevant for the stored form is entered in the Password tab. It is also possible to +information relevant for the stored form is entered in the Password tab. It's also possible to assign the data record to each organizational unit to which the creating user is authorized. It does not matter in which tab the user is located. If a rights template is defined for the selected -organizational unit, then this template will take effect at this point. It is also possible to +organizational unit, then this template takes effect at this point. It's also possible to define one or more corresponding tags for the data set. ![create new password](/images/passwordsecure/9.1/configuration/basic_view/password_management/create-new-password-en.webp) @@ -60,9 +61,10 @@ Then the whole process is completed by clicking the "Finish" button. ## Changing and deleting passwords -In order to change or delete passwords you should stay on the corresponding tile with the mouse -cursor. The control button will appear. +To change or delete passwords you should stay on the corresponding tile with the mouse +cursor. The control button appears. -When you click the button, you will be offered the "Edit" and "Delete" options, among others. +When you click the button, you'll be offered the "Edit" and "Delete" options, among others. ![options record light client](/images/passwordsecure/9.1/configuration/basic_view/password_management/options-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/basicview/start_and_login_basic_view.md b/docs/passwordsecure/9.1/configuration/basicview/start_and_login_basic_view.md index 13fa85e783..b668fd0275 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/start_and_login_basic_view.md +++ b/docs/passwordsecure/9.1/configuration/basicview/start_and_login_basic_view.md @@ -10,7 +10,7 @@ sidebar_position: 30 To start the Basic view, the Web application must be started first. -As soon as the login mask appears, the login data of the corresponding user are entered there. It is +As soon as the login mask appears, the login data of the corresponding user are entered there. It's essential to ensure that the variant set up by the administrator is used. There are several options for this: @@ -31,25 +31,25 @@ There are 2 possibilities here: ![image4](/images/passwordsecure/9.1/configuration/basic_view/start_and_login/image4.webp) :::warning -Please ask your administrator if you are not sure which login details apply to you! +ask your administrator if you aren't sure which login details apply to you. ::: #### Change to the web view of the Basic view -As soon as the login was successful, you are now either: +As soon as the login was successful, you're now either: - directly in the web view of the Basic view, because the user is a Basic view user. **or** - in the Web Application. To switch from the Web Application to the Basic view web view, you have to - click on your profile name. There you will be offered the option **"Switch to the Basic view"**. + click your profile name. There you'll be offered the option **"Switch to the Basic view"**. ![switch to lightclient](/images/passwordsecure/9.1/configuration/basic_view/start_and_login/switch-to-lc-wc-en.webp) The Basic view web view is in no way inferior to the Basic view. The same functions are given except -for the download of the favicons (icon, symbol or logo used by web browsers to mark a website in a +for the download of the favicons (icon, symbol, or logo used by web browsers to mark a website in a recognizable way). ![LightClient in WebClient](/images/passwordsecure/9.1/configuration/basic_view/start_and_login/wc-lc-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/basicview/tab_system.md b/docs/passwordsecure/9.1/configuration/basicview/tab_system.md index c725b6b5f1..6d2f0cf6c1 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/tab_system.md +++ b/docs/passwordsecure/9.1/configuration/basicview/tab_system.md @@ -6,10 +6,10 @@ sidebar_position: 50 # Tab system -## What is the tab system? +## Tab system overview -The tab system helps to structure the passwords in order to manage and find them more easily. For -this purpose, several tabs can be created and switched between them with a click. +The tab system helps to structure the passwords to manage and find them. For +this purpose, several tabs can be created, and switched between them with a click. ![tabs LightClient](/images/passwordsecure/9.1/configuration/basic_view/tab_system/tabs-lc-en.webp) @@ -23,7 +23,7 @@ the passwords assigned to the personal organizational unit Furthermore, public tabs are also available. These correspond to the public -organizational units on the Advanced view. It is also possible to store all public organizational +organizational units on the Advanced view. It's also possible to store all public organizational units as public tabs. No upper limit is set here. ![public tab](/images/passwordsecure/9.1/configuration/basic_view/tab_system/public-tab-en.webp) @@ -34,9 +34,9 @@ The public tabs can be shown and hidden as needed. The X closes the current tab. ![close tab](/images/passwordsecure/9.1/configuration/basic_view/tab_system/close-tab-en.webp) -A public tab can be displayed again with a simple click on the +. +A public tab can be displayed again with a simple click the +. ![select organisational unit](/images/passwordsecure/9.1/configuration/basic_view/tab_system/select-ou-en.webp) -In the subsequent dialog, only the desired organizational unit must be selected and confirmed with +In the subsequent dialog, only the desired organizational unit must be selected, and confirmed with OK. All organizational units to which the user is authorized are available here. diff --git a/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md b/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md index 3b1639bfc5..3593ae3ed1 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md +++ b/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Error codes for administration -If problems with the Basic view should appear, they are classified by error codes. These codes help +If problems with the Basic view should appear, they're classified by error codes. These codes help the administration to stop problems even more quickly and solve them. There are 7 different types of error codes: @@ -19,7 +19,7 @@ application server. **SavePasswordPlausibilityField** -The plausibility has not been fulfilled when saving a password. The mandatory fields of the +The plausibility hasn't been fulfilled when saving a password. The mandatory fields of the deposited form should be checked. ![installation_with_parameters_156_795x595](/images/passwordsecure/9.1/configuration/basic_view/administration/errorcodes/installation_with_parameters_156_795x595.webp) @@ -42,10 +42,10 @@ required: Text, user name, password, URL. **DefaultFormImpossiblePlausibility** -When creating a password for an application, there is a field which is not displayed. Therefore, the +When creating a password for an application, there's a field which isn't displayed. Therefore, the plausibility in fields should be checked. **NoValidOrganisation** -Is only relevant for the web view of the Basic view. It is activated if you want to create a -password using the add-on and the user does not have an OU in which to create it. +Is only relevant for the web view of the Basic view. It's activated if you want to create a +password using the add-on and the user doesn't have an OU in which to create it. diff --git a/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/to_do_for_administration.md index 24cc6fdf99..fc8ec2bb01 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/to_do_for_administration.md +++ b/docs/passwordsecure/9.1/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -8,12 +8,13 @@ sidebar_position: 10 ## Conditions for using the Basic view -The Basic view allows end users to easily manage their passwords in Netwrix Password Secure without -any training or prior knowledge. In order to ensure proper operation, the administration has to make +The Basic view allows end users to manage their passwords in Netwrix Password Secure without +any training or prior knowledge. To ensure proper operation, the administration has to make a few preparations first. This will be further discussed in the following. -NOTE: To make the Basic view transition as easy and smooth as possible for the user, the -administration can orient towards this checklist. +:::note +To make the Basic view transition as easy and smooth as possible for the user, the administration can orient towards this checklist. +::: #### Relevant rights and settings @@ -43,14 +44,14 @@ There are several ways to provide/create passwords in the Basic view. #### Predefined passwords Predefined passwords have already been created on the FullClient. Basic view users must at least -obtain the right to read a record in order to use the password. +obtain the right to read a record to use the password. ![installation_with_parameters_154](/images/passwordsecure/9.1/configuration/basic_view/administration/installation_with_parameters_154.webp) #### Creating passwords via applications -In order to use applications on the Basic view, the administration must first create them on the -FullClient. By clicking on the application, the end user can easily generate secure passwords. To be +To use applications on the Basic view, the administration must first create them on the +FullClient. By clicking on the application, the end user can generate secure passwords. To be able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter @@ -60,7 +61,7 @@ Further information on this topic can be found in the chapter #### Creating passwords via applications without applications -Please consider the following rights and settings so that Basic view users can create new passwords. +consider the following rights and settings so that Basic view users can create new passwords. User rights: @@ -71,3 +72,4 @@ Setting: **Default form** Otherwise, no form can be assigned to the new password. - Add right to the organisational unit of the user + diff --git a/docs/passwordsecure/9.1/configuration/basicview/view.md b/docs/passwordsecure/9.1/configuration/basicview/view.md index 4c51972789..4f81a57b62 100644 --- a/docs/passwordsecure/9.1/configuration/basicview/view.md +++ b/docs/passwordsecure/9.1/configuration/basicview/view.md @@ -10,7 +10,7 @@ sidebar_position: 40 The Basic view interface is arranged in tiles. If a logo/icon has been stored for a password in the image management, this can optionally be displayed with the associated data record. If the logo of -the password is not available, a reduced Outlook view is displayed. +the password isn't available, a reduced Outlook view is displayed. 1. view of a Basic view button with stored logo @@ -24,7 +24,7 @@ the password is not available, a reduced Outlook view is displayed. ![sql-server-log](/images/passwordsecure/9.1/configuration/basic_view/view/sql-server-log.webp) -Click on the tile to open the application. +Click the tile to open the application. ![SSO LightClient](/images/passwordsecure/9.1/configuration/basic_view/view/sso-lc-en.webp) @@ -45,23 +45,23 @@ When you click the button, the following options become visible: - -Edit (The selected record can be edited.) - Move (The selected record can be moved to another organisational unit) - Move to bin (the selected record can be deleted.) -- -Copy username (the username of the selected record will be copied to the clipboard). -- -Copy password (the password of the selected record will be copied to the clipboard). -- Typing assistance (Use this view to easily type out passwords) -- -Refresh (The record will be updated.) +- -Copy username (the username of the selected record is copied to the clipboard). +- -Copy password (the password of the selected record is copied to the clipboard). +- Typing assistance (Use this view to type out passwords) +- -Refresh (The record is updated.) -You can only perform the above operations if you are sufficiently authorized. Please point this out -to your in-house administrator if this is not the case for you. +You can only perform the above operations if you're sufficiently authorized. point this out +to your in-house administrator if this isn't the case for you. :::warning -You can only execute the mentioned operations if you are sufficiently authorized. -Please point this out to your in-house administrator if this is not the case for you. +You can only execute the mentioned operations if you're sufficiently authorized. +point this out to your in-house administrator if this isn't the case for you. ::: ## Image management Usually, the setup of logos/icons in the i**mage management** is done by the in-house -administration. You can learn more about this in the FullClient +administration. See the FullClient [Image management](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/9.1/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/9.1/configuration/browseraddons/applications_add-on.md index b25bf7e3e7..3fef452984 100644 --- a/docs/passwordsecure/9.1/configuration/browseraddons/applications_add-on.md +++ b/docs/passwordsecure/9.1/configuration/browseraddons/applications_add-on.md @@ -6,11 +6,11 @@ sidebar_position: 10 # Applications -## What are applications? +## Applications overview Data can be entered on many websites without further configuration. The website is scanned in order to find data entry fields in which the user name and password can then be entered. No further steps -are thus necessary. For websites where data cannot be entered directly, it is necessary to create an +are thus necessary. For websites where data can't be entered directly, it's necessary to create an application manually. These applications correspond to working guidelines that precisely define which information should be entered into which target field. The full script that describes the assignment is called an “**application**”. @@ -18,10 +18,10 @@ assignment is called an “**application**”. ![registration with and without application](/images/passwordsecure/9.1/configuration/browseradd-ons/applications/installation_with_parameters_142-en.webp) The diagram starts with the user navigating to a website. The application server is then checked to -see whether a record has been saved for this website for which the currently registered user also +see whether a record has been saved for this website for which the registered user also has the required permissions. If this is the case, the information required for the login is sent to the Browser Extension in encrypted form. The password is only decrypted in the add- on shortly -before it is entered. There are two ways in which the information is entered: **Data entry without +before it's entered. There are two ways in which the information is entered: **Data entry without application** and **Data entry with application**. **Data entry without application** @@ -29,39 +29,38 @@ application** and **Data entry with application**. The data entry without application process is sufficient for most websites because the fields can be directly assigned (mapping). The system checks in the background whether a login mask has been found for any websites visited. The URL is now used to check if there are any records in the linked -websites that would fit the page. It is only necessary for the hostname including the domain suffix, +websites that would fit the page. It's only necessary for the hostname including the domain suffix, such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted to the first user name field that can be found on the page. The password is also entered into the first password field found on the page. If automatic login has been activated in the settings, this -is also carried out by clicking the login button. +is also performed by clicking the login button. #### Data entry with application -It is not possible to automatically recognise the fields that must be filled on some websites. An +It isn't possible to automatically recognise the fields that must be filled on some websites. An application needs to be created in these cases. If more than two fields need to be transferred, it is also necessary to create an application. In this context, “application” means instructions that are used to enter information into the fields. It thus assigns fields in the record to the associated fields on the website. This mapping process only needs to be configured once. The applications is responsible for entering data in the fields on the website from then on. In the -following example, the data entry process is carried out from the client. Naturally, this is also +following example, the data entry process is performed from the client. this is also possible via [Browser Add-ons](/docs/passwordsecure/9.1/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/images/passwordsecure/9.1/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) -The URL is checked to see whether the record matches the web page. It is only necessary for the +The URL is checked to see whether the record matches the web page. It's only necessary for the hostname including the domain suffix (“.de” or “.com”) to match. ## Creating applications :::warning -The user right Can add new web applications is required in order to create applications +The user right Can add new web applications is required to create applications ::: - -If the login mask on a website cannot be automatically completed, it is necessary to manually create -an application. To create an application, the desired website is first called up. The add-on is then +If the login mask on a website can't be automatically completed, it's necessary to manually create +an application. To create an application, the desired website is first opened. The add-on is then started via the relevant icon. The menu item “Create application\* can be found here ![create application](/images/passwordsecure/9.1/configuration/browseradd-ons/applications/installation_with_parameters_144-en.webp) @@ -72,13 +71,13 @@ A modal window now opens. The actual application is now created here. The following options are available: -- **Advanced options** allows you to define a delay separately for each field when entering the +- **Advanced options** lets you define a delay separately for each field when entering the data. This is sensible when the process of entering the data would otherwise not run smoothly on sluggish websites. -- The **Move** setting can be used to change the position of the modal window if it covers the login +- The **Move** setting lets you change the position of the modal window if it covers the login window -To capture, click on the first field to be filled on the website. It will be directly added to the +To capture, click the first field to be filled on the website. It will be directly added to the list in the modal window. For better identification, fields that belong together are marked in colour. @@ -86,7 +85,7 @@ colour. The field type (e.g. INPUT) and the field label are displayed in the field itself. In addition, an action is proposed which fits the field type, such as e.g. entering the user name. The action can -naturally be adjusted if required. Once all fields have been captured, the system checks whether the +be adjusted if required. Once all fields have been captured, the system checks whether the actions are correct. Finally, the application can be saved. ![example for a application](/images/passwordsecure/9.1/configuration/browseradd-ons/applications/installation_with_parameters_147-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/browseraddons/browser_add-ons.md b/docs/passwordsecure/9.1/configuration/browseraddons/browser_add-ons.md index b8052926b6..1c7d19f254 100644 --- a/docs/passwordsecure/9.1/configuration/browseraddons/browser_add-ons.md +++ b/docs/passwordsecure/9.1/configuration/browseraddons/browser_add-ons.md @@ -7,13 +7,13 @@ sidebar_position: 50 # Browser Add-ons Passwords can also be used in the browser using the browser add-on. You can search for passwords in -the add-on, transfer them to the clipboard or enter them in the input mask of the website +the add-on, transfer them to the clipboard, or enter them in the input mask of the website automatically. The automatic login may require applications. -In order to provide the data, the add-on needs a connection to the database. This can be set up +To provide the data, the add-on needs a connection to the database. This can be set up directly in server mode. -Currently, add-ons are available for the following browsers: +add-ons are available for the following browsers: - Microsoft Edge - Google Chrome @@ -24,13 +24,13 @@ Currently, add-ons are available for the following browsers: ## Installation -Please find more information about the installation on: Installation Browser Add-ons +find more information about the installation on: Installation Browser Add-ons ## Connection via server mode -If the installation of the browser extension has been carried out, the user can now open the desired +If the installation of the browser extension has been performed, the user can now open the desired browser. A window appears in which the security of the connection is confirmed. Pairing is performed -with a simple click. A new icon will also be displayed in the desired browser from this point +with a simple click. A new icon is also displayed in the desired browser from this point onwards: ![Icon Add-on](/images/passwordsecure/9.1/configuration/browseradd-ons/addon-icon-en.webp) @@ -39,16 +39,16 @@ If the icon is displayed as shown, it means that although the add-on has been in ## Database profiles -The server mode must know which database profile it is connected to. There are two ways of setting +The server mode must know which database profile it's connected to. There are two ways of setting up a database profile: First, the database profile can be created manually. Therefore, he following information is -required: IP address, Web Application URL and database name. Please note that /api is appended to +required: IP address, Web Application URL, and database name. The /api path is appended to the end of the IP address. ![database profil](/images/passwordsecure/9.1/configuration/browseradd-ons/manual-database-profile-en.webp) -It is also possible that the database profile is filled out automatically. For this, you need to log +It's also possible that the database profile is filled out automatically. For this, you need to log on to a database via Web Application. By clicking on the add-on in the Web Application, its profile can be taken over. Now all necessary information such as profile name, IP address, Web Application and database name are transferred. @@ -62,11 +62,10 @@ The server mode offers the following advantages: - No terminal service is required in terminal server operation :::warning -Please note that SSO applications only work via Autofill Add-on. If you are in server -mode and the Autofill Add-on has not been started, SSO applications do not work! +SSO applications only work via Autofill Add-on. If you're in server +mode and the Autofill Add-on hasn't been started, SSO applications don't work. ::: - After successful connection, the number of data records available for the current Internet page is displayed on the icon. @@ -75,11 +74,11 @@ displayed on the icon. ## Settings All settings that relate to the add-on are made centrally on the client. The user settings system -can be used to enter them globally per organisational unit or per user. The following options have a +lets you enter them globally per organisational unit or per user. The following options have a direct impact on the add-ons and can be found in the SSO category: - Browser add-ons: Automatically send login masks ensures that the login is automatically completed - after the access data has been entered. It is thus not necessary to click the relevant button + after the access data has been entered. It's thus not necessary to click the relevant button manually - About browser add-ons: Automatically fill login masks ensures that access data is entered without the need for any confirmation when a website is recognised. @@ -87,13 +86,15 @@ direct impact on the add-ons and can be found in the SSO category: The default browser option also has an impact on the add-ons. This setting defines the browser in which the websites are opened from the client. -NOTE: It is important to note that the login mask for records with password masking will be ”sent -automatically\*, even if the setting Browser add-ons: Automatically send login masks has been -deactivated. +:::note +The login mask for records with password masking is “sent automatically\*, even if the setting Browser add-ons: Automatically send login masks has been deactivated. +::: ## Working with add-ons -NOTE: A record can only be used for entering data if it has a form field of type "URL". +:::note +A record can only be used for entering data if it has a form field of type "URL". +::: The subscript number mentioned in the previous section is only available with active logins and therefore already says a lot about the “Number of possible entries”. For example, if the number “2” @@ -107,21 +108,21 @@ Secure – as described in the following section. ## Search and navigation -It is currently assumed that the user has to navigate manually to the website on which they want to -automatically enter login data. This way of working is possible but is not convenient enough. The -add-on can be used in a similar way to bookmarks. The search field can be used to search for the +It's assumed that the user has to navigate manually to the website on which they want to +automatically enter login data. This way of working is possible but isn't convenient enough. The +add-on can be used in a similar way to bookmarks. The search field lets you search for the record in the database. The prerequisite is again that the record contains a URL. ![Record usage](/images/passwordsecure/9.1/configuration/browseradd-ons/addon-records-usage-en.webp) The screenshot shows that the URL and the name of the record (Wikipedia) are searched. The results for the search are displayed and can be selected using the arrow buttons or the mouse. The selected -website will be opened in a separate tab. +website opens in a separate tab. ## Several passwords for one website If a user opens a page and multiple passwords with the autofill function are possible for this -website, no entries will be made unlike in older versions. Instead, the following message appears in +website, no entries are made unlike in older versions. Instead, the following message appears in a pop-up: ![Multiple entries](/images/passwordsecure/9.1/configuration/browseradd-ons/addon-multiple-passwords-en.webp) @@ -129,3 +130,4 @@ a pop-up: However, if the autofill function is only activated for one password but multiple passwords are possible, the password with the autofill function is entered. If the user clicks on a record in the pop-up, this record is entered as normal (as was the case previously). + diff --git a/docs/passwordsecure/9.1/configuration/browseraddons/how_to_save_passwords.md b/docs/passwordsecure/9.1/configuration/browseraddons/how_to_save_passwords.md index 9bdc9c9dcf..ac0068d4d8 100644 --- a/docs/passwordsecure/9.1/configuration/browseraddons/how_to_save_passwords.md +++ b/docs/passwordsecure/9.1/configuration/browseraddons/how_to_save_passwords.md @@ -9,10 +9,9 @@ sidebar_position: 20 This chapter describes how to store passwords via add-on. :::warning -You can only save passwords in server mode! +You can only save passwords in server mode. ::: - ## New access data With the setup and login via server mode, the access data can now be added automatically. When @@ -21,7 +20,7 @@ automatically asked whether they should be created. ![new password detected](/images/passwordsecure/9.1/configuration/browseradd-ons/how_to_save_passwords/addon-create-password-en.webp) -By confirming, you will be directly forwarded to the Web Application and registered there. If there +By confirming, you are directly forwarded to the Web Application and registered there. If there are less fields in the deposited or selected form than in the login mask, the missing fields are automatically created as web form fields by default. @@ -36,9 +35,9 @@ already known dataset. ![data was recognized](/images/passwordsecure/9.1/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_151-en.webp) -- **Save password**: The password will be exchanged without opening the Web Application. +- **Save password**: The password is exchanged without opening the Web Application. - **check changes**: The Web Application is opened and you are logged in. The previous password has - been replaced by the new one. However, the storage must be carried out manually. + been replaced by the new one. However, the storage must be performed manually. ![data was recognized](/images/passwordsecure/9.1/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_152-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_android.md b/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_android.md index b8afa96ef8..7765b289da 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_android.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_android.md @@ -11,13 +11,13 @@ login screens. This works for websites in the browser as well as for other apps. #### Requirements -For automatic registration, the service must be enabled in the User Help¹ and Show via other apps¹ +For automatic registration, the service must be enabled in the User Help¹, and Show via other apps¹ Netwrix Password Secure App must be enabled. #### Autofill The login data is entered as soon as the app finds a corresponding mask on a web page or in an app. -In some masks the process starts automatically, in others it is necessary to type in the first +In some masks the process starts automatically, in others it's necessary to type in the first field. There are two possible scenarios. @@ -29,19 +29,20 @@ There are two possible scenarios. **No password found** -If no password is found that matches the app or the website called up, the desired password must +If no password is found that matches the app or the website opened, the desired password must first be selected. **Exactly one password found** -If there is a data set that contains exactly the URL that is called up, the corresponding password -can be suggested. A simple click on the password is then sufficient to pass the data to the website +If there's a data set that contains exactly the URL that's opened, the corresponding password +can be suggested. A simple click the password is then sufficient to pass the data to the website or app. **Multiple passwords found** If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate on the app before -selecting or confirming the password to be entered. The database then has to be unlocked via the -password or Touch ID first. +:::note +Depending on the current state, it may be necessary to authenticate on the app before selecting or confirming the password to be entered. The database then has to be unlocked via the password or Touch ID first. +::: + diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_ios.md b/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_ios.md index d893f8879d..3802f3b370 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_ios.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -12,8 +12,8 @@ screens. This works both with websites in the browser and with other apps. #### Requirements -In order to ensure automatic registration, a few prerequisites must be met. First of all, the -automatic registration must be set up in the settings. If the **iOS keychain** is not needed, it +To ensure automatic registration, a few prerequisites must be met. First of all, the +automatic registration must be set up in the settings. If the **iOS keychain** isn't needed, it should be deactivated. This makes handling a bit easier. Finally, a database connection must exist and access to passwords must be possible. @@ -29,11 +29,11 @@ scenarios. Depending on the configuration and scenario, the dialog for entry can have different characteristics: -- First, one or more passwords are displayed that match the current page or app. These can be +- One or more passwords that match the current page or app are displayed first. These can be selected and entered with a click. -- It is also possible to open the dialog for selecting a password. If no password is found, this +- It's also possible to open the dialog for selecting a password. If no password is found, this dialog is displayed directly. -- Finally, the iOS keychain can also be opened. If this function is not needed, it can be +- Finally, the iOS keychain can also be opened. If this function isn't needed, it can be deactivated. The corresponding option will then no longer be offered. **No password found** @@ -43,14 +43,15 @@ selected. **Exact password found** -If there is a data record that contains exactly the URL that is called up, the corresponding -password can be suggested. A simple click on the password is then sufficient to pass the data to the +If there's a data record that contains exactly the URL that's opened, the corresponding +password can be suggested. A simple click the password is then sufficient to pass the data to the website or app. **Several passwords found** If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate to the app before -selecting or confirming of the password to be entered. The database then has to be unlocked via the -password, Touch ID or Face ID. +:::note +Depending on the current state, it may be necessary to authenticate to the app before selecting or confirming of the password to be entered. The database then has to be unlocked via the password, Touch ID, or Face ID. +::: + diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/9.1/configuration/mobiledevices/mobile_devices.md index 3f7642b534..e3b6ca5d03 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/mobile_devices.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/mobile_devices.md @@ -6,22 +6,24 @@ sidebar_position: 70 # Mobile devices -## The new Netwrix Password Secure Mobile App – mobile and simple! +## The new Netwrix Password Secure Mobile App – mobile -With version 8.10 we have created the perfect complement to the client: **The Netwrix Password -Secure Mobile App!** +Version 8.10 introduced the perfect complement to the client: **The Netwrix Password +Secure Mobile App.** With its **convenient** interface, the Netwrix Password Secure Mobile App offers the perfect -prerequisite for every user to find their way around **quickly** and **easily**. +prerequisite for every user to find their way around **quickly**.. For detailed documentation of the **Netwrix Password Secure Mobile App** -NOTE: Please note that as of version 8.10.0, the previous version 7 App is no longer compatible. +:::note +As of version 8.10.0, the previous version 7 App is no longer compatible. +::: -#### Security is our ambition +#### Security as a priority No matter whether you work with a smartphone or a tablet, you benefit from the highest possible -security on all iOS and Android devices. All passwords are not only available on the mobile device, +security on all iOS and Android devices. All passwords aren't only available on the mobile device, but can also be automatically transferred to websites. So you can use highly complex and therefore secure passwords and don’t have to remember them anymore. The Netwrix Password Secure Mobile App thus combines security and convenience. In addition, the use of a local database ensures that @@ -34,8 +36,7 @@ more extensive and detailed in the specially created **documentation**. ### Password management -The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can not only be -stored securely but also structured conveniently. +The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. Passwords are stored securely and structured conveniently. ### SSO @@ -46,10 +47,11 @@ and correct use can be found out in the corresponding chapters for **iOS** and * ### Synchronization Since the data exchange between mobile database and server database is done automatically in the -background, there is no need to worry about the actuality of the data. +background, there's no need to worry about the actuality of the data. ### Tab system With the new and simplified tab system, the handling for the individual user has been made uncomplicated and clear. The affiliation of the passwords is visible at a glance. The exact handling of the tab system can be read in the chapter **Tabs**. + diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/passwords_mobileapp.md b/docs/passwordsecure/9.1/configuration/mobiledevices/passwords_mobileapp.md index 4aaaddd4ba..7df6673ecd 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/passwords_mobileapp.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/passwords_mobileapp.md @@ -17,7 +17,7 @@ usually used by more than one user. **Prerequisites** -The following prerequisites must be met in order to create new global passwords: +The following prerequisites must be met to create new global passwords: - User right **Can create new passwords** - **Add right** to the corresponding organizational unit @@ -37,8 +37,8 @@ The following user rights are required to create personal passwords: #### Create passwords -When creating a new record, it is necessary to know whether it is a personal or a global password. -Because according to this criterion you should select the appropriate tab and click on the + located +When creating a new record, it's necessary to know whether it's a personal or a global password. +Because according to this criterion you should select the appropriate tab and click the + located in the upper right corner. ![create new password](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/create-new-password-ma-en.webp) @@ -47,18 +47,18 @@ After that, select the required **form**. ![select form](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/select-form-ma-en.webp) -Then, once you have filled in all the relevant information of the selected form, one click on +Then, after you have filled in all the relevant information of the selected form, one click **Save** is enough to create the password. ![new entry MobileApp](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/new-entry-ma-en.webp) #### Editing passwords -To edit a password, click on the corresponding password and select the pencil icon. +To edit a password, click the corresponding password, and select the pencil icon. ![editing password](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/new-entry-ma-2-en.webp) -As soon as you click on the pencil icon again in the new window, in the so-called read-only view, +As soon as you click the pencil icon again in the new window, in the so-called read-only view, you can edit all existing fields. ![edit passwordfield MobileApp](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/edit-passwordfield-ma-en.webp) @@ -67,7 +67,7 @@ you can edit all existing fields. #### Delete -Passwords can currently only be deleted via the Full- or Web Application. +Passwords can only be deleted via the Full- or Web Application. #### Tags @@ -75,11 +75,11 @@ Tags can be added or removed both when creating and editing a password. ![MobileApp - Tags](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/edit-tag-ma-en.webp) -It is also possible to create a completely new tag. +It's also possible to create a completely new tag. -This is possible by searching in the tag selection in the search field for a tag that does not +This is possible by searching in the tag selection in the search field for a tag that doesn't already exist. -You will then be offered the option of creating this previously non-existent tag. +You'll then be offered the option of creating this previously non-existent tag. ![Mobileapp - select/create tag](/images/passwordsecure/9.1/configuration/mobiledevices/passwords/select-tag-ma-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/securitymd.md b/docs/passwordsecure/9.1/configuration/mobiledevices/securitymd.md index a4032107d4..31b75485a4 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/securitymd.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/securitymd.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Security -#### Your security is our ambition +#### Security as a priority Security is a top priority for Netwrix Password Secure - right from the conception stage, it sets the course for all further developments. Of course, security was also taken into account during the development of the Netwrix Password Secure app and the latest technologies were used. The following -encryption techniques and algorithms are currently used: +encryption techniques and algorithms are used: **Global** @@ -20,7 +20,7 @@ encryption techniques and algorithms are currently used: - End to end encrypted (like all Netwrix Password Secure App Clients) - No direct connection to Netwrix Password Secure Server required. Connection is via web server. - MDM (Mobile Device Management) support -- Passwords can be used offline when server access is not available +- Passwords can be used offline when server access isn't available - Fast incremental data synchronization - Easy connection between Netwrix Password Secure Mobile Apps and the server via QR code - Easy navigation between private and shared passwords @@ -28,11 +28,11 @@ encryption techniques and algorithms are currently used: - Two-factor authentication - Synchronization with multiple databases possible - Expiration date of databases to ensure automatic deletion -- Server and app side security settings. Who is allowed to use the app and to what extent? +- Server and app side security settings. Who's allowed to use the app and to what extent? **iOS** -- Full support of FaceID and TouchID for passwordless login to the Netwrix Password Secure Mobile +- Full support of FaceID and TouchID for passwordless log in to the Netwrix Password Secure Mobile app. - Password AutoFill support. Passwords are automatically entered in other apps and Safari. (No copy/paste or typing) diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/9.1/configuration/mobiledevices/settings_mobileapp.md index 757923f465..8bce4c42c7 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/settings_mobileapp.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/settings_mobileapp.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Settings -As soon as you are logged in to the **Netwrix Password Secure App**, you can access the **settings** +As soon as you're logged in to the **Netwrix Password Secure App**, you can access the **settings** via the three dots at the very top left of the screen. These will be briefly explained here. ![MobileApp - settings](/images/passwordsecure/9.1/configuration/mobiledevices/settings/settings-ma-en.webp) @@ -16,7 +16,7 @@ via the three dots at the very top left of the screen. These will be briefly exp **Hide personal tab** -In some use cases personal passwords are not needed on the mobile device. If this is the case you +In some use cases personal passwords aren't needed on the mobile device. If this is the case you can hide the tab with the personal passwords. **Show all passwords in search tab** @@ -41,12 +41,14 @@ Automatic logout from the app can be enabled and configured here. How to synchronize with the main database is configured here. The following options are available: -- **Any type of connection:** as long as there is a connection, synchronization will take place. No - matter if it is a WLAN connection or a connection via the mobile network. -- **Only for WLAN connection:** Synchronization only takes place if there is a connection via WLAN. -- **Disabled:** It is not synchronized +- **Any type of connection:** as long as there's a connection, synchronization will take place. No + matter if it's a WLAN connection or a connection via the mobile network. +- **Only for WLAN connection:** Synchronization only takes place if there's a connection via WLAN. +- **Disabled:** It isn't synchronized -NOTE: Costs may be incurred for synchronization via the mobile network! +:::note +Costs may be incurred for synchronization via the mobile network. +::: **Synchronize now** @@ -73,3 +75,4 @@ If logging is active, the log file can be displayed here. **Delete log file** Logs that are no longer needed can be deleted here. + diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/linking_the_database.md b/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/linking_the_database.md index b94992e905..4ce45cb0e0 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/linking_the_database.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Linking the database -First, an existing database must be linked to the Netwrix Password Secure app in order to finally +First, an existing database must be linked to the Netwrix Password Secure app to finally synchronize the data. During linking, an encrypted database is created on the mobile device, which provides the data even without a network connection. @@ -14,9 +14,9 @@ There are two ways to create a link. #### Manual linking -If the database is to be linked manually, the dialog for creating the link is first called up via +If the database is to be linked manually, the dialog for creating the link is first opened via the + in the top right-hand corner. Here the address of the Web Application is entered and confirmed -with a click on Connect. +with a click Connect. ![Create link](/images/passwordsecure/9.1/configuration/mobiledevices/setup/linking_database/create-link-ma-en.webp) @@ -25,7 +25,7 @@ on it. ![choose link](/images/passwordsecure/9.1/configuration/mobiledevices/setup/linking_database/choose-created-link-en.webp) -Finally, the login with user name and password takes place. In addition, a meaningful name can be +Finally, the log in with user name, and password takes place. In addition, a meaningful name can be assigned. ![log in with your data](/images/passwordsecure/9.1/configuration/mobiledevices/setup/linking_database/integration-ma-en.webp) @@ -34,12 +34,12 @@ assigned. **Fulluser** -The quickest way to create a link is via a QR code. To do this, first log in to the client. You will +The quickest way to create a link is via a QR code. To do this, first log in to the client. You'll find the corresponding QR code in the Backstage under Account: ![QR-code](/images/passwordsecure/9.1/configuration/mobiledevices/setup/linking_database/link-via-qr-code-en.webp) -Then click on the button for the QR code in the app. In the following dialog, the QR code is simply +Then click the button for the QR code in the app. In the following dialog, the QR code is simply photographed from the monitor. The mobile database is now created directly in the background and linked to the database on the server. In the next step, you can give the database profile a meaningful name and log in directly: @@ -48,7 +48,7 @@ meaningful name and log in directly: **LightUser** -Using the Light view, the user must click on their user account and click on the **Account** option +Using the Light view, the user must click their user account, and click the **Account** option ![Account LightClient](/images/passwordsecure/9.1/configuration/mobiledevices/setup/linking_database/account-lc-2-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md b/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md index 38aeb9d0d6..7688902ada 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Setting up autofill -The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. +The most important comfort feature of the Netwrix Password Secure App is the autofill, i.e. the possibility to enter access data directly into the input mask. The autofill must first be set up or configured. @@ -16,7 +16,7 @@ In the settings, first select the item Passwords & Accounts and then Automatical as Auto-fill is activated, all options for filling in login windows are offered. Here one then selects Netwrix Password Secure. -RECOMMENDED: We recommend deactivating the **keychain (iOS)** as well as any other apps offered to +RECOMMENDED: Deactivate the **keychain (iOS)** as well as any other apps offered to prevent misunderstandings in usage. ![password options](/images/passwordsecure/9.1/configuration/mobiledevices/setup/setting_up_autofill/password-options-en.webp) @@ -29,5 +29,5 @@ app is activated. In addition, you must define in the settings under Show via other apps that Netwrix Password Secure may be shown via other apps. -RECOMMENDED: We recommend to use only Netwrix Password Secure for automatic registration and to +RECOMMENDED: Use only Netwrix Password Secure for automatic registration and to deactivate all other apps here. This prevents possible misunderstandings in the operation. diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/9.1/configuration/mobiledevices/synchronization.md index 413bb414cd..fac50905b8 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/synchronization.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/synchronization.md @@ -12,13 +12,13 @@ automatically synchronized in the background. **Synchronization logic** -First of all, it is important to note how the synchronization has been configured in the +How the synchronization has been configured in the [Settings](/docs/passwordsecure/9.1/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This -is done via https port 443, which must be enabled on the server side. Once the prerequisites have +is done via https port 443, which must be enabled on the server side. After the prerequisites have been met, there are the following triggers for synchronization: -- A login to the app takes place +- A log in to the app takes place - Swipe down in the app - The synchronization is started in the settings of the app. - A data record is changed in one of the two databases @@ -26,13 +26,13 @@ been met, there are the following triggers for synchronization: **Which dataset is being synchronized?** In Netwrix Password Secure, each field in a record has a timestamp. During a synchronization -synchronization, these timestamps are checked and the newer field is written to the other database. +synchronization, these timestamps are checked, and the newer field is written to the other database. Example: Assuming in a record the field "Username" is changed in the Advanced view and the field "Password" -is changed in the App. "password" is changed in the app, you will have different data statuses on -both devices. After a synchronization, you will receive the changed user name and the new password +is changed in the App. "password" is changed in the app, you'll have different data statuses on +both devices. After a synchronization, you'll receive the changed user name and the new password on both devices. **Settings for synchronization** diff --git a/docs/passwordsecure/9.1/configuration/mobiledevices/tabs.md b/docs/passwordsecure/9.1/configuration/mobiledevices/tabs.md index d0475783c1..56a4f80d28 100644 --- a/docs/passwordsecure/9.1/configuration/mobiledevices/tabs.md +++ b/docs/passwordsecure/9.1/configuration/mobiledevices/tabs.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Tabs -Once you have successfully logged in, you will find yourself in the view where all the user's +After you have successfully logged in, you'll find yourself in the view where all the user's passwords are located. ![all passwords in mobile app](/images/passwordsecure/9.1/configuration/mobiledevices/tabs/all-passwords-ma-en.webp) @@ -15,7 +15,7 @@ Here you have the following options: **Action menu** -With a click on +With a click ![three-points-en](/images/passwordsecure/9.1/configuration/mobiledevices/tabs/three-points-en.webp) the action menu is opened. @@ -24,18 +24,18 @@ the action menu is opened. The following actions are offered: - **Open settings** (more information can be found in the Settings chapter). -- **Close tab** (the option is offered only if you are in one of the organizational units tabs. The +- **Close tab** (the option is offered only if you're in one of the organizational units tabs. The default ones are excluded) -- **Logout** (you will be logged out from the database) +- **Logout** (you'll be logged out from the database) - **Cancel** (closes the action menu and returns to the tab view) **Tabs** -Below the passwords there is a bar for managing tabs. +Below the passwords there's a bar for managing tabs. ![manage tabs](/images/passwordsecure/9.1/configuration/mobiledevices/tabs/all-passwords-ma-2-en.webp) -By clicking on the plus sign there is a possibility to add more tabs. +By clicking on the plus sign there's a possibility to add more tabs. ![add tabs](/images/passwordsecure/9.1/configuration/mobiledevices/tabs/add-tabs-ma.webp) diff --git a/docs/passwordsecure/9.1/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.1/configuration/offlineclient/offline_client.md index db4a0a9c69..2534fb9311 100644 --- a/docs/passwordsecure/9.1/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/9.1/configuration/offlineclient/offline_client.md @@ -6,9 +6,9 @@ sidebar_position: 90 # Offline Add-on -## What is the Offline Add-on? +## Offline Add-on overview -The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure +The Offline Add-on lets you work without an active connection to the Netwrix Password Secure server. If the corresponding setting has been configured ([Setup and sync](/docs/passwordsecure/9.1/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be automatically synchronized according to freely @@ -21,7 +21,7 @@ database offline. - The database is encrypted using AES-128 or SHA-256. A so-called “platform default” is used for this purpose - In addition, RSA encryption processes are used -- More on this subject…::https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx +- See the [Microsoft documentation](https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx) for details #### Installation @@ -36,9 +36,9 @@ Operation of the Offline Add-on is generally based on the Since the Offline Add-on only has a limited range of functions, the following must be taken into account with regards to its operation: -- There is no dashboard +- There's no dashboard - Only the password module is available -- The filter is not available. Records are found using the +- The filter isn't available. Records are found using the [Search](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the [Autofill Add-on](/docs/passwordsecure/9.1/configuration/autofilladdon/autofill_add-on.md), @@ -46,13 +46,13 @@ account with regards to its operation: ![Offline Client](/images/passwordsecure/9.1/configuration/offlineclient/installation_with_parameters_264-en.webp) -#### What data is synchronised? +#### Synchronised data [Seals](/docs/passwordsecure/9.1/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) enhance the security concept in Netwrix Password Secure to include a double-check principle that can be defined in fine detail. This means that releases for protected information are linked to the -positive authentication of one or more users. Naturally, it is not possible to issue these releases -when the server is not connected. For this reason, sealed records are not synchronized and thus do +positive authentication of one or more users. it isn't possible to issue these releases +when the server isn't connected. For this reason, sealed records aren't synchronized and thus do not form part of offline databases. Otherwise, all records for which the user has the **export right** are synchronised. diff --git a/docs/passwordsecure/9.1/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/9.1/configuration/offlineclient/setup_and_sync.md index 34f7479ef1..b0a3da37e1 100644 --- a/docs/passwordsecure/9.1/configuration/offlineclient/setup_and_sync.md +++ b/docs/passwordsecure/9.1/configuration/offlineclient/setup_and_sync.md @@ -8,20 +8,20 @@ sidebar_position: 10 ## Setting up the offline database -It is important to ensure that the right requirements have been met before setting up the Offline +It's important to ensure that the right requirements have been met before setting up the Offline Add-on. The following configurations need to be defined in both the Server Manager and also the user rights/user settings. **Requirements** To set up offline databases, this option must be activated in the Server Manager first. This process -is carried out separately for each database in the database view in the Server Manager in the -“General settings” (right click on the database). This is also possible to do when the database is +is performed separately for each database in the database view in the Server Manager in the +“General settings” (right click the database). This is also possible to do when the database is initially created. ![Properties](/images/passwordsecure/9.1/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) -You will find further information on this subject in the +You'll find further information on this subject in the sections:[ Creating databases](/docs/passwordsecure/9.1/configuration/servermanager/creating_databases.md) and [Managing databases](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md) @@ -35,21 +35,22 @@ server connection can be defined in the user rights. **Creating an offline database** -The synchronization with the offline database can generally be carried out automatically. However, -**the first synchronization must be carried out manually**. The synchronization is started via the +The synchronization with the offline database can generally be performed automatically. However, +**the first synchronization must be performed manually**. The synchronization is started via the Main menu/Account. ![account-en](/images/passwordsecure/9.1/configuration/offlineclient/setup/account-en.webp) -NOTE: The offline databases are stored locally under the following path: %appdata%\MATESO\Password -Safe and Repository Client\OfflineDB +:::note +The offline databases are stored locally under the following path: %appdata%\MATESO\Password Safe and Repository Client\OfflineDB +::: An offline database must be created per user and client for each online database. This makes it possible to use several offline databases with an Offline Add-on. #### Synchronization -In order to keep the data always consistent, the offline database must be synchronized regularly. +To keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the [User settings](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md). @@ -76,13 +77,14 @@ As soon as the synchronization is completed, this is indicated by a hint. Offline mode can be configured and personalized using the four settings mentioned: - **Offline synchronization after saving a record**: The synchronization of the offline database is - completed directly after saving a record. It is important to note that this only applies to those - records that are saved by the user who is logged in. Changes made by another user do not trigger - any synchronization! + completed directly after saving a record. This only applies to those + records that are saved by the user who's logged in. Changes made by another user don't trigger + any synchronization. - **Offline synchronization after login:** If this option is active, the offline database is synchronized after each restart of the client. - **Automatic synchronization after an interval**: This setting is used to define the interval at - which a synchronization of the offline database will be periodically carried out. The default + which a synchronization of the offline database will be periodically performed. The default value is 30 minutes. - **Path where the offline database should be saved**: If this field is left empty, the system default is used. Otherwise, the storage location for the offline database can be entered directly. + diff --git a/docs/passwordsecure/9.1/configuration/sdkapi/sdk__api.md b/docs/passwordsecure/9.1/configuration/sdkapi/sdk__api.md index a95dcf50cc..f0b2ed0501 100644 --- a/docs/passwordsecure/9.1/configuration/sdkapi/sdk__api.md +++ b/docs/passwordsecure/9.1/configuration/sdkapi/sdk__api.md @@ -6,8 +6,8 @@ sidebar_position: 80 # SDK / API -API: This interface can be used to "address Netwrix Password Secure externally" in order to, for -example, read data for other programs. The API can only be accessed via our wrappers (SDK) using C# +API: This interface lets you "address Netwrix Password Secure externally" to, for +example, read data for other programs. The API can only be accessed via the provided wrappers (SDK) using C# and JavaScript. In the JavaScript version of the API, all enums can be found under the global object "PsrApiEnums". @@ -26,9 +26,8 @@ Server, i.e. `app-server01:11016`, must be used directly. ## Login -If you do not log in to the system in advance, it is not possible to use the API. The first -parameter for the login method is the desired database, followed by the user name and password. It -is important to note that all methods for running the API that initiate a server call are +If you don't log in to the system in advance, it isn't possible to use the API. The first +parameter for the login method is the desired database, followed by the user name, and password. All methods for running the API that initiate a server call are implemented asynchronously. “Task” objects are returned in C# and “Promise” objects are returned in JavaScript. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md b/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md index 7a2cf4a833..87a9273c10 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Basic configuration -## What is basic configuration? +## Basic configuration overview -Within the basic configuration, the connection to the SQL server or to the databases is defined. The -basic configuration appears the first time the Server Manager is started and can be called up at any +Within the basic configuration, the connection to the SQL server, or to the databases is defined. The +basic configuration appears the first time the Server Manager is started and can be opened at any time in the basic configuration. ![base configuration](/images/passwordsecure/9.1/configuration/server_manager/baseconfiguration/installation_with_parameters_188-en.webp) @@ -22,10 +22,10 @@ A special wizard is available to carry out the configuration: #### Service address -The service address of the SQL server can be selected via the drop-down menu. It is mandatory to +The service address of the SQL server can be selected via the dropdown menu. It's mandatory to select the adapter via which the Server Manager can also access the SQL server. -The loopback address 127.0.0.1 should not be used here. +The loopback address 127.0.0.1 shouldn't be used here. #### Service user @@ -38,7 +38,6 @@ The defined service user **needs local administrator** rights to properly config server and create databases. ::: - #### SQL configuration instance Under “SQL Server instance” the database server must be specified, including the SQL instance. For @@ -46,12 +45,14 @@ simplicity, you can copy the server name from the login window of the SQL server ![installation_with_parameters_190](/images/passwordsecure/9.1/configuration/server_manager/baseconfiguration/installation_with_parameters_190.webp) -If the option “Service user” is selected, enter the user that logs on to the SQL Server. Please note +If the option “Service user” is selected, enter the user that logs on to the SQL Server. note that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are sufficient if the database is created manually on the SQL server and is only accessed here. Enter the name of the configuration database under “Database”. -NOTE: Refer to the system requirements for server section for more information about the users. +:::note +Refer to the system requirements for server section for details about the users. +::: #### Expert mode @@ -73,10 +74,9 @@ choose your own. Further information can be found directly in the section provid :::warning Exchanging or overwriting an existing certificate may cause warnings to the clients if -the certificate is not trusted by each client. +the certificate isn't trusted by each client. ::: - **Allow host mode** Host mode is no longer supported since version 8.13. @@ -90,5 +90,7 @@ the database on the SQL server here. The following is cached: - The structure of the organisational units - All settings -NOTE: If this option is changed, the server needs to be restarted so that the change can take -effect. +:::note +If this option is changed, the server needs to be restarted so that the change can take effect. +::: + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md index 7eab451f09..6065c06dae 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md @@ -7,10 +7,10 @@ sidebar_position: 20 # Certificates Various different certificates are used to guarantee the security of Netwrix Password Secure. The -certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important -that they are carefully backed up. +certificates are essential for the smooth operation of Netwrix Password Secure. It's thus important +that they're carefully backed up. -## What certificates are used? +## Certificate types The individual certificates are described in the following sections: @@ -20,39 +20,40 @@ The individual certificates are described in the following sections: - [Discovery service certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/discovery_service_certificates.md)s - [Password Reset certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/password_reset_certificates.md) -## Calling up the certificate manager +## Opening the certificate manager There are two ways to open the certificate manager. The certificates for each specific database can be managed via the ribbon: ![installation_with_parameters_196_647x73](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_196_647x73.webp) -In the **Main menu**, it is also possible to start the certificate manager for all databases via the +In the **Main menu**, it's also possible to start the certificate manager for all databases via the **basic configuration:** ![base configuration](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) -NOTE: Operation of the certificate manager is always the same. The only difference is whether the -certificates are displayed for each database or for all databases. +:::note +Operation of the certificate manager is always the same. The only difference is whether the certificates are displayed for each database or for all databases. +::: #### Checking existing certificates -After opening the certificate manager, all certificates specific to Netwrix Password Secure will be -displayed. Clicking on the certificate will display further information. +After opening the certificate manager, all certificates specific to Netwrix Password Secure are +displayed. Clicking on a certificate displays further information. ![installation_with_parameters_198](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_198.webp) -Double clicking on a certificate will open the Windows Certificate Manager to provide more detailed +Double clicking on a certificate opens the Windows Certificate Manager to provide more detailed information. ![installation_with_parameters_199_423x396](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_199_423x396.webp) #### Required certificates / deleting no longer required certificates -The overview will initially only display those certificates that are being used and are thus -required. Clicking on **All** will also display the no longer required certificates. For example, it +The overview initially displays only those certificates that are being used and are thus +required. Clicking on **All** also displays the no longer required certificates. For example, it is possible that outdated certificates exist on the machine due to a test installation. These -certificates can be easily deleted via the corresponding button in the ribbon. +certificates can be deleted via the corresponding button in the ribbon. ![certificates-ac-4-en](/images/passwordsecure/9.1/configuration/server_manager/certificates/certificates-ac-4-en.webp) @@ -63,22 +64,24 @@ This merely requires you to enter the desired .pfx file and its password. #### Exporting certificates -The relevant certificates will be backed up by clicking on export. A password firstly needs to be -issued here. If a storage location has not yet been entered via the settings, you are firstly asked +The relevant certificates are backed up by clicking on export. A password firstly needs to be +issued here. If a storage location hasn't yet been entered via the settings, you're firstly asked to enter it. -NOTE: SSL connection certificates are not included in this process and are also not backed up. These -certificates can be recreated if necessary. +:::note +SSL connection certificates aren't included in this process and are also not backed up. These certificates can be recreated if necessary. +::: #### Settings You can define whether every certificate should be saved to its own file in the **settings**. If -this option has not been activated, all relevant certificates will be backed up in one file. In +this option hasn't been activated, all relevant certificates are backed up in one file. In addition, the storage location is defined in the settings. ![installation_with_parameters_201_826x310](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_201_826x310.webp) #### Backing up certificates -If you want to automatically back up the certificates on a cyclical basis, this can be done via the +To automatically back up the certificates on a cyclical basis, use the backup system. Further information can be found in the section Backup management. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/database_certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/database_certificates.md index 5dde28504d..047dbdc970 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/database_certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/database_certificates.md @@ -6,32 +6,35 @@ sidebar_position: 20 # Database certificates -## What is a database certificate? +## Database certificate overview A unique certificate is created for each database. This has the name **psrDatabaseKey**: ![installation_with_parameters_207](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_207.webp) -The database certificate **does not encrypt the database.** Rather, it is used for the encrypted +The database certificate **doesn't encrypt the database.** Rather, it's used for the encrypted transfer of passwords from the client to the server in the following cases: - Creation of a WebViewer via a task - Creation of an AD profile protected by a master key - Login of users imported from AD in Master Key mode -NOTE: The database certificate cannot be replaced by your own certificate. +:::note +The database certificate can't be replaced by your own certificate. +::: -NOTE: The expiry date for the database certificate is not checked. The certificate thus does not -need to be renewed. +:::note +The expiry date for the database certificate isn't checked. The certificate thus doesn't need to be renewed. +::: :::warning -If the database is being moved to another server, it is essential that the certificate -is also transferred! +If the database is being moved to another server, it's essential that the certificate +is also transferred. ::: - #### Exporting and importing the certificate The section [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md) explains how to back up the certificate and link it again. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/discovery_service_certificates.md index 39855c41f3..73bdd0fb16 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/discovery_service_certificates.md @@ -6,25 +6,28 @@ sidebar_position: 40 # Discovery service certificates -## What is a discovery service certificate? +## Discovery service certificate overview If a discovery service is created, a corresponding certificate is also created: ![installation_with_parameters_202](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_202.webp) -NOTE: The discovery service certificate cannot be replaced by your own certificate. +:::note +The discovery service certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the discovery service have an expiry date. However, this is not checked. -The certificate thus does not need to be renewed. +:::note +The certificates for the discovery service have an expiry date. However, this isn't checked. The certificate thus doesn't need to be renewed. +::: :::warning -If the database is being moved to another server, it is **essential that the discovery -service certificate is also transferred!** +If the database is being moved to another server, it's **essential that the discovery +service certificate is also transferred.** ::: - #### Exporting and importing the certificate The section [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md)explains how to back up the certificate and link it again. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/master_key_certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/master_key_certificates.md index 3eb84cb28b..f8687f907d 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/master_key_certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/master_key_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Master Key certificates -#### What is a Master Key certificate? +#### Master Key certificate overview If Active Directory is accessed via [Masterkey mode](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), @@ -16,17 +16,20 @@ Active Directory: Domain: ![installation_with_parameters_208](/images/passwordsecure/9.1/configuration/server_manager/certificates/installation_with_parameters_208.webp) -NOTE: The Master Key certificate cannot be replaced by your own certificate. +:::note +The Master Key certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for Master Key mode have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for Master Key mode have an expiry date. However, this isn't checked. The certificate thus doesn't need to be renewed. +::: :::warning -If the database is being moved to another server, it is essential that the Master Key -certificate is also transferred! +If the database is being moved to another server, it's essential that the Master Key +certificate is also transferred. ::: - #### Exporting and importing the certificate The section certificates explains how to back up the certificate and link it again. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/nps_server_encryption_certificate.md index 8bd4beb39a..e32fcf78ae 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/nps_server_encryption_certificate.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/nps_server_encryption_certificate.md @@ -11,7 +11,7 @@ be added automatically. ![NPWS Server Encryption](/images/passwordsecure/9.1/configuration/server_manager/certificates/nps-server-encryption_1014x771.webp) -This certificate is important if you will activate an offline license. In future there will be more +This certificate is important if you'll activate an offline license. In future there will be more features for which this certificate is relevant. -RECOMMENDED: **Please export this certificate separately!!!** +RECOMMENDED: **export this certificate separately.** diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/password_reset_certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/password_reset_certificates.md index 7b8744e1e7..18813faa0c 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/password_reset_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Password Reset certificates -## What is a Netwrix Password Secure certificate? +## Netwrix Password Secure certificate overview If a [Password Reset](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md) @@ -15,19 +15,22 @@ in encrypted form. ![password-reset](/images/passwordsecure/9.1/configuration/server_manager/certificates/password-reset.webp) -NOTE: The Password Reset certificate cannot be replaced by your own certificate. +:::note +The Password Reset certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the Password Reset have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for the Password Reset have an expiry date. However, this isn't checked. The certificate thus doesn't need to be renewed. +::: :::warning -If the database is being moved to another server, it is essential that all Password -Reset certificate is also transferred! +If the database is being moved to another server, it's essential that all Password +Reset certificate is also transferred. ::: - #### Exporting and importing the certificate The section [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md)explains how to back up the certificate and link it again. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.1/configuration/servermanager/certificates/ssl_connection_certificates.md index 64d13e18e6..96ba017ddd 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/certificates/ssl_connection_certificates.md @@ -6,31 +6,31 @@ sidebar_position: 10 # SSL connection certificates -## What is an SSL connection certificate? +## SSL connection certificate overview The connection between clients and the server is secured via an SSL certificate. The **latest -encryption standard TLS 1.2** is used here. It is also possible to create a certificate via the +encryption standard TLS 1.2** is used here. It's also possible to create a certificate via the server, as well as to use an existing certificate with a CA. All computers on which a client is installed must trust the certificate. -Otherwise, the following message will appear when the client is started: +Otherwise, the following message appears when the client is started: -**This connection is not trusted!** +**This connection isn't trusted!** -The connection to the server is not considered secure. +The connection to the server isn't considered secure. ![not_trusted_certificates](/images/passwordsecure/9.1/configuration/server_manager/certificates/not_trusted_certificates.webp) -NOTE: Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, -and has been extended to include TLS 1.2 +:::note +Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, and has been extended to include TLS 1.2 +::: :::warning The service user creates the databases. A separate certificate is also generated for -each database. Therefore, the service user must be a local administrator or a domain administrator, +each database. Therefore, the service user must be a local administrator, or a domain administrator, as otherwise they would have no rights to save data in the certificate store. ::: - #### Structure of certificates The following information applies to both the **Netwrix Password Secure certificate** and also to @@ -38,12 +38,14 @@ your **own certificates:** **Alternative applicant** -Communication between the client and server can only take place using the path that is stored in the +Communication between the client and server can only take place using the path that's stored in the certificate with the alternative applicant. Therefore, the Netwrix Password Secure certificate stores all IP addresses for the server, as well as the hostname. When creating your own certificate, this information should also be saved under the alternative applicant. -NOTE: All information (including the IP address) are stored as DNS name. +:::note +All information (including the IP address) are stored as DNS name. +::: #### Using the Netwrix Password Secure certificate @@ -53,12 +55,13 @@ in the AdminConsole. The certificate is saved locally under: **Local computer -> own certificates -> certificates** -NOTE: The certificate is valid from its creation up to the year 9999 – and is thus valid almost -indefinitely. For this reason, it is not necessary to note any expiry date. +:::note +The certificate is valid from its creation up to the year 9999 – and is thus valid almost indefinitely. For this reason, it isn't necessary to note any expiry date. +::: **Distributing the Netwrix Password Secure certificate** -In order for the certificate to be trusted, it can be exported to the server and then imported to +In order for the certificate to be trusted, it can be exported to the server, and then imported to the clients. The following storage location needs to be selected here: local computer -> trusted root certificate location -> certificates @@ -67,7 +70,7 @@ The certificate can be both rolled out and distributed using group guidelines. **Manually importing the Netwrix Password Secure certificate** -If the Netwrix Password Secure certificate is not rolled out, it is also possible to manually import +If the Netwrix Password Secure certificate isn't rolled out, it's also possible to manually import the certificate. To do this, firstly open the certificate information. In the warning notification, the Show server certificate button is available for this purpose. In the following dialogue, select the option Install certificate… @@ -85,21 +88,23 @@ selected. Finally, the installation needs to be confirmed once again. -NOTE: The user logged in to the operating system requires rights to create certificates +:::note +The user logged in to the operating system requires rights to create certificates +::: #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the [Basic configuration](/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md). -Please note that a server certificate for SSL encryption is used here. The CA must be configured so -that all clients trust the certificate. It is necessary to adhere to the certification path. +A server certificate for SSL encryption is used here. The CA must be configured so +that all clients trust the certificate. It's necessary to adhere to the certification path. :::warning When configuring, you must ensure that the clients can access the CA lock lists ::: - **Wildcard certificates** -Wildcard certificates are not supported. In theory, it should be possible to use them but we cannot +Wildcard certificates aren't supported. In theory, it should be possible to use them but Netwrix can't help with the configuration. You can use wildcard certificates at your own responsibility. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/creating_databases.md b/docs/passwordsecure/9.1/configuration/servermanager/creating_databases.md index e8b90347ee..c2d200d752 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/creating_databases.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/creating_databases.md @@ -10,10 +10,10 @@ sidebar_position: 40 [https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0)[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0) -## What are databases? +## Databases overview Databases contain all information on users, records, documents, etc. The changes to objects in -Netwrix Password Secure will also become part of the MSSQL database. Naturally, the regular creation +Netwrix Password Secure also become part of the MSSQL database. the regular creation of backups to secure this data should always have the highest priority. The **MSSQL** relational database management system is used in Netwrix Password Secure version 8. @@ -26,7 +26,7 @@ ribbon. The individual tabs of the wizard are explained below: **Database server** -The first tab can be used to manually select the database server. By default, the value defined in +The first tab lets you manually select the database server. By default, the value defined in the Advanced settings is preset. A user can also be entered or the service user can be selected instead. @@ -38,7 +38,7 @@ databases. **Data** -This setting can be used to define whether a template should be used. The template will provide the +This setting lets you define whether a template should be used. The template provides the database with ready-made forms and dashboard settings that make it easier to get started. The user can select from English and German templates. However, it is also possible to proceed without a template – you will then start with a completely empty database. If you have a backup from Password @@ -52,7 +52,7 @@ a migration is active, the user can be deleted after migration. #### Finishing the database wizard Once a database has been created successfully, , provided it has been selected. If no data migration -has been selected, the new database is created directly, and will be displayed in the database +has been selected, the new database is created directly, and is displayed in the database overview. ![created new database](/images/passwordsecure/9.1/configuration/server_manager/creatingdatabase/installation_with_parameters_218-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_firewall.md b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_firewall.md index 904f2ce799..a56f4d1308 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_firewall.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_firewall.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Database firewall -## What is the database firewall? +## Database firewall overview -The database firewall enables you to regulate access to the database. A whitelist policy is used for +The database firewall regulates access to the database. A whitelist policy is used for this process. Firewall rules are used to allow access to the database in individual cases. #### Activating the firewall @@ -27,7 +27,7 @@ The rules already set are displayed in the section on the right. The icons ![+](/images/passwordsecure/9.1/configuration/server_manager/database_properties/+.webp) and ![-](/images/passwordsecure/9.1/configuration/server_manager/database_properties/-.webp) -can be used to add or also delete rules. Rules can be edited by double clicking on them. +lets you add or also delete rules. Rules can be edited by double clicking on them. ![firewall rule](/images/passwordsecure/9.1/configuration/server_manager/database_properties/installation_with_parameters_230-en.webp) @@ -35,16 +35,18 @@ The following possibilities exist: - Access from an individual computer is allowed via the IP address. - A Range of multiple IP addresses can also be optionally selected. -- It is also possible to regulate access using the Computer name. +- It's also possible to regulate access using the Computer name. - Finally, access can also be allowed for a certain Windows user. For example, the administrator can be allowed access irrespective of the computer being used. - The setting Grant access defines whether access is allowed or blocked. This is symbolised by a corresponding icon. -Naturally, the rules can also be combined. It is thus possible e.g that only one defined user can +The rules can also be combined. It's thus possible e.g that only one defined user can access one database from a certain IP address. -NOTE: The conditions are always combined using AND operators +:::note +The conditions are always combined using AND operators +::: If two or more rules overlap, the rule with the least rights will always be applied. For example, if a rule allows access from a range of IP addresses but another rule blocks a specific computer within @@ -52,7 +54,7 @@ this range then the rule blocking the computer is applied. ## Examples -The functionality of the firewall will be explained in more detail using the following rules: +The functionality of the firewall is explained in more detail using the following rules: ![defined firewall rules](/images/passwordsecure/9.1/configuration/server_manager/database_properties/installation_with_parameters_231-en.webp) @@ -68,10 +70,10 @@ is blocked using this rule. **Blocking an individual user (Rule 3)** -If you want to block a particular user (perhaps because they have left the company) then this is -also possible. +To block a particular user (perhaps because they have left the company), create a blocking rule. **Computer-independent access for a user (Rule 4)** -This rule grants access to the administrator. It is irrelevant which computer the administrator uses +This rule grants access to the administrator. It's irrelevant which computer the administrator uses to log in to the database. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_properties.md b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_properties.md index 308dca365e..acf52d37e4 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_properties.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_properties.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Database properties -The properties of a database can be opened by double-clicking on the database. No login to the +The properties of a database can be opened by double-clicking on the database. No log in to the database is required. ![installation_with_parameters_225](/images/passwordsecure/9.1/configuration/server_manager/database_properties/installation_with_parameters_225.webp) diff --git a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/general_settings_admin_client.md b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/general_settings_admin_client.md index daae013aab..197b01566c 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/general_settings_admin_client.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/general_settings_admin_client.md @@ -6,7 +6,7 @@ sidebar_position: 10 # General settings -## What are general settings? +## General settings overview Within the general settings, surface settings regarding the colour scheme as well as the language used are configured. The password for logging in to the Server Manager can also be changed here. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/syslog.md b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/syslog.md index 80cccb9ee9..e7ae21d059 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/syslog.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/syslog.md @@ -6,12 +6,12 @@ sidebar_position: 20 # Syslog -If desired, the server logs and also the +If desired, the server logs, and also the **[Logbook](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/logbook.md)** -can be transferred to a Syslog server. Double clicking on a database allows you to access its +can be transferred to a Syslog server. Double clicking on a database opens its settings. The corresponding menu items can be found there. ![installation_with_parameters_232](/images/passwordsecure/9.1/configuration/server_manager/database_properties/installation_with_parameters_232.webp) -After activating the Syslog interface via the corresponding option, it is possible to configure the +After activating the Syslog interface via the corresponding option, it's possible to configure the Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/advanced_settings.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/advanced_settings.md index dbb035769b..c4771b3914 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/advanced_settings.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/advanced_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Advanced settings -## What are advanced settings? +## Advanced settings overview Global standard default values are specified in the advanced settings. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md index ca14e6769f..8fa5946894 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Automatic backup cleanup -It is possible to delete backups automatically after a certain period of time. This can be useful if +It's possible to delete backups automatically after a certain period of time. This can be useful if you append date and time to the backups and thus generate new files daily. ![automatic cleanup](/images/passwordsecure/9.1/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md index 1fc6516dbf..0aa9024f6a 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md @@ -8,20 +8,20 @@ sidebar_position: 10 #### Introduction -Regular backups of the data should always be part of every security concept. If you wish to create -backups directly on the SQL server, you should also include the Netwrix Password Secure databases. -If no central backups are carried out at the SQL level, you can create backup profiles using the -Server Manager. The backups themselves will then be generated on the SQL Server. +Regular backups of the data should always be part of every security concept. To create +backups directly on the SQL server, include the Netwrix Password Secure databases. +If no central backups are performed at the SQL level, you can create backup profiles using the +Server Manager. The backups themselves are then generated on the SQL Server. #### Difference between an incremental and full backup A complete backup always saves all data in a database. An incremental backup also creates a complete -image of the database as the first step. In future, only the changes since the backup created at the -beginning will be saved. This saves both time and memory capacity. +image of the database as the first step. After that, only the changes since the initial backup +are saved. This saves both time and memory capacity. #### Backup concept -It is recommended that an incremental backup is run every hour. In addition, a full backup should be +It's recommended that an incremental backup is run every hour. In addition, a full backup should be created once a week. #### Managing the backup schedule @@ -31,24 +31,26 @@ created once a week. You can create a new schedule via the ribbon. This is facilitated by a wizard. All the information entered under [Backup settings](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) -will be used by default. +are used by default. A profile name is entered first. The desired databases are also selected. You also need to specify the directory for the backups. ![new backup profile - base settings](/images/passwordsecure/9.1/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_257-en.webp) -NOTE: It must be a directory on the SQL server. +:::note +It must be a directory on the SQL server. +::: -Now set the time interval for creating the backups. A preview on the right will show when the -backups will be created in future. An end date can be optionally entered. +Now set the time interval for creating the backups. A preview on the right shows when the +backups are created. An end date can be optionally entered. ![new backup profile - interval](/images/passwordsecure/9.1/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_258-en.webp) -In the advanced settings, you can configure whether the backup should be activated directly. It is +In the advanced settings, you can configure whether the backup should be activated directly. It's also possible to specify whether to create incremental backups. If the date and time are added to -the file name, a new backup is created with each run. If this is not done, the last backup is always -overwritten. The service user can be used to create the backup or a service user can be specified +the file name, a new backup is created with each run. If this isn't done, the last backup is always +overwritten. The service user lets you create the backup or a service user can be specified with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup @@ -61,13 +63,13 @@ task. Further information can be found in the section The backups are executed by the SQL server in the background. If an error occurs, this is indicated in “orange” in the backup list. Information about any errors issued by the SQL server is displayed -under all backups. A backup will be automatically deactivated if it does not run 5x in a row. This -will be marked in the list in red. The schedule cannot be reactivated directly. You will need to +under all backups. A backup is automatically deactivated if it doesn't run 5x in a row. This +is marked in the list in red. The schedule can't be reactivated directly. You'll need to open it and amend it. **Other backup actions** -A selected schedule can be deleted via the ribbon. The wizard for a schedule can be called up by +A selected schedule can be deleted via the ribbon. The wizard for a schedule can be opened by double-clicking on it to make any changes. In addition, a backup can be started directly via the ribbon at any time. The backup service must be running for this purpose. You can also display this in the history. @@ -81,7 +83,8 @@ existing databases. Firstly, select the required database. You can now select In If necessary, firstly enter login data for the user that logs in to the SQL server – although the service user is generally used here. Now select the backup file. All the backups contained in the -file will then be displayed. Now simply click on Restore to restore the backup to the existing +file are then displayed. Now click Restore to restore the backup to the existing database. ![Database restore](/images/passwordsecure/9.1/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_261-en.webp) + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md index fabeeb999d..66bab4d884 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Backup settings -## What are backup settings? +## Backup settings overview Within the backup settings the default values for the execution of backups can be defined. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md index 8463e52f5b..99a7220f08 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -6,33 +6,33 @@ sidebar_position: 30 # Disaster recovery scenarios -#### Finding a quick solution in the event of a disaster +#### Finding a quick solution if a disaster occurs -In our experience, Netwrix Password Secure is usually installed in IT in a central location. If the +Netwrix Password Secure is typically installed in IT in a central location. If the system fails, it must be possible to gain access to the passwords again as quickly as possible. This -section is designed to help you quickly find a solution in the event of a problem. +section is designed to help you quickly find a solution if a problem occurs. #### Prevention -It is extremely important to create a sensible recovery plan and to make corresponding preparations. -Unfortunately, it is not possible to supply a finished recovery plan because it always needs to be +It's extremely important to create a sensible recovery plan and to make corresponding preparations. +Unfortunately, it isn't possible to supply a finished recovery plan because it always needs to be created individually. The following points should be taken into account in this process: **Creating backups** -It is of course essential in the event of a disaster that you can access a backup that is as -up-to-date as possible. Therefore, it is necessary to regularly create +It's of course essential if a disaster occurs that you can access a backup that's as +up-to-date as possible. Therefore, it's necessary to regularly create [Backup management](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -Who is responsible in the event of a disaster? +Who's responsible if a disaster occurs? -The first thing to decide is who should take action in the event of a disaster. Corresponding +The first thing to decide is who should take action if a disaster occurs. Corresponding deputies should also be defined. The responsible employee should have the corresponding rights within Netwrix Password Secure. **Providing the required passwords** -What passwords do those people responsible need in order to restore Netwrix Password Secure? +What passwords do those people responsible need to restore Netwrix Password Secure? - Domain password to log into the specific computer - Password for the Server Manager @@ -76,7 +76,7 @@ Solution: Install the database server on new hardware. If the server name changes as a result, the licence needs to be reactivated. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. If the SQL instance name changes, the connection to the -database server needs to be reconfigured on the application server. This is carried out via the +database server needs to be reconfigured on the application server. This is performed via the basic configuration. Any existing offline databases will continue to function properly. @@ -94,7 +94,7 @@ it may be that the licence can only be released again by Netwrix. The basic conf completed to restore the connection to the database server. If the server name changes, the database profile on the client needs to be amended. -**Any existing offline databases need to be recreated!** +**Any existing offline databases need to be recreated.** Scenario 4 @@ -109,7 +109,7 @@ Restore the database from the backup. The basic configuration must be completed connection to the database server. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. -**Any existing offline databases need to be recreated!** +**Any existing offline databases need to be recreated.** Scenario 5 @@ -120,5 +120,5 @@ As for Scenario 4 but the Active Directory is also not available. Solution: As described for scenario 4. If the user was imported in end-to-end mode, you can also log in -without an AD connection. Users imported in Masterkey mode cannot log in. Therefore, it is +without an AD connection. Users imported in Masterkey mode can't log in. Therefore, it's recommended that you create special, local emergency users for such cases. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md index 91306c280b..512055ce70 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # License settings -## What are license settings? +## License settings overview Licenses for the Netwrix Password Secure are managed within the license settings. In addition, all current license details are displayed in the window provided for this purpose. @@ -16,11 +16,9 @@ current license details are displayed in the window provided for this purpose. ## Licenses :::warning -Version 7 licenses cannot be used for Netwrix Password Secure Version 8. “Please -contact us”: http: //www.passwordsafe.de to obtain a version 8 license. +Version 7 licenses can't be used for Netwrix Password Secure Version 8. Visit http://www.passwordsafe.de to obtain a version 8 license. ::: - Licenses are linked via the Netwrix license server. Here are the details: - license.passwordsafe.de @@ -29,28 +27,28 @@ Licenses are linked via the Netwrix license server. Here are the details: Ensure that this server is accessible. You may also use Proxy servers. The license is retrieved from the server and stored in the server configuration. The license will be checked every hour, and -updated as required. The retention time is 30 days. If there is no internet connection, you can -continue to work for 30 days. If this period should cause problems, please contact us. +updated as required. The retention time is 30 days. If there's no internet connection, you can +continue to work for 30 days. If this period should cause problems, contact the Netwrix support team. #### Integrating and managing licenses -After purchase, you will receive the required license information in the form of “customer name” and +After purchase, you'll receive the required license information in the form of “customer name” and “password”. Enter this information directly into the License Server Access area. Use the Select and Activate button to establish a connection to the license server. You can select the acquired licenses from a list. The license can be now used. -NOTE: Optionally, you may specify a proxy. By default, the proxy stored in the operating system is -used. +:::note +Optionally, you may specify a proxy. By default, the proxy stored in the operating system is used. +::: :::warning -The licence is called up in the context of the service user. If you experience +The licence opens in the context of the service user. If you experience connection problems, the firewall and, if relevant, the proxy should be checked. ::: - #### How to activate the license via license file -1. Transition the file attached to the email to the Netwrix Password Secure Server(s). +1. Transition the file attached to the email to the Netwrix Password Secure Servers. 2. Open the Netwrix Password Secure Server Manager. 3. Open the main menu and select the License settings area. 4. Open the License file tab. @@ -61,3 +59,4 @@ connection problems, the firewall and, if relevant, the proxy should be checked. 6. Select the file from this email and then click Open. ![activated_license](/images/passwordsecure/9.1/configuration/server_manager/main_menu/activated_license.webp) + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/main_menu.md b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/main_menu.md index 3c0a39e97e..e1f6063795 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/main_menu.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/main_menu.md @@ -6,11 +6,11 @@ sidebar_position: 90 # Main menu -## What is the main menu? +## Main menu overview The operation and structure of the Main menu/Backstage menu is the same for the [Main menu](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/main_menu_fc.md) -on the client. This area can be used independently of the currently selected module. +on the client. This area can be used independently of the selected module. - [General settings](/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/general_settings_admin_client.md) - [Backup settings](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) diff --git a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/database_settings.md index b6f5e3466d..d9b5fa1fff 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/database_settings.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/database_settings.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Database settings -To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively -you can open the context menu with the right mouse button and click on "Properties". In the next -step you will be asked to enter your admin password. After that a window with the settings will +To open the settings of a database, select it, and click "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click "Properties". In the next +step you'll be asked to enter your admin password. After that a window with the settings will open. #### Settings diff --git a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md index ff39f87a7d..4a7941aeec 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md @@ -6,29 +6,29 @@ sidebar_position: 30 # HSM connection via PKCS # 11 -## What is the HSM connection? +## HSM connection overview The HSM connection ensures that the certificates can be outsourced to the HSM. This ultimately leads -to an increased protection because the certificates are not directly in the server’s access. The +to an increased protection because the certificates aren't directly in the server’s access. The connection is effected via PKCS # 11. #### Requirements -In order to be able to connect an HSM, the following conditions have to be met: +To be able to connect an HSM, the following conditions have to be met: - An executable HSM has to be available. - The PKCS # 11 drivers have to be installed on the application server. - The device is set up via the Administrator database on the Server Manager. :::warning -Please note, if an HSM is to be used, the database also has to be set up thoroughly. It -is currently not possible to transfer an existing database to an HSM. +If an HSM is to be used, the database also has to be set up thoroughly. It +isn't possible to transfer an existing database to an HSM. ::: #### Hardware compatibility -In principle, any HSM should work with the PKCS#11 interface. However, it is recommended to try this +In principle, any HSM should work with the PKCS#11 interface. However, it's recommended to try this out in a test position or a PoC beforehand. #### Installation @@ -47,6 +47,6 @@ The installation is set up on the Server Manager via the database settings. As soon as the HSM is connected, all server keys are transferred to the HSM. This is the database certificate. If the AD has been connected in Masterkey mode, the masterkey will also be transferred to the HSM. Then the certificates are no longer stored in the certificate store of the application -server, but centrally managed by the HSM. All other keys are not stored on the HSM, but derived from +server, but centrally managed by the HSM. All other keys aren't stored on the HSM, but derived from the masterkeys. Therefore, Netwrix Password Secure rarely accesses the HSM, for example, at server startup or at the AD Sync. As a result, the load on the HSM can be kept low. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md index 05b02d6c29..2c4db1e9f6 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Multifactor Authentication -## What is multifactor authentication? +## Multifactor authentication overview Multifactor authentication is used to secure the logon to the by an additional factor. The actual setup takes place in the client. The configured en can then be used by any user @@ -19,5 +19,7 @@ In the Databases module, select a database and open its settings via the ribbon. In the settings you define which second factors can be used. -NOTE: If you want to use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the -corresponding checkbox. +:::note +To use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the corresponding checkbox. +::: + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md index afcc57db27..a609ea23a3 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Session timeout Here you can set individually for each client when an inactive connection to the application server -is automatically terminated. Select the desired time period in the drop-down menu and save the +is automatically terminated. Select the desired time period in the dropdown menu and save the setting by clicking on **"Save"**. ![session timeout](/images/passwordsecure/9.1/configuration/server_manager/managing_databases/database_settings/session-timeout-en.webp) diff --git a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md index e391e9e1ff..caff3957f7 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/managing_databases.md @@ -8,23 +8,23 @@ sidebar_position: 70 ## Managing a database -The available actions can be selected via the context menu that is accessed using the right mouse +The available actions can be selected via the context menu that's accessed using the right mouse button or also via the ribbon. ![Managing databases](/images/passwordsecure/9.1/configuration/server_manager/managing_databases/installation_with_parameters_234-en.webp) ## Database settings -All database settings are saved in the database. It is necessary to log in to the database before -editing the settings. Any user that exists in the database can be used for this purpose. You can +All database settings are saved in the database. It's necessary to log in to the database before +editing the settings. Any user that exists in the database supports this purpose. You can always restore Global settings via the ribbon. **Multifactor authentication** -This area can be used to configure which services will be used for multi-factor authentication. The +This area lets you configure which services are used for multi-factor authentication. The available services are: RSA Secure ID, SafeNet, YubiKey NEO, and YubiKey Nano. After selecting the required service, specify the respective access data. You must also configure various services. In -this case, you can specify on the client which methods will be used by the individual users. +this case, you can specify on the client which methods are used by the individual users. Further information on this subject can be found in the section[Multifactor Authentication](/docs/passwordsecure/9.1/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). @@ -38,33 +38,32 @@ The interface can be configured here. If desired, the logbook, **notifications, session recordings** and also the **historical documents** can be automatically cleaned up here. You merely have to enter how old the data needs to be before -it is deleted. Logbook entries can be exported before the deletion process. +it's deleted. Logbook entries can be exported before the deletion process. :::warning -It is important to note that the logbook is also used for the filter functions. If the -logbook is regularly cleaned up, it is possible that the full functions of the filter will no longer +The logbook is also used for the filter functions. If the +logbook is regularly cleaned up, it's possible that the full functions of the filter are no longer be available. ::: - #### Database actions **Show connection locks** In the ribbon, all connection locks can be displayed. To do this, you must first log in to the -database. All locked users will be displayed in a list. The following is displayed: +database. All locked users are displayed in a list. The following is displayed: - User name (if known) - Reason for lock - Number of login attempts - Expiry of the lock. The user can be unlocked by right-clicking on an entry. -A user can be locked manually using the corresponding button. It is necessary to select the user, +A user can be locked manually using the corresponding button. It's necessary to select the user, configure the expiration of the lock and specify a reason. **Show / disconnect sessions** -You can use the corresponding button to display all currently connected clients. After selecting a +You can use the corresponding button to display all connected clients. After selecting a session, the connection can be disconnected. **Migration** @@ -74,20 +73,19 @@ version 7 databases to be merged into one. :::warning When the migration is started, the database is set to migration mode. For the duration -of the migration, it is not possible to log in to the database – users who are already logged in -will be sent a corresponding message. The sessions will, however, remain open so that users can +of the migration, it isn't possible to log in to the database – users who are already logged in +are sent a corresponding message. The sessions remain open, however, so that users can continue working as soon as the migration is complete. ::: - **Certificates** Management of the certificates is very important. This is described in the section certificates. **Display database users** -This button can be used to call up statistics about the users in the respective databases. It shows -you which users are active in which database. Naturally, this list can also be exported. +This button lets you view statistics about the users in the respective databases. It shows +you which users are active in which database. this list can also be exported. #### Data backup diff --git a/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md b/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md index 00f5c9bad8..fd19c31441 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -16,10 +16,11 @@ In the new MSP version these have been replaced by the modules Customers (1) and ![AdminClient - MSP module](/images/passwordsecure/9.1/configuration/server_manager/msp/changes_in_ac/module-msp-ac-en.webp) -In the MSP version, you will find the individual customer databases under the Customers module. +In the MSP version, you'll find the individual customer databases under the Customers module. -NOTE: The Backup module has been removed, because Netwrix Password Secure's own backup is not -suitable for environments with multiple customer databases. As a Managed Service Provider, you must -back up your customer databases yourself using appropriate measures. +:::note +The Backup module has been removed, because Netwrix Password Secure's own backup isn't suitable for environments with multiple customer databases. As a Managed Service Provider, you must back up your customer databases yourself using appropriate measures. +::: The Status and Web Application modules are identical in both versions. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/customers_module.md b/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/customers_module.md index 193652533d..b6c0c236c4 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/customers_module.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/msp/changesintheadminclient/customers_module.md @@ -8,7 +8,7 @@ sidebar_position: 10 #### Creating a new customer -Creating a new customer is done via the Customers module (1). Here, click on New (2) in the upper +Creating a new customer is done via the Customers module (1). Here, click New (2) in the upper left corner. This applies both to customers in a test phase and to customers who are to be billed immediately. @@ -16,11 +16,11 @@ immediately. When creating a new customer, the customer name is specified under **General** (1). -If (2) is not checked, a test customer is created without billing. This is then a customer in the -test phase. If (2) is checked, a customer will be created who will be charged by Netwrix from the +If (2) isn't checked, a test customer is created without billing. This is then a customer in the +test phase. If (2) is checked, a customer is created who is charged by Netwrix from the current month. -At (3) a date is automatically entered that is four weeks in the future. This date can be changed by +At (3) a date is automatically entered that's four weeks in the future. This date can be changed by the managed service provider for test customers as well as billed customers, for example to limit the test period or if the date of a possible termination of a billed customer should be known in advance. @@ -36,7 +36,7 @@ to the on-prem version. ![License settings new customer](/images/passwordsecure/9.1/configuration/server_manager/msp/changes_in_ac/customers_module/licence-new-customer-msp-en_1013x675.webp) After saving, the test customers are displayed under Test (1) and the customers to be billed under -Billed (2). When you click on a (test) customer, you will see the associated +Billed (2). When you click a (test) customer, you'll see the associated information and activated options. By clicking the button Edit (3 + 4) you can make @@ -52,11 +52,11 @@ In the view of a test customer, the general contract data can be edited under th information under Edit (1) and the test customer can be converted to a billed customer. Billing customers can no longer be converted back to test customers. -Under Active options, options can be selected and deselected with Edit (2). For test customers, no -billing data is available in the Forecast, Last Months and Cost History fields. +Under Active options, options can be selected, and deselected with Edit (2). For test customers, no +billing data is available in the Forecast, Last Months, and Cost History fields. Since no costs are incurred for test customers, no information is displayed here under User history -(3), Forecast, Last months and Cost history. +(3), Forecast, Last months, and Cost history. ![test-customer-view-msp-en_1024x742](/images/passwordsecure/9.1/configuration/server_manager/msp/changes_in_ac/customers_module/test-customer-view-msp-en_1024x742.webp) @@ -64,16 +64,16 @@ Since no costs are incurred for test customers, no information is displayed here Here you can also edit the contract details and activate or deactivate options. Additionally you can see the user history (4) of the last months, the forecast for the current month (5) including the -expected costs for the users and options, as well as the total amount. Furthermore, you will find +expected costs for the users and options, as well as the total amount. Furthermore, you'll find the statements of the last months (6) and a graphical representation of the cost history (7). ![billed-customer-msp-en_1032x752](/images/passwordsecure/9.1/configuration/server_manager/msp/changes_in_ac/customers_module/billed-customer-msp-en_1032x752.webp) #### Deactivating and reactivating a customer -Both test customers and customers to be billed can be deactivated, e.g. if a test customer cannot -continue testing until later or if a customer to be billed does not pay his invoice. When -deactivating, all data is retained and the customer can be completely restored. +Both test customers and customers to be billed can be deactivated, e.g. if a test customer can't +continue testing until later or if a customer to be billed doesn't pay his invoice. When +deactivating, all data is retained, and the customer can be completely restored. To deactivate a customer, select the database (1) and then Deactivate (2). diff --git a/docs/passwordsecure/9.1/configuration/servermanager/msp/msp.md b/docs/passwordsecure/9.1/configuration/servermanager/msp/msp.md index 62296b76f3..2f1a66cf6a 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/msp/msp.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/msp/msp.md @@ -6,10 +6,10 @@ sidebar_position: 100 # MSP -Whether you are a partner or an end user of Netwrix Password Secure - this help will support you in +Whether you're a partner or an end user of Netwrix Password Secure - this help will support you in getting started with MSP and guide you safely through the configuration and operation of the software. -We are pleased that you have chosen Netwrix Password Secure for your password protection needs. +Thank you for choosing Netwrix Password Secure for your password protection needs. -We hope you enjoy discovering your new password manager! +Explore the features of your new password manager in the following sections. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/operation_and_setup_admin_client.md b/docs/passwordsecure/9.1/configuration/servermanager/operation_and_setup_admin_client.md index 60b36e8542..1360492566 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/operation_and_setup_admin_client.md @@ -13,8 +13,9 @@ The control elements such as the ribbon and the info and detail areas can be der section dealing with the client([Operation and Setup](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/operation_and_setup.md)). -NOTE: An initial password is required for the first login on Server Manager. The password is -“admin”. This password should be changed directly after login and carefully documented. +:::note +An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. +::: #### Status module @@ -22,18 +23,17 @@ NOTE: An initial password is required for the first login on Server Manager. The 1. Ribbon -As usual the ribbon can be found above. Because the module is purely informative, there is no +As usual the ribbon can be found above. Because the module is purely informative, there's no functionality in the ribbon, except for updating the view 2. Notification area - The info area shows the status of the specific services. Click the icon to configure services. By - default, the base configuration is used. If necessary, individual parameters can be replaced or - adapted to personal requirements. + default, the base configuration is used. If necessary, individual parameters can be replaced, or adapted to personal requirements. - You can start and stop a specific service via -- On the right side of the info area, the utilization of the processor and main memory is displayed +- On the right side of the info area, the utilization of the processor, and main memory is displayed over two curves. -- In the “Backup service” area, the last backups are displayed using a diagram. There is a green bar +- In the “Backup service” area, the last backups are displayed using a diagram. There's a green bar for a successful backup, a red symbolizes a failed backup. Additional information is displayed via a mouseover. @@ -58,7 +58,7 @@ column headings. The period shown can be limited using . # Databases module Databases are managed in a dedicated module. All relevant information on the existing databases can -also be called up – completely without accessing the SQL server. +also be opened – completely without accessing the SQL server. ![Databases Admin Client](/images/passwordsecure/9.1/configuration/server_manager/operation_and_setup/installation_with_parameters_252-en.webp) @@ -67,14 +67,13 @@ also be called up – completely without accessing the SQL server. 2. Database overview In the database overview, all databases listed alphabetically. This section can be minimised using -the arrow symbol on the top, left edge. Right-click on one of the databases to display a context +the arrow symbol on the top, left edge. Right-click one of the databases to display a context menu with all available functions. 3. Notification area -The Info area displays all the information about the database currently selected in the database -overview. This information is ivided into the three subsections “Database summary, Data sets and -Database tables”. +The Info area displays all the information about the database selected in the database +overview. This information is ivided into the three subsections “Database summary, Data sets, and Database tables”. 4. Recent backups @@ -84,11 +83,11 @@ List of recent backups. Can be sorted by date The database log is used to monitor and control the specific databases. All relevant actions for the selected database are displayed in a comprehensible manner in one list. The categorisation is -carried out in the same way as the server log according to the colours applied. +performed in the same way as the server log according to the colours applied. #### Backups module -There is also a separate module for configuring the backups. This means that all backups can be +There's also a separate module for configuring the backups. This means that all backups can be configured and managed directly from the Server Manager. ![backup-ac](/images/passwordsecure/9.1/configuration/server_manager/operation_and_setup/backup-ac.webp) @@ -102,8 +101,7 @@ are available via right-click 3. Notification area -The notification area is divided into three sections. The “Basic settings, Advanced settings and -Info” sections for the selected database can be used +The notification area is divided into three sections. The “Basic settings, Advanced settings, and Info” sections for the selected database can be used 4. Recent backups @@ -112,4 +110,5 @@ The last backups are displayed in a list on the right. 5. All backups A tabular overview shows all previous backups. The view can be sorted as usual. Here you can see at -a glance, when which database was saved and whether the backup was successful. +a glance, when which database was saved, and whether the backup was successful. + diff --git a/docs/passwordsecure/9.1/configuration/servermanager/server_manager.md b/docs/passwordsecure/9.1/configuration/servermanager/server_manager.md index 0aaaf75afb..98b6b3f7ef 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/server_manager.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/server_manager.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Server Manager -## What is the Server Manager? +## Server Manager overview The Server Manager takes care of the central administration of the databases as well as the configuration of the backup profiles. In addition, it provides the very important interface to the diff --git a/docs/passwordsecure/9.1/configuration/servermanager/settlement_right_key.md b/docs/passwordsecure/9.1/configuration/servermanager/settlement_right_key.md index 8c1062ae94..1f1d1037cf 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/settlement_right_key.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/settlement_right_key.md @@ -8,15 +8,15 @@ sidebar_position: 50 #### Problem Description -In the version 8.3.0.13378 passwords which cannot be decrypted for other users could be created. In -this case, individual users or even all users do not have the necessary legal key. If a user wants +In the version 8.3.0.13378 passwords which can't be decrypted for other users could be created. In +this case, individual users, or even all users don't have the necessary legal key. If a user wants to reveal an affected password, the following message is displayed: ![installation_with_parameters_219_706x98](/images/passwordsecure/9.1/configuration/server_manager/settlement_right_key/installation_with_parameters_219_706x98.webp) #### Bugfix -The bug was fixed with the version 8.3.0.14422 Hotfix 1. If an older version is in use, it is +The bug was fixed with the version 8.3.0.14422 Hotfix 1. If an older version is in use, it's important to update to the latest version 8.4.0.14576. #### Review and settlement of records @@ -57,19 +57,18 @@ has the right key and thus only this user can discover and correct the password. ![installation_with_parameters_222_754x91](/images/passwordsecure/9.1/configuration/server_manager/settlement_right_key/installation_with_parameters_222_754x91.webp) When logging on to the database via the client, a cleanup task is started automatically. This task -always runs with the logged in user. In this case – as far as it is possible with the user – all +always runs with the logged in user. In this case – as far as it's possible with the user – all affected passwords are corrected. Thus, when all users have logged in once, all affected passwords should be adjusted. ###### Irreparable records (not repairable) -Irreparable passwords cannot be corrected automatically. Nevertheless, it may happen that passwords +Irreparable passwords can't be corrected automatically. Nevertheless, it may happen that passwords marked as irreparably can be corrected manually. **First case** -In the first case, no user / role has the right key on the password. Thus, no user can decrypt or -correct the password. +In the first case, no user / role has the right key on the password. Thus, no user can decrypt, or correct the password. ![installation_with_parameters_223_757x69](/images/passwordsecure/9.1/configuration/server_manager/settlement_right_key/installation_with_parameters_223_757x69.webp) @@ -80,11 +79,11 @@ current database again. **Second case** In the second case, there are users / roles who have the right key but not the right to claim. As -far as the number of irreparable passwords is limited, these can be used to check the form field +far as the number of irreparable passwords is limited, these lets you check the form field permissions manually. ![installation_with_parameters_224_762x90](/images/passwordsecure/9.1/configuration/server_manager/settlement_right_key/installation_with_parameters_224_762x90.webp) For the passwords concerned, the user with the legal key must be given the right of authorization temporarily to correct. If the corresponding user has the entitlement right, he can reset the legal -key, either automatically when logging in or manually when saving the authorizations. +key, either automatically when logging in, or manually when saving the authorizations. diff --git a/docs/passwordsecure/9.1/configuration/servermanager/setup_wizard.md b/docs/passwordsecure/9.1/configuration/servermanager/setup_wizard.md index c37cc0dbb6..1934584a8e 100644 --- a/docs/passwordsecure/9.1/configuration/servermanager/setup_wizard.md +++ b/docs/passwordsecure/9.1/configuration/servermanager/setup_wizard.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Setup wizard -## What is the setup wizard? +## Setup wizard overview The setup wizard contains all relevant settings for setting up Netwrix Password Secure. The individual points can also be changed later on. Separate sections are available for each. @@ -20,12 +20,14 @@ and properly documented. It can be subsequently changed in the ![setup-wizard-ac-en](/images/passwordsecure/9.1/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) -NOTE: The initial password is “admin”. +:::note +The initial password is “admin”. +::: #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the +This step can also be performed later “in the [License settings](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/images/passwordsecure/9.1/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -34,7 +36,7 @@ This step can also be carried out later “in the (user name and password for the licence server will be sent to you by email). If necessary, access data for a possible proxy can also be issued – otherwise the proxy in the -operating system will be used. You can then select and activate the required license by clicking on +operating system is used. You can then select and activate the required license by clicking on the corresponding button. #### Database server @@ -48,9 +50,9 @@ and can also be edited there later on. The database server must be specified along with the associated SQL instance. For simplicity, you can copy the server name from the login window of the SQL server. -The user that will be used to create the database on the SQL Server is also specified. The user +The user used to create the database on the SQL Server is also specified. The user therefore needs **dbCreator** rights. Alternatively, you can use the service user for this purpose. -The “Advanced” button allows you to specify a **Connection String.** +The “Advanced” button lets you specify a **Connection String.** #### SMTP server @@ -61,22 +63,23 @@ should it be necessary to make changes later on. ![setup-wizard-ac-4-en](/images/passwordsecure/9.1/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) -Once the data has been entered and successfully tested, the wizard can be completed by clicking on +After the data has been entered and successfully tested, the wizard can be completed by clicking on “Finish”. **Security notes** -As soon as the setup wizard has been completed, two security notes will be displayed in the +As soon as the setup wizard has been completed, two security notes are displayed in the **Status** module that need to be confirmed. :::warning -It is recommended that you only confirm the security notes when the corresponding point -has actually been carried out. It is absolutely essential to ensure that regular +It's recommended that you only confirm the security notes when the corresponding point +has actually been performed. It's absolutely essential to ensure that regular [Backup management](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/backupsettings/backup_management.md) are created and the [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md) are backed up. ::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md b/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md index 88d994ced6..91aa44e1d8 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/authorization_and_protection_mechanisms.md @@ -46,6 +46,6 @@ are configured in the extended menu via a button. ![installation_with_parameters_185](/images/passwordsecure/9.1/configuration/web_application/authorization_and_protection/installation_with_parameters_185.webp) The button is only displayed for the users who have the rights to edit seals. If a record is sealed, -this will be shown in the password field. +this is shown in the password field. ![seal_wc](/images/passwordsecure/9.1/configuration/web_application/authorization_and_protection/seal_wc.webp) diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/application.md index a2f807a1b2..5cdbb660cb 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/application.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/application.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Application -The following functions are currently available in the **Application module**: +The following functions are available in the **Application module**: Web & SAML applications: @@ -14,8 +14,9 @@ Web & SAML applications: - Manage - Delete -NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of -SAML” +:::note +A detailed explanation of how to configure SAML can be found in the chapter “Configuration of SAML” +::: General functions: @@ -26,5 +27,7 @@ General functions: - Quick view - Connect password -NOTE: The Web Application module Applications is based on the client module of the same name -“Applications”. Both modules differ in scope and design, but the operation is almost identical. +:::note +The Web Application module Applications is based on the client module of the same name “Applications”. Both modules differ in scope and design, but the operation is almost identical. +::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/documents_web_application.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/documents_web_application.md index 8a87958f40..78b072aa42 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/documents_web_application.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/documents_web_application.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Documents -The following functions are currently available in the **Document module:** +The following functions are available in the **Document module:** - New New document can be added in the following ways: @@ -26,5 +26,7 @@ The following functions are currently available in the **Document module:** - Print - History -NOTE: The Web Application module **Documents** is based on the client module of the same name -“Documents”. Both modules differ in scope and design, but the operation is almost identical. +:::note +The Web Application module **Documents** is based on the client module of the same name “Documents”. Both modules differ in scope and design, but the operation is almost identical. +::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/forms_module.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/forms_module.md index bbcc9fad6f..f3a1d6ef23 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/forms_module.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/forms_module.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Forms module -The following functions are currently available in the **forms module**: +The following functions are available in the **forms module**: - Add - Open @@ -19,5 +19,7 @@ The following functions are currently available in the **forms module**: - Print - Export -NOTE: The Web Application module **forms** is based on the client module of the same name. Both -modules have a different scope and design but are almost identical to use. +:::note +The Web Application module **forms** is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/functional_scope.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/functional_scope.md index 277005191d..a15f276341 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/functional_scope.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/functional_scope.md @@ -6,8 +6,8 @@ sidebar_position: 10 # Functional scope -The **Web Application** will act as the basis for a constant enhancement. The current functional -scope will be explained at this point. For the purposes of clarity, the relevant modules will be +The **Web Application** acts as the basis for constant enhancement. The current functional +scope is explained at this point. For the purposes of clarity, the relevant modules are described in their own subsections. #### General functions diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/logbook_web_application.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/logbook_web_application.md index 3308e1b963..23e915c441 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/logbook_web_application.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/logbook_web_application.md @@ -11,12 +11,13 @@ The **logbook module** exists of the following features: - Filter function - Quick view -NOTE: The Web Application module logbook is based on the same called client module logbook. Both -modules differ in range and design. However, the handling is almost the same. +:::note +The Web Application module logbook is based on the same called client module logbook. Both modules differ in range and design. However, the handling is almost the same. +::: Differences to the logbook on the Client: -The following options are not available yet in the **Web Application**. If needed, you can use them +The following options aren't available yet in the **Web Application**. If needed, you can use them on the Client. - Documents @@ -26,3 +27,4 @@ on the Client. - Password Reset - Password rules - Sytem Task + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md index cb240110f4..9d89ad2308 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Organisational structure module -The following functions are currently available in the **organisational structure module**: +The following functions are available in the **organisational structure module**: - Adding/editing/deleting/authorizing users / organisational structures - Notifications @@ -18,8 +18,9 @@ The following functions are currently available in the **organisational structur - Changing passwords - Print -NOTE: The Web Application module organisational structure is based on the client module of the same -name. Both modules have a different scope and design but are almost identical to use. +:::note +The Web Application module organisational structure is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## AD connection in the Web Application @@ -39,7 +40,7 @@ The Web Application offers the following functions: You can reach the Radius server, if the import is in the Masterkey mode. The Radius server will be provided in the Active Directory profile and will therefore deliver the possible authentication -methods in future. You will find further informations in the +methods in future. You'll find further informations in the [RADIUS authentication](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) chapter. @@ -55,7 +56,7 @@ be predefined. Then choose **Predefine rights** in the menu bar. ![installation_with_parameters_162](/images/passwordsecure/9.1/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_162.webp) -**Creating the first template group:** A modal window will appear after clicking on the icon for +**Creating the first template group:** A modal window appears after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered. @@ -68,6 +69,7 @@ Now you can add the appropriate roles and users. You can add users and roles in different ways: - Add the appropriate roles and users at the toolbar under **Search and add**. -- Click on the loupe to see all the users and roles. +- Click the loupe to see all the users and roles. ![installation_with_parameters_165](/images/passwordsecure/9.1/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_165.webp) + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/user_management.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/user_management.md index 806b919ec5..0b7d665a14 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/user_management.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -6,11 +6,11 @@ sidebar_position: 10 # User management -## How are the users managed in the Web Application? +## User management in the Web Application The user management strongly depends on whether the Active Directory has been connected or not. In Master Key mode, the Active Directory remains the leading system. In all other modes, the user -administration is carried out via the organisational structure module. +administration is performed via the organisational structure module. #### Creating local users diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/password_module.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/password_module.md index f2b835195d..a322a65be5 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/password_module.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/password_module.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password module -The **Password Module** currently provides the following functions: +The **Password Module** provides the following functions: - Create - Delete @@ -50,6 +50,7 @@ The **Password Module** currently provides the following functions: - Export - WebViewer Export -NOTE: The Web Application module Password module is based on the module of the same name that is -located in the client. Both modules differ in scope and design, but are nevertheless almost -identical in terms of operation. +:::note +The Web Application module Password module is based on the module of the same name that's located in the client. Both modules differ in scope and design, but are nevertheless almost identical in terms of operation. +::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md index 55a5e66583..e70420247a 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/roles_module.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Roles module -The following functions are currently available in the **roles module:** +The following functions are available in the **roles module:** - Add - Delete diff --git a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/tag_system.md index 8facda3781..43b1e69401 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/tag_system.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/tag_system.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Tag system -The tag system currently offers the following functions: +The tag system offers the following functions: - Add - Delete diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/filter_or_structure_area.md index 7ee9812218..f596322b0e 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/filter_or_structure_area.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/filter_or_structure_area.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Filter or structure area -As is also the case on the client, it is possible to select between filter and structure. For this +As is also the case on the client, it's possible to select between filter and structure. For this purpose, the following buttons are available on the navigation bar ![installation_with_parameters_169](/images/passwordsecure/9.1/configuration/web_application/operation/filter_or_structure/installation_with_parameters_169.webp) @@ -20,7 +20,7 @@ Therefore, only those characteristics specific to the Web Application will be de **Using the filter** Operation of the “Web Application filter” barely differs from the operation of the client filter. It -is only necessary to note that the Clear filter and Apply filter buttons can be found above the +is only necessary to know that the Clear filter and Apply filter buttons can be found above the filter. The configuration settings can also be found directly above the Web Application filter. **Configuring the filter** diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/footer.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/footer.md index bda5c472f1..4c91905484 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/footer.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/footer.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Footer -The footer displays various different information about the currently selected record in multiple +The footer displays various different information about the selected record in multiple tabs. It can be activated or deactivated using the small arrow on the far right. The footer is hidden by default. @@ -27,7 +27,7 @@ The history can also be displayed via a corresponding tab. 4. Documents -The documents tab can be used to access all linked documents. +The documents tab lets you access all linked documents. 5. Notifications diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/header.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/header.md index 9b077eb796..9f17b40e7a 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/header.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/header.md @@ -16,12 +16,11 @@ The logo acts as a home button. It always takes you back to the standard view. 2. Display and hide filter -As is also the case on the client, the filter or structure area can be displayed and hidden. +As is also the case on the client, the filter or structure area can be displayed, and hidden. 3. Modules -As is also the case on the client, modules like passwords, organisational structures, roles and -forms can be managed here. +As is also the case on the client, modules like passwords, organisational structures, roles, and forms can be managed here. 4. Quick search @@ -30,15 +29,15 @@ fields of the complete database except the password field. The tags are still se 5. Quick search -Upcoming tasks like export, import, print and so on are displayed here. +Upcoming tasks like export, import, print, and so on are displayed here. 6. Notifications -here you will be informed about incoming notifications. The notification can also be called up by +here you'll be informed about incoming notifications. The notification can also be opened by clicking on it. 7. Account -The user who is currently logged in can be seen under account. You can log out by clicking on the -account. It is also possible to call up the settings in +The user who's logged in can be seen under account. You can log out by clicking on the +account. It's also possible to access the settings in [Account](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/list_view.md index 4437fe8ea5..cddd9f4d23 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/list_view.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/list_view.md @@ -6,11 +6,11 @@ sidebar_position: 50 # List view -## What is list view? +## List view overview The central element of the navigation in the Web Application is list view, which clearly presents the filtered elements. As list view in the Web Application provides the same functions as list view -in the client, we refer you at this point to the +in the client, refer to the [List view](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/list_view.md) section. @@ -20,5 +20,5 @@ section. The list view differs from that on the client in the following areas: -- List view cannot be individually configured +- List view can't be individually configured - There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/menu.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/menu.md index 49ead37a54..63e6d27a74 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/menu.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/menu.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Menu -## What is the menu? +## Menu overview The ribbon on the client has been replaced by a menu on the Web Application. The menu thus represents the central operating element on the Web Application. The functions available within the -menu are dynamic and are based on the currently available actions. Different actions are possible -depending on which view is currently being used. +menu are dynamic and are based on the available actions. Different actions are possible +depending on which view is being used. #### Menu bar @@ -26,7 +26,7 @@ The size of the menu can be maximised using this button. 2. New -This option can be selected to call up the wizard for adding a new record. +This option can be selected to open the wizard for adding a new record. 3. Open @@ -52,7 +52,7 @@ to 1 to the sections of the ribbon on the client. ![Menu](/images/passwordsecure/9.1/configuration/web_application/operation/menu_bar/installation_with_parameters_175-en.webp) -In our example, the menu looks like this: +In this example, the menu looks like this: 1. New Item @@ -61,23 +61,23 @@ also **Delete**. 2. Actions -The actions can be used, for example, to mark the password as a Favourite or also to Duplicate it. +The actions can be used, for example, to mark the password as a Favourite, or also to Duplicate it. 3. Permissions -This section does not offer any additional functions than simply opening the permissions. +This section doesn't offer any additional functions than simply opening the permissions. 4. Clipboard -This section can be used to copy all available fields to the clipboard. +This section lets you copy all available fields to the clipboard. 5. Start -A website can be called up here. +A website can be opened here. -NOTE: As already described, the menu is dynamic and thus appears in a variety of different forms. -However, the basic function is always the same: The menu bar contains the basis functions, while the -advanced menu contains all functions. +:::note +As already described, the menu is dynamic, and thus appears in a variety of different forms. However, the basic function is always the same: The menu bar contains the basis functions, while the advanced menu contains all functions. +::: 6. Extras @@ -91,3 +91,4 @@ will be described in the next section: The functions of the [Password Reset](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/passwordreset/password_reset.md) can be found here. + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md index 80ef43557a..f22e858b41 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -12,7 +12,7 @@ The navigation bar provides the following functions. 1. Filter -This function can be used to switch the view to the filter in the left section. You also have the +This function lets you switch the view to the filter in the left section. You also have the possibility to switch from filter to structure. 2. Tabs diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/settings_wc.md index c01ccf71cb..86970d9e1a 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/settings_wc.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -6,14 +6,14 @@ sidebar_position: 20 # Settings -The settings are called up via the +The settings open via the [Navigation bar](/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language -You can select German or English here by simply clicking on them. The change is made immediately and -does not require you to restart the browser. +You can select German or English here by clicking on them. The change is made immediately and +doesn't require you to restart the browser. #### Extras @@ -23,11 +23,11 @@ Here you have the possibility to manage templates for seals. **Tag management** -The tag management allows you to manage the tags. +The tag management lets you manage the tags. **Image management** -With the image management, you can manage your icons and logos easily and quickly. +With the image management, you can manage your icons and logos. ![image management](/images/passwordsecure/9.1/configuration/web_application/operation/navigation_bar/settings/installation_with_parameters_179-en.webp) @@ -43,7 +43,7 @@ After filling in and uploading the icon/logo, the process only needs to be saved **Edit / Delete icons and logos** -If an icon and/or logo is outdated, you can edit or even delete the stored icons/logos. +If an icon and/or logo is outdated, you can edit, or even delete the stored icons/logos. ![manage image](/images/passwordsecure/9.1/configuration/web_application/operation/navigation_bar/settings/installation_with_parameters_182-en.webp) @@ -61,7 +61,7 @@ global and [User settings](/docs/passwordsecure/9.1/configuration/advancedview/mainmenufc/usersettings/user_settings.md) -The following settings are not available on the Web Application: +The following settings aren't available on the Web Application: - Customizable window caption - Permitted document extensions @@ -70,4 +70,4 @@ The following settings are not available on the Web Application: **Account** -Here it is possible to change the password of the logged in user. +Here it's possible to change the password of the logged in user. diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/user_menu_wc.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/user_menu_wc.md index 112f306bc6..f579343853 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/user_menu_wc.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -6,7 +6,7 @@ sidebar_position: 10 # User menu -The user menu can be found in the upper right corner of the Web Application. A right click on the +The user menu can be found in the upper right corner of the Web Application. A right click the logged in user opens it. #### Options in the user menu @@ -23,15 +23,15 @@ In the bin you can manage your deleted passwords. **Help** -A click on help takes you directly to the Netwrix Password Secure documentation page. +A click help takes you directly to the Netwrix Password Secure documentation page. **Switch to Basic view** -What the Basic view is able to do in the web view can be inspected here. +What the Basic view can do in the web view can be inspected here. **Lock** -This locks the user who is currently logged in and only needs to enter his password to use the web +This locks the user who's logged in and only needs to enter his password to use the web client again. **Log out** diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/operation.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/operation.md index 92654a5572..01798862fa 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/operation.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/operation.md @@ -7,15 +7,16 @@ sidebar_position: 20 # Operation Operation of the Web Application has been based as far as possible on the operation of the Netwrix -Password Secure client. Nevertheless, there are some differences that need to be noted and they are +Password Secure client. Nevertheless, there are some differences that need to be noted, and they're described here. -NOTE: There is also a Basic view in the Web Application. Everything worth knowing can be found at -the following link: web view Basic view +:::note +There's also a Basic view in the Web Application. Everything worth knowing can be found at the following link: web view Basic view +::: #### Login -There is no database profile on the Web Application. All databases approved for the Web Application +There's no database profile on the Web Application. All databases approved for the Web Application will be made available. The following information needs to be entered to log in: **Database name** @@ -26,7 +27,7 @@ User name ![Login WebClient](/images/passwordsecure/9.1/configuration/web_application/operation/installation_with_parameters_167-en.webp) -After successfully logging in, the last database name used and the last registered user will be +After successfully logging in, the last database name used, and the last registered user will be saved. You thus only need to enter the password for the next login. #### Transferring login data via the URL @@ -42,12 +43,14 @@ with a **&**. **Example** -You want to call up the Web Application under **https://psr_Web Application.firma.com.** In the +You want to open the Web Application under **https://psr_Web Application.firma.com.** In the process, you want the login mask to be directly filled with the database **Passwords** and the user name **Anderson**. The following URL is then used: **https://psr_Web Application.firma.com/authentication/ login?database=Passwords&username=Anderson** -NOTE: It is possible to only transfer the database. The user name is not absolutely necessary. +:::note +It's possible to only transfer the database. The user name isn't absolutely necessary. +::: #### Structure @@ -61,11 +64,11 @@ The header provides access to some essential functions. 2. [Navigation bar](/docs/passwordsecure/9.1/configuration/webapplication/operation/navigationbar/navigation_bar.md) -It is possible to switch between module and filter view on the navigation bar. +It's possible to switch between module and filter view on the navigation bar. 3. [Filter or structure area](/docs/passwordsecure/9.1/configuration/webapplication/operation/filter_or_structure_area.md) -As is also the case on the client, it is possible to select between filter and structure. +As is also the case on the client, it's possible to select between filter and structure. 4. [Menu](/docs/passwordsecure/9.1/configuration/webapplication/operation/menu.md) @@ -73,7 +76,7 @@ The ribbon on the client has been replaced by a menu bar on the Web Application. 5. [List view](/docs/passwordsecure/9.1/configuration/webapplication/operation/list_view.md) -The records currently selected using the filter can be viewed in list view. +The records selected using the filter can be viewed in list view. 6. [Reading pane](/docs/passwordsecure/9.1/configuration/webapplication/operation/reading_pane_webclient.md) @@ -81,5 +84,6 @@ The reading pane shows you details about the relevantly selected element. 7. [Footer](/docs/passwordsecure/9.1/configuration/webapplication/operation/footer.md) -Various information about the record is displayed in the footer. For example, logbook entries or the +Various information about the record is displayed in the footer. For example, logbook entries, or the history. + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/9.1/configuration/webapplication/operation/reading_pane_webclient.md index 57603de977..f89630c8b5 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/operation/reading_pane_webclient.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/operation/reading_pane_webclient.md @@ -6,10 +6,10 @@ sidebar_position: 60 # Reading pane -## What is the reading pane? +## Reading pane overview As with the list view, the reading pane on the Web Application is almost identical to that on the -client. Therefore, we also refer you here to the corresponding +client. Therefore, refer to the corresponding [Reading pane](/docs/passwordsecure/9.1/configuration/advancedview/operationandsetup/reading_pane.md) section. @@ -19,4 +19,7 @@ Various information is displayed on the header – as is the case with the clien tags for the records or information on whether the record is public or private. Password masking is also symbolised here. -NOTE: There are – as is usual in a browser – no context menus +:::note +There are – as is usual in a browser – no context menus +::: + diff --git a/docs/passwordsecure/9.1/configuration/webapplication/problems_with_the_server_connection.md b/docs/passwordsecure/9.1/configuration/webapplication/problems_with_the_server_connection.md index 1d3f95752c..b3ceafd20e 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/problems_with_the_server_connection.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/problems_with_the_server_connection.md @@ -23,5 +23,5 @@ Port 11016 TCP must be released on the application server. **CORS not configured** -Make sure that the CORS configuration has been implemented. Further information can be found in +Ensure that the CORS configuration has been implemented. Further information can be found in chapter Installation Web Application diff --git a/docs/passwordsecure/9.1/configuration/webapplication/web_application.md b/docs/passwordsecure/9.1/configuration/webapplication/web_application.md index 4a13380ac0..2c78998abe 100644 --- a/docs/passwordsecure/9.1/configuration/webapplication/web_application.md +++ b/docs/passwordsecure/9.1/configuration/webapplication/web_application.md @@ -6,22 +6,22 @@ sidebar_position: 40 # Web Application -## What is the Web Application +## What's the Web Application The previous WebAccess function has been replaced by the **Web Application” in Netwrix Password Secure version** **8.3.0. The completely newly developed \*Web Application** will act as the basis for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be -constantly enhanced. All of the currently available functions can be viewed in the +constantly enhanced. All of the available functions can be viewed in the [Functional scope](/docs/passwordsecure/9.1/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/images/passwordsecure/9.1/configuration/web_application/installation_with_parameters_159.webp) **Netwrix Password Secure Web Application** enables platform-independent access to the database via -a browser. It is irrelevant whether you are using Microsoft Windows, macOS or Linux, it is only +a browser. It's irrelevant whether you're using Microsoft Windows, macOS, or Linux, it's only necessary for javascript to be supported. As the **Netwrix Password Secure Web Application** has a -responsive design, it can also be used on all mobile devices such as tablets and smartphones. +responsive design, it can also be used on all mobile devices such as tablets, and smartphones. The **Web Application** is based both optically and also in its operation on the Netwrix Password Secure client. As usual, users can only access the data for which they also have permissions. The diff --git a/docs/passwordsecure/9.1/enduser/advancedview.md b/docs/passwordsecure/9.1/enduser/advancedview.md index 235fc9a023..ee2b61948f 100644 --- a/docs/passwordsecure/9.1/enduser/advancedview.md +++ b/docs/passwordsecure/9.1/enduser/advancedview.md @@ -8,13 +8,13 @@ sidebar_position: 50 Curious about how you can manage your team in Netwrix Password Secure? -**Learn more about how to …** +**Discover how to …** - Share passwords masked / only for a limited time (i.e. with working students or interns) - Separately authorize the disclosure of passwords - View the password quality and monitor all actions in your team - View the reasons given by your team members for revealing passwords in plain text -- And much more! +- And much more -Simply contact your IT department for further information on the advanced view of Netwrix Password +Contact your IT department for further information on the advanced view of Netwrix Password Secure. diff --git a/docs/passwordsecure/9.1/enduser/browserextension.md b/docs/passwordsecure/9.1/enduser/browserextension.md index e9fbef4740..2d9528a4c0 100644 --- a/docs/passwordsecure/9.1/enduser/browserextension.md +++ b/docs/passwordsecure/9.1/enduser/browserextension.md @@ -6,44 +6,45 @@ sidebar_position: 10 # Get the Browser Extension -First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this -also means that managing - and logging in with them - is easier and saves time! That's why you need +First, Netwrix Password Secure is designed to make, and keep your passwords more secure. But this +also means that managing - and logging in with them - is easier and saves time. That's why you need the browser extension to save yourself the hassle of typing in passwords in future and to be logged -in to all your website accesses with just one click! +in to all your website accesses with one click. Step 1 – Is your browser extension already installed? You can find out by: - Looking for this icon next to the URL input field in your browser. See the icon in the top bar of - the screenshot below. -- Opening the Password Secure Web App, logging in and scrolling down: If not installed yet, you can + the following screenshot. +- Opening the Password Secure Web App, logging in, and scrolling down: If not installed yet, you can find the download link in the footer. See the Download Edge Extension link in the bottom center of - the screenshot below. + the following screenshot. ![downloadextension](/images/passwordsecure/9.1/enduser/downloadextension.webp) -NOTE: If you need more information about installing the browser extension, please visit the -following topic in our documentation: -[Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) +:::note +If you need more information about installing the browser extension, visit the following topic in the documentation: [Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) +::: -Step 2 – After downloading, the browser extension is simply dragged and dropped into the browser. -See the Get button in the upper-right section of the screenshot below. +Step 2 – After downloading, the browser extension is dragged, and dropped into the browser. +See the Get button in the upper-right section of the following screenshot. ![getextension](/images/passwordsecure/9.1/enduser/getextension.webp) -Step 3 – After confirming a security question, it is installed, and an icon appears in the menu bar +Step 3 – After confirming a security question, it's installed, and an icon appears in the menu bar to "add the extension". ![addextension](/images/passwordsecure/9.1/enduser/addextension.webp) -Step 4 – Please open or reload the web application of Netwrix Password Secure (see link in email +Step 4 – open or reload the web application of Netwrix Password Secure (see link in email from your administrator) to connect your user profile with the extension. See the lock icon in the screenshot below. ![extensionadded](/images/passwordsecure/9.1/enduser/extensionadded.webp) -Step 5 – Now click on this icon in your browser to open the browser extension. See the Adopt Select -**Adopt Web Application profile**. Done! +Step 5 – Now click this icon in your browser to open the browser extension. See the Adopt Select +**Adopt Web Application profile**. ![nodatabaseprofile](/images/passwordsecure/9.1/enduser/nodatabaseprofile.webp) -RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand! +RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand. + diff --git a/docs/passwordsecure/9.1/enduser/cleanuppasswords.md b/docs/passwordsecure/9.1/enduser/cleanuppasswords.md index 87403ef3d9..0a2336eb90 100644 --- a/docs/passwordsecure/9.1/enduser/cleanuppasswords.md +++ b/docs/passwordsecure/9.1/enduser/cleanuppasswords.md @@ -6,25 +6,25 @@ sidebar_position: 20 # Clean up Your Passwords -For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This +For a clean relocation of passwords, it's important to clean up all your passwords beforehand. This means to check which secrets are still up-to-date or if there are any duplicates you can remove -first! +first. ## Transer Data from Your Browser -With Netwrix Password Secure, you now have the right tool to save and manage all your secrets handy -at one place and above all a safe alternative to browser-saved passwords! But how can you now +With Netwrix Password Secure, you now have the right tool to save, and manage all your secrets handy +at one place and a safe alternative to browser-saved passwords. But how can you now securely import them to your new solution? -Simply do this: +Do the following: -Step 1 – Every time you login to a website now and your browser wants to autofill, this Password -Secure Pop-up will appear, asking you if you would like to save your secret in Netwrix Password -Secure. Just click **Create new**. See the screenshot below. +Step 1 – Every time you log in to a website now and your browser wants to autofill, this Password +Secure Pop-up appears, asking you if you would like to save your secret in Netwrix Password +Secure. Click **Create new**. See the following screenshot. ![createnew](/images/passwordsecure/9.1/enduser/createnew.webp) -Step 2 – Now the Web Application will open and automatically transfer the recognized login data, +Step 2 – Now the Web Application opens and automatically transfers the recognized login data, including URL to a new data set. ![createpassword](/images/passwordsecure/9.1/enduser/createpassword.webp) @@ -36,34 +36,34 @@ above. ## Check for Weak Passwords -Your passwords do not automatically become secure after they have been transferred to Netwrix -Password Secure. No matter how well protected a password is - if it is easy for a hacker to guess, -they don't need access to the password manager to use it. This is why our solution automatically +Your passwords don't automatically become secure after they have been transferred to Netwrix +Password Secure. No matter how well protected a password is - if it's easy for a hacker to guess, +they don't need access to the password manager to use it. This is why the solution automatically checks the strength of your password and much more. Step 1 – Paste your password in the password field. See the box to the right of the Password field -in the screenshot below. +in the following screenshot. ![passwordfield](/images/passwordsecure/9.1/enduser/passwordfield.webp) -Step 2 – If it is not classified as "strong" (green), we strongly recommend using the integrated -password generator to assign a new, secure password: Therefore, just click on the white password -generator icon to the right of the password field. See the Strong button in the screenshot above. +Step 2 – If it isn't classified as "strong" (green), use the integrated +password generator to assign a new, secure password: Therefore, click the white password +generator icon to the right of the password field. See the Strong button in the previous screenshot. -Step 3 – The password generator will open. A secure password is created automatically just click -“Apply”. (Learn more about the possibilities of our password manager in the next chapter.) +Step 3 – The password generator opens. A secure password is created automatically. Click +“Apply”. (See the next chapter for details about the password manager capabilities.) ![passwordgenerator](/images/passwordsecure/9.1/enduser/passwordgenerator.webp) Step 4 – Now don't forget to replace your password in the target application as well. -**Great side effect!** The access data stored in your browser is no longer up to date and therefore -no longer a danger! You should also think about deleting these passwords from your browser +The access data stored in your browser is no longer up to date and therefore +no longer a danger. You should also think about deleting these passwords from your browser permanently. ## Create Strong Passwords -The password generator offers three possibilities to create a secure password. To open it, click on +The password generator offers three possibilities to create a secure password. To open it, click “Create password” and then on the password generator icon right to the password field. Step 1 – Create a user defined password which gives you the most options such as including and @@ -71,14 +71,16 @@ excluding special characters or defining the length of the password. ![userdefined](/images/passwordsecure/9.1/enduser/userdefined.webp) -Step 2 – Create a phonetic password that is easier to pronounce, but still complex. +Step 2 – Create a phonetic password that's easier to pronounce, but still complex. ![phonetic](/images/passwordsecure/9.1/enduser/phonetic.webp) -NOTE: This option is best suited for passwords that must be read and typed in, such as operating -machines without an internet connection. +:::note +This option is best suited for passwords that must be read and typed in, such as operating machines without an internet connection. +::: Step 3 – Create a password according to a set password rule in your company: If your IT has already -stored password guidelines for you, you can select them here and simply click on apply. +stored password guidelines for you, you can select them here, and click apply. ![rule](/images/passwordsecure/9.1/enduser/rule.webp) + diff --git a/docs/passwordsecure/9.1/enduser/createnewentry.md b/docs/passwordsecure/9.1/enduser/createnewentry.md index dfb0c1e712..aef29dca17 100644 --- a/docs/passwordsecure/9.1/enduser/createnewentry.md +++ b/docs/passwordsecure/9.1/enduser/createnewentry.md @@ -4,16 +4,16 @@ description: "Create a New Entry from Scratch" sidebar_position: 30 --- -# Create a New Entry from Scratch +# Create a New Entry Manually -Follow the steps to create a new entry from scratch. +To create a new entry manually: Step 1 – First, click _Create new password_ on the upper left in Netwrix Password Secure. ![createnewpassword](/images/passwordsecure/9.1/enduser/createnewpassword.webp) Step 2 – A form will open. Now choose the form you need, such as "Website," on the upper right. See -the form drop-down list in the screenshot below. +the form dropdown list in the following screenshot. ![selectform](/images/passwordsecure/9.1/enduser/selectform.webp) @@ -36,16 +36,17 @@ Step 3 – Let`s fill out the website form in this example. ![username](/images/passwordsecure/9.1/enduser/username.webp) - Enter the password manually or use the password generator by clicking on the button in the middle - (high number). The password generator will open. + (high number). The password generator opens. -NOTE: To learn more about the generating of passwords, see the -[Clean up Your Passwords](/docs/passwordsecure/9.1/enduser/cleanuppasswords.md) -topic for additional information. +:::note +For details about generating passwords, see [Clean up Your Passwords](/docs/passwordsecure/9.1/enduser/cleanuppasswords.md). +::: ![password](/images/passwordsecure/9.1/enduser/password.webp) -NOTE: By clicking on the **lock icon** right to the password generator, you can mask and unmask your -password. +:::note +By clicking on the **lock icon** right to the password generator, you can mask, and unmask your password. +::: - Enter the website URL that leads to the login. @@ -55,4 +56,5 @@ password. ![tags](/images/passwordsecure/9.1/enduser/tags.webp) -Step 4 – Click **Save**, and you are done! +Step 4 – Click **Save**, and you're done. + diff --git a/docs/passwordsecure/9.1/enduser/organizepasswords.md b/docs/passwordsecure/9.1/enduser/organizepasswords.md index 7bdf4cd10e..f6d4f74451 100644 --- a/docs/passwordsecure/9.1/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.1/enduser/organizepasswords.md @@ -11,9 +11,9 @@ sidebar_position: 40 The tab system is used to structure all your passwords: Tabs help you to make them easier to manage and find. You can create several tabs and switch between them within one click. -Follow the steps to add a team tab. +To add a team tab: -Step 1 – Click on the **Plus** sign and a form will open. +Step 1 – Click the **Plus** sign. A form opens. ![newform](/images/passwordsecure/9.1/enduser/newform.webp) @@ -22,7 +22,7 @@ or use the search field to find the unit you need. ![search](/images/passwordsecure/9.1/enduser/search.webp) -Step 3 – Click **OK** to close the form and your new team tab will open automatically. +Step 3 – Click **OK** to close the form. Your new team tab opens automatically. ## Search with Tags @@ -32,40 +32,42 @@ assign any number of tags to your passwords to categorize and find them again qu ![assigntags](/images/passwordsecure/9.1/enduser/assigntags.webp) -To find a password, just use the search field and enter a tag like the department or position you -are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for +To find a password, use the search field and enter a tag like the department, or position you +are in (i.e., “Marketing”). Netwrix Password Secure now not only is searching for tags, but also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). ![searchresults](/images/passwordsecure/9.1/enduser/searchresults.webp) -NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in -which this word does not appear will be displayed (i.e., all social media accounts that are used -outside of marketing = "-social media marketing"). +:::note +Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in which this word doesn't appear are displayed (i.e., all social media accounts that are used outside of marketing = "-social media marketing"). +::: ## Choose Your View -Netwrix Password Secure offers two different views - the list and tile view. Just **switch the -button** on the upper right to change views! +Netwrix Password Secure offers two different views - the list and tile view. **Switch the +button** on the upper right to change views. **List View** -The screenshot below shows the list view. +The following screenshot shows the list view. ![listview](/images/passwordsecure/9.1/enduser/listview.webp) **Tile View** -The screenshot below shows the title view. +The following screenshot shows the tile view. ![switchbutton](/images/passwordsecure/9.1/enduser/switchbutton.webp) -When in **tile view**, you can also drag and drop the buttons on another position. By hovering over -them with the mouse, you will see more information like the username, and you can login with one +When in **tile view**, you can also drag, and drop the buttons on another position. By hovering over +them with the mouse, you'll find additional information like the username, and you can log in with one click. ![titleview](/images/passwordsecure/9.1/enduser/titleview.webp) -NOTE: The **list view** is suitable for many data sets while the tile view is particularly favorable -for the most frequently used secrets. +:::note +The **list view** is suitable for many data sets while the tile view is particularly favorable for the most frequently used secrets. +::: RECOMMENDED: Use the list view for all shared secrets and the tile view for personal accounts. + diff --git a/docs/passwordsecure/9.1/enduser/overview.md b/docs/passwordsecure/9.1/enduser/overview.md index 7fad0b3922..da3224403e 100644 --- a/docs/passwordsecure/9.1/enduser/overview.md +++ b/docs/passwordsecure/9.1/enduser/overview.md @@ -6,14 +6,14 @@ sidebar_position: 70 # Getting Started for End Users -It is time to set up your new password management solution Netwrix Password Secure! The process +It's time to set up your new password management solution, Netwrix Password Secure. The process won't take too long, but you should allow yourself a little time to get to know the product. As when -it comes to your IT security, it's important to make sure you get it right. Below is a step-by-step +it comes to your IT security, it's important to ensure you get it right. The following is a step-by-step guide to setting up a password manager and leading you through the first few steps. ## How to Log In -**Where can I find my username and password?** +**Where to find the username and password** You can find your login data in the email provided by your administrator. This email also contains the following information: diff --git a/docs/passwordsecure/9.1/faq/security/encryption.md b/docs/passwordsecure/9.1/faq/security/encryption.md index 3cf9433c07..5c2ea617bb 100644 --- a/docs/passwordsecure/9.1/faq/security/encryption.md +++ b/docs/passwordsecure/9.1/faq/security/encryption.md @@ -13,19 +13,21 @@ requirements were assessed according to how safe they were. Parallel to the deve theoretical concepts of external security companies were examined in terms of feasibility, as well as compliance with IT security standards. Prototypes have been ultimately developed on the basis of these findings, which form the blueprint for the current Netwrix Password Secure version 8. The -following encryption techniques and algorithms are currently in use: +following encryption techniques and algorithms are in use: - AES-GCM 256 - PBKDF2 with 623,420 SHA256 iterations (client- and server-side) for the creation of user hashes - PBKDF2 with 610,005 SHA256 iterations for the encryption of the user keys - ECC (with the "NIST P-521" curve) for the private-public key procedure -NOTE: All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +:::note +All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +::: ## Applied cryptographic procedures Applied cryptographic procedures The container encryption of the passwords is based on the -aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, +previous algorithms. Each container has its own randomly generated salt. Each password, user, and role has its own key pair. When releases are granted for users and roles, the passwords within the database are hierarchically encrypted. Netwrix Password Secure also uses the following cryptographic methods to achieve maximum security: @@ -39,8 +41,9 @@ Passwords are only encrypted and transported to the client when they have been e in advance. More… :::warning -Only secrets are encrypted. Metadata is not encrypted to ensure search speed. Secrets -are usually passwords. However, the customer can decide what kind of data they are. Note that -Secrets cannot be searched for. +Only secrets are encrypted. Metadata isn't encrypted to ensure search speed. Secrets +are usually passwords. However, the customer can decide what kind of data they're. +Secrets can't be searched for. ::: + diff --git a/docs/passwordsecure/9.1/faq/security/high_availability.md b/docs/passwordsecure/9.1/faq/security/high_availability.md index 6dbf04a8cc..6f6cf9cd59 100644 --- a/docs/passwordsecure/9.1/faq/security/high_availability.md +++ b/docs/passwordsecure/9.1/faq/security/high_availability.md @@ -6,25 +6,24 @@ sidebar_position: 30 # High availability -## What is high availability? +## High availability overview High availability is designed to guarantee the further operation of Netwrix Password Secure in the -event of damage. A series of requirements need to be met in advance in order to use this feature +event of damage. A series of requirements need to be met in advance to use this feature :::warning -As the configuration of high availability is complex, it is (generally) implemented -during a consultation. If you are interested in this feature, please contact us directly or contact +As the configuration of high availability is complex, it's (generally) implemented +during a consultation. If you're interested in this feature, contact Netwrix directly, or contact your responsible partner. ::: - #### Requirements The following points should be observed during the configuration. -- It is essential that MSSQL Enterprise Version is used for replicating the database (even in the +- It's essential that MSSQL Enterprise Version is used for replicating the database (even in the case of a replication across multiple locations) -- To achieve a better level of protection, we recommend operating the Netwrix Password Secure +- To achieve a better level of protection, Netwrix recommends operating the Netwrix Password Secure database on its own cluster - A Netwrix Password Secure application server needs to be licensed for each location. Every application server has its own configuration database. @@ -34,7 +33,7 @@ The following points should be observed during the configuration. - To reduce the load on the server, a load balancer can be installed upstream of the application server - If no load balancer is used, the distribution of the database profiles for the users is generally - carried out via the registry + performed via the registry If a database is set up at ”location A” including an AD profile, the certificate needs to exported there and then imported onto the server at “location B”. The database is replicated using MSSQL @@ -42,5 +41,7 @@ technology and can be integrated as an existing database into Netwrix Password S B”. If the application server at “location A” fails, the server in the registry needs to be replaced (location B) and rolled out again to users using group rules (GPO). -NOTE: Only peer-to-peer transaction replication is tested. If a different type of replication is -used, it should be tested in advance. +:::note +Only peer-to-peer transaction replication is tested. If a different type of replication is used, it should be tested in advance. +::: + diff --git a/docs/passwordsecure/9.1/faq/security/penetration_tests.md b/docs/passwordsecure/9.1/faq/security/penetration_tests.md index bc05ed4133..b17c56391c 100644 --- a/docs/passwordsecure/9.1/faq/security/penetration_tests.md +++ b/docs/passwordsecure/9.1/faq/security/penetration_tests.md @@ -10,14 +10,13 @@ sidebar_position: 20 The high security standards of Netwrix Password Secure are regularly attested by external pentests of different providers. New functions in particular are always subjected to penetration tests in -order to have them thoroughly checked before release. The resulting findings enable us to detect and +order to have them thoroughly checked before release. The resulting findings help detect and eliminate potential vulnerabilities in advance. -## Why we test regularly? +## Benefits of regular testing -In pentesting, external and certified security auditors look specifically for security gaps and -weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the -client side, the source code is checked and the quality of the cryptographic process is assessed. In -this way, the security of Netwrix Password Secure and the data stored in it is tested in advance in -order to be able to offer our customers effective protection and minimize the risk of success of an +In pentesting, external, and certified security auditors look specifically for security gaps, and weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the +client side, the source code is checked, and the quality of the cryptographic process is assessed. In +this way, the security of Netwrix Password Secure, and the data stored in it's tested in advance in +order to offer customers effective protection and minimize the risk of success of an attack. diff --git a/docs/passwordsecure/9.1/index.md b/docs/passwordsecure/9.1/index.md index 704dcdb067..2f2e3186b1 100644 --- a/docs/passwordsecure/9.1/index.md +++ b/docs/passwordsecure/9.1/index.md @@ -4,7 +4,7 @@ description: "Why Netwrix Password Secure?" sidebar_position: 1 --- -# Why Netwrix Password Secure? +# Netwrix Password Secure overview Users depend on passwords in their day-to-day business worldwide. Passwords are used constantly and everywhere, and they need to be professionally managed. Passwords should be safe, have at least 12 characters, and include uppercase and lowercase characters as well as special characters. In the best case, a separate access diff --git a/docs/passwordsecure/9.1/installation/installation.md b/docs/passwordsecure/9.1/installation/installation.md index 6a78492b09..79b0d96075 100644 --- a/docs/passwordsecure/9.1/installation/installation.md +++ b/docs/passwordsecure/9.1/installation/installation.md @@ -45,10 +45,10 @@ At least three servers are thus recommended: - Web server (IIS, NginX, Apache 2) :::warning -For databases in a production system, we recommend using a fail-safe cluster. Microsoft -SQL Server can replicate the data to a different data centre, e.g via WAN. We also recommend +For databases in a production system, Netwrix recommends using a fail-safe cluster. Microsoft +SQL Server can replicate the data to a different data centre, e.g via WAN. Netwrix also recommends providing a Windows server for each function. Separating the systems makes it easier to expand and -scale the system landscape at a later point. However, it is not absolutely necessary to separate the +scale the system landscape at a later point. However, it isn't absolutely necessary to separate the systems. Accordingly, all of the components can also be installed on one server in the case of smaller installations or test environments. ::: @@ -64,7 +64,7 @@ smaller installations or test environments. - Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) - Port 11011 TCP for communication with clients or web server IIS (incoming) -- Port 11014 TCP for the backup service (usually does not need to be unlocked) +- Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - Port 1433 TCP for communication with SQL Server (outgoing) diff --git a/docs/passwordsecure/9.1/installation/installation_server_manager.md b/docs/passwordsecure/9.1/installation/installation_server_manager.md index ad71f46e5a..aa2e031b48 100644 --- a/docs/passwordsecure/9.1/installation/installation_server_manager.md +++ b/docs/passwordsecure/9.1/installation/installation_server_manager.md @@ -10,7 +10,7 @@ sidebar_position: 20 The MSI installation files and the associated [Application server](/docs/passwordsecure/9.1/installation/requirements/application_server.md) -can be found in the corresponding sections. The following step-by-step guide will accompany you +can be found in the corresponding sections. The following step-by-step guide walks you through the wizards. ![Password Secure Server Setup](/images/passwordsecure/9.1/installation/installation_server_manager/installation-admin-client-1-en.webp) @@ -21,9 +21,9 @@ First you are required to read and accept the license terms. These can also be p The next step is to define the location. The suggested location can be retained. -If you want to use Netwrix Password Secure as an identity provider -[Configuration of SAML](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) -must be selected. Otherwise, it will not be installed. +To use Netwrix Password Secure as an identity provider, select +[Configuration of SAML](/docs/passwordsecure/9.1/configuration/advancedview/clientmodule/applications/configuration_of_saml.md). +Otherwise, the SAML component is not installed. ![Password Secure Server Setup](/images/passwordsecure/9.1/installation/installation_server_manager/installation-admin-client-3-en.webp) @@ -41,5 +41,7 @@ After the installation, you can login directly to the Server Manager. ![Server Authentication](/images/passwordsecure/9.1/installation/installation_server_manager/server-auth-en.webp) -NOTE: The initial password for the first login is “admin”. It should be changed directly after the -logon. +:::note +The initial password for the first login is “admin”. It should be changed directly after the logon. +::: + diff --git a/docs/passwordsecure/9.1/installation/installationbrowseraddon/google_chrome.md b/docs/passwordsecure/9.1/installation/installationbrowseraddon/google_chrome.md index 277b83e401..a3eee12c39 100644 --- a/docs/passwordsecure/9.1/installation/installationbrowseraddon/google_chrome.md +++ b/docs/passwordsecure/9.1/installation/installationbrowseraddon/google_chrome.md @@ -13,12 +13,14 @@ it via the following link: [Add-on for Google Chrome](https://chrome.google.com/webstore/detail/netwrix-password-secure/bpjfchmapbmjeklgmlkabfepflgfckip). Alternatively, you can also access the Google Store via the Autofill Add-on. To do this, right-click -the icon to open the context menu. After a further click on Install Browser Extensions the Google -Chrome Add-on can be selected, whereupon you will be redirected directly to the Google Store. +the icon to open the context menu. After a further click Install Browser Extensions the Google +Chrome Add-on can be selected, whereupon you'll be redirected directly to the Google Store. The installation is started via Add. The add-on is now installed and the icon is added to the browser. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not -installed yet. +:::note +It's also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet. +::: + diff --git a/docs/passwordsecure/9.1/installation/installationbrowseraddon/microsoft_edge.md b/docs/passwordsecure/9.1/installation/installationbrowseraddon/microsoft_edge.md index a85d0b9117..393dad20fb 100644 --- a/docs/passwordsecure/9.1/installation/installationbrowseraddon/microsoft_edge.md +++ b/docs/passwordsecure/9.1/installation/installationbrowseraddon/microsoft_edge.md @@ -14,5 +14,7 @@ downloaded from the following link: ![Add-on Edge](/images/passwordsecure/9.1/installation/browser/addon-edge-en.webp) -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not -installed yet +:::note +It's also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: + diff --git a/docs/passwordsecure/9.1/installation/installationbrowseraddon/mozilla_firefox.md b/docs/passwordsecure/9.1/installation/installationbrowseraddon/mozilla_firefox.md index f42bc00077..0470c59c09 100644 --- a/docs/passwordsecure/9.1/installation/installationbrowseraddon/mozilla_firefox.md +++ b/docs/passwordsecure/9.1/installation/installationbrowseraddon/mozilla_firefox.md @@ -12,9 +12,11 @@ The installation of the Firefox Add-on is done directly from the official Store. can be downloaded from the following link: [Add-on firefox](https://addons.mozilla.org/en-US/firefox/addon/password-safe-browser-add-on/). -After the download, the add-on is simply dragged and dropped into the browser. +After the download, drag and drop the add-on into the browser. -After confirming a security question, it is installed and an icon is created in the menu bar. +After confirming a security question, it's installed and an icon is created in the menu bar. + +:::note +It's also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not -installed yet diff --git a/docs/passwordsecure/9.1/installation/installationbrowseraddon/safari.md b/docs/passwordsecure/9.1/installation/installationbrowseraddon/safari.md index 261956d857..251020a0dd 100644 --- a/docs/passwordsecure/9.1/installation/installationbrowseraddon/safari.md +++ b/docs/passwordsecure/9.1/installation/installationbrowseraddon/safari.md @@ -11,5 +11,5 @@ sidebar_position: 40 The Safari Add-on can be downloaded from the following link: [Add-on Safari](https://download.passwordsafe.de/v9/Netwrix_Password_Secure-9.1.3.dmg). -To install it, simply double-click on the downloaded file. A window will open where you then only -need to drag and drop the Netwrix Password Secure logo onto the applications. +To install it, double-click the downloaded file. A window opens where you then +drag and drop the Netwrix Password Secure logo onto the applications. diff --git a/docs/passwordsecure/9.1/installation/installationclient/installation_client.md b/docs/passwordsecure/9.1/installation/installationclient/installation_client.md index 255feaaf94..6a533b77af 100644 --- a/docs/passwordsecure/9.1/installation/installationclient/installation_client.md +++ b/docs/passwordsecure/9.1/installation/installationclient/installation_client.md @@ -15,17 +15,16 @@ through the wizards. ![installation wizard page 1](/images/passwordsecure/9.1/installation/installation_client/installation-client-1-en.webp) -You are required to read and accept the terms of service. These can also be printed. +You're required to read and accept the terms of service. These can also be printed. The next step is to define the location of the client. The suggested location can be retained.You can also define whether additional components should be installed. :::warning -Please only install the Terminal Server Service (for Autofill Add-on) if terminal -server operation is intended! +only install the Terminal Server Service (for Autofill Add-on) if terminal +server operation is intended. ::: - ![installation wizard page 2](/images/passwordsecure/9.1/installation/installation_client/installation-client-3-en.webp) The actual installation starts in the next step. @@ -57,17 +56,16 @@ The Autofill Add-on is used for SSO applications. For connection to the database, the creation of a database profile is obligatory. The following information is required: -- Profile name: The name of the profile. This will be displayed on the client in the future +- Profile name: The name of the profile. This is displayed on the client. - IP address: The IP address of the Netwrix Password Secure V8 server is stored here - Database name: Specifies the name of the database ## Distributing database profiles via the registry -There is also an option to distribute database profiles. The profiles are specified via a +There's also an option to distribute database profiles. The profiles are specified via a corresponding registry entry. The next time Netwrix Password Secure is started, the profiles will be saved in the local configuration file. The database connection can be made with the following keys: - ``` HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles HKEY_LOCAL_MACHINE\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles @@ -83,7 +81,6 @@ These keys are structured like this: **Is the profile set with the following entries?** - ``` HKEY_LOCAL_MACHINE\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles ``` @@ -91,11 +88,11 @@ HKEY_LOCAL_MACHINE\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfil Then the last used date base as well as the last registered user are created with the following ID, when you log in for the first time: - ``` HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfiles ``` -NOTE: When the corresponding registry entry is set and no related database profile exists, the -profile will be created at the next start-up. Please note that profiles created like this cannot be -edited or deleted in the client. +:::note +When the corresponding registry entry is set and no related database profile exists, the profile will be created at the next start-up. Profiles created like this can't be edited or deleted in the client. +::: + diff --git a/docs/passwordsecure/9.1/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/9.1/installation/installationclient/installation_with_parameters.md index 0e05de97f5..2fdcdfc910 100644 --- a/docs/passwordsecure/9.1/installation/installationclient/installation_with_parameters.md +++ b/docs/passwordsecure/9.1/installation/installationclient/installation_with_parameters.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Installation with parameters -## What is installation with parameters? +## Installation with parameters overview The installation of the Netwrix Password Secure client can also be optionally run on the command line. This method also requires the transfer of parameters. These can be combined with one another. In this case, the individual parameters are separated from one another by a blank space. The -parameters listed in the following section enable you to adapt the type of client installation. +parameters listed in the following section let you adapt the type of client installation. ## Running on the command line with parameters @@ -21,10 +21,10 @@ Run the installation via the command line: **MSI-FILE.msi [PARAMETER]** - **AUTOFILL_ADDON_AUTOSTART=“0”**: Deactivates launching the Autofill Add-on in Windows autostart - **INSTALL_AUTOFILL_ADDON=“0**”: Deactivates the installation of the Autofill Add-on. In the list - of the components to be installed in the setup, a check mark has not been set but this can be set + of the components to be installed in the setup, a check mark hasn't been set but this can be set again by the user - **INSTALL_OFFLINE_ADDON=“0”**: Deactivates the installation of the Offline Add-on. In the list of - the components to be installed in the setup, a check mark has not been set but this can be set + the components to be installed in the setup, a check mark hasn't been set but this can be set again by the user - **IGNORE_TS_SERVICES=“1”**: Deactivates the installation of the terminal server services, no matter on which system the installation is running diff --git a/docs/passwordsecure/9.1/installation/installationwebapplication/apache.md b/docs/passwordsecure/9.1/installation/installationwebapplication/apache.md index f79c6ed80b..b6897f575f 100644 --- a/docs/passwordsecure/9.1/installation/installationwebapplication/apache.md +++ b/docs/passwordsecure/9.1/installation/installationwebapplication/apache.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Apache -In order to integrate the Web Application onto an Apache server, it is first necessary to enter all +To integrate the Web Application onto an Apache server, it's first necessary to enter all of the relevant settings: ## Document directory @@ -16,16 +16,16 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. +Enter the directory in which the certificate is saved. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. +Finally, it's necessary to enter where the certificate key is located here. ![apache-en](/images/passwordsecure/9.1/installation/installation_web_application/apache-en.webp) Once all of the settings have been entered, the Web Application can be created via the button in the -ribbon. The folder in which the ZIP file is located will then open automatically. The archive is now +ribbon. The folder in which the ZIP file is located then opens automatically. The archive is now unzipped and the contents copied to the document directory on the web server. The configuration for the Apache server has now also been created and can be viewed on the Server @@ -33,11 +33,12 @@ Manager. ![apache-en-2](/images/passwordsecure/9.1/installation/installation_web_application/apache-en-2.webp) -The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the +The configuration can be selected using CTRL+A and copied. It's then directly integrated onto the Apache server. -NOTE: The configuration of the Apache server is always individual. Therefore, it is only possible to -roughly describe the process for a standard installation. +:::note +The configuration of the Apache server is always individual. Therefore, it's only possible to roughly describe the process for a standard installation. +::: ## Standard configuration @@ -47,3 +48,4 @@ configuration from the server. Apache is subsequently restarted via systemctl re The Web Application is now ready to use and can be directly started. Further information can be found at the end of this section under "SCalling up the Web Application". + diff --git a/docs/passwordsecure/9.1/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/9.1/installation/installationwebapplication/installation_web_application.md index f9119e03a7..fb9ec53032 100644 --- a/docs/passwordsecure/9.1/installation/installationwebapplication/installation_web_application.md +++ b/docs/passwordsecure/9.1/installation/installationwebapplication/installation_web_application.md @@ -7,16 +7,15 @@ sidebar_position: 40 # Installation Web Application :::warning -This guide focuses on the initial installation of the Web Application and is not +This guide focuses on the initial installation of the Web Application and isn't relevant for further updates. ::: - ## Preparations for installation ### System requirements -Please ensured that all +ensured that all [Webserver](/docs/passwordsecure/9.1/installation/requirements/webserver/webserver.md)r requirements have been met. @@ -29,7 +28,7 @@ server and the Netwrix Password Secure server. ### Databases All databases that are to be used on the Web Application must be enabled for this purpose. With a -double click on the corresponding database the option "Access via Web Application" can be activated. +double click the corresponding database the option "Access via Web Application" can be activated. ## Installation @@ -43,16 +42,16 @@ firstly needs to be entered: Name the folder where the ZIP archive with the Web Application should be placed. :::warning -If t Do not use the Server Manager installation directory +If t Don't use the Server Manager installation directory ::: - -NOTE: If the web server is created on IIS, execute config.bat to handle integration of the web -server. +:::note +If the web server is created on IIS, execute config.bat to handle integration of the web server. +::: ### Server IP -Please check if the IP address is correct otherwise no connection to the Web Application can be +check if the IP address is correct otherwise no connection to the Web Application can be established. If the IP address is wrong, you have to change it in the basic configuration of the Server Manager. @@ -62,34 +61,37 @@ Enter the IP address or the host name of the web server. ### Port -Enter the port that is used to communicate with the Web Application. +Enter the port that's used to communicate with the Web Application. -All of the subsequent steps or the required tasks will be explained in the associated chapters for +All of the subsequent steps or the required tasks are explained in the associated chapters for each specific web server. ## CORS configuration -A button for the so-called CORS configuration can be found on the ribbon. It is essential that this -configuration is carried out before the Web Application can be used. A list of the permitted CORS -domains will be saved as a result. Requests received via the Web Application can then be checked -against this list. The request will only be successfully carried out if the origin header for a +A button for the so-called CORS configuration can be found on the ribbon. It's essential that this +configuration is performed before the Web Application can be used. A list of the permitted CORS +domains are saved as a result. Requests received via the Web Application can then be checked +against this list. The request is only successfully performed if the origin header for a request is available in the permitted domains. -In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on +To add a domain, enter it at the bottom of the dialogue. Clicking on :material-plus-circle-outline: will add the entry to the list at the top. ![cors-en-new](/images/passwordsecure/9.1/installation/installation_web_application/cors-en-new.webp) -NOTE: In general, it is sufficient to add the IP address which was also saved as the Web server host -address. +:::note +In general, it's sufficient to add the IP address which was also saved as the Web server host address. +::: -## Calling up the Web Application +## Opening the Web Application -The process for calling up the Web Application is dependent on the configuration of the web server: +The process for opening the Web Application is dependent on the configuration of the web server: - Web Application in root directory -> `https://hostname` - Web Application in a subdirectory -> `https://hostname/path-to-subdirectory` -- Port is not set to 443 -> `https://hostname:port/path-to-subdirectory` +- Port isn't set to 443 -> `https://hostname:port/path-to-subdirectory` + +:::note +In order for the redirect to be used, it's important to ensure on apache and nginx web servers that no other host listens to port 80. +::: -NOTE: In order for the redirect to be used, it is important to ensure on apache and nginx web -servers that no other host listens to port 80. diff --git a/docs/passwordsecure/9.1/installation/installationwebapplication/microsoft_iis.md b/docs/passwordsecure/9.1/installation/installationwebapplication/microsoft_iis.md index 221c574d91..36b32af569 100644 --- a/docs/passwordsecure/9.1/installation/installationwebapplication/microsoft_iis.md +++ b/docs/passwordsecure/9.1/installation/installationwebapplication/microsoft_iis.md @@ -11,46 +11,44 @@ integrating it into the system: ## Create as its own website -For this option, a website with the name "Web Application" will be directly created on the IIS by -config.bat. The Web Application will be operated here from the standard directory +For this option, a website with the name "Web Application" is directly created on the IIS by +config.bat. The Web Application is operated from the standard directory C:\inetpub\wwwroot. ## Integrate in existing website requires there to be an existing website. Therefore, a website needs to be firstly created on the -IIS web sever. The name of the website then needs to be entered in the Server Manager. It is also +IIS web sever. The name of the website then needs to be entered in the Server Manager. It's also necessary to enter the folder from which the Web Application should be operated under "website directory". The format here is "/Web Application" ![IIS installation](/images/passwordsecure/9.1/installation/installation_web_application/installation-webclient-3-en.webp) Once all of the settings have been entered, the Web Application can be created via the corresponding -button in the ribbon. When the ZIP archive containing the Web Application has been created, it is +button in the ribbon. When the ZIP archive containing the Web Application has been created, it's copied to the previously defined directory (C:\inetpub\wwwroot as standard) and unzipped there to create a new directory. ## Config.bat The file config.bat can be found in the newly created Web Application directory and now needs to be -executed when logged on as the administrator. This will integrate the Web Application into the IIS +executed when logged on as the administrator. This integrates the Web Application into the IIS web server. -NOTE: If the system requirements have not been met, you will be informed that the URL Rewrite and/or -Application Request Routing modules need to be installed. In this case, follow the instructions on -the wizard that will then immediately open. In addition, it is necessary to install the WebSocket -Protokoll. Afterwards, config.bat needs to be executed again. +:::note +If the system requirements haven't been met, you'll be informed that the URL Rewrite and/or Application Request Routing modules need to be installed. In this case, follow the instructions on the wizard that then immediately opens. In addition, it's necessary to install the WebSocket Protokoll. Afterwards, config.bat needs to be executed again. +::: -If the website has been correctly created, this will be correspondingly indicated by the +If the website has been correctly created, this is correspondingly indicated by the notification IIS page created. ![IIS-creating page](/images/passwordsecure/9.1/installation/installation_web_application/installation-webclient-4-en.webp) :::warning -Following a successful installation, it is imperative that config.bat is deleted! The +Following a successful installation, it's imperative that config.bat is deleted! The config.bat file should also not be used for an "update" ::: - ## Certificate The certificate then needs to be saved. Select the newly created website on the IIS web server. The @@ -65,3 +63,4 @@ Select the https entry and open it for editing. The SSL certificate is then sele In addition, the Netwrix Password Secure certificate needs to be exported from the Netwrix Password Secure Server and imported onto the ISS under local computer > trusted root certificate location -> certificates. Further information can be found in the section "Certificates" + diff --git a/docs/passwordsecure/9.1/installation/installationwebapplication/nginx.md b/docs/passwordsecure/9.1/installation/installationwebapplication/nginx.md index 2d7a910352..094700f39b 100644 --- a/docs/passwordsecure/9.1/installation/installationwebapplication/nginx.md +++ b/docs/passwordsecure/9.1/installation/installationwebapplication/nginx.md @@ -6,7 +6,7 @@ sidebar_position: 30 # nginx -In order to integrate the Web Application onto an nginx server, it is first necessary to enter all +To integrate the Web Application onto an nginx server, it's first necessary to enter all of the relevant settings: ## Document directory @@ -16,18 +16,18 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. The standard +Enter the directory in which the certificate is saved. The standard path here is /etc/nginx/certs/Web Application.crt. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. The default setting is +Finally, it's necessary to enter where the certificate key is located here. The default setting is /etc/nginx/certs/Web Application.key. ![ngnix installation](/images/passwordsecure/9.1/installation/installation_web_application/installation-webclient-9-en.webp) Once all of the settings have been entered, the Web Application can be created via the button in the -ribbon. The folder in which the ZIP file is located will then immediately open. The archive is +ribbon. The folder in which the ZIP file is located then immediately opens. The archive is unzipped and its contents are copied to the document directory on the web server. The configuration for the nginx server was also created together with the ZIP file. This can be @@ -38,8 +38,9 @@ directly viewed on the Server Manager. The configuration then still needs to be integrated onto the nginx server. It can be directly copied on the Server Manager for this purpose. -NOTE: Every web server configuration is individual. Therefore, it is only possible to outline the -normal process for a standard installation. +:::note +Every web server configuration is individual. Therefore, it's only possible to outline the normal process for a standard installation. +::: ## Standard configuration @@ -48,3 +49,4 @@ for the entry `server { }`. The configuration for the Server Manager is then add server is restarted using the command systemctl restart nginx. The Web Application is now ready to use and can be directly started. + diff --git a/docs/passwordsecure/9.1/installation/requirements/application_server.md b/docs/passwordsecure/9.1/installation/requirements/application_server.md index 19655dc0ce..dc07169936 100644 --- a/docs/passwordsecure/9.1/installation/requirements/application_server.md +++ b/docs/passwordsecure/9.1/installation/requirements/application_server.md @@ -31,7 +31,7 @@ sidebar_position: 10 - Port 11011 TCP for communication with windows applications or web server IIS (incoming) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - - Port 11014 TCP for the backup service (usually does not need to be unlocked) + - Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11015 TCP for Entra ID communication (incoming; only when using the Entra ID provisioning) - Port 11019 TCP for using Password Secure as Identity Provider (SAML) (incoming) diff --git a/docs/passwordsecure/9.1/installation/requirements/client_configuration.md b/docs/passwordsecure/9.1/installation/requirements/client_configuration.md index 0eeeeca2e3..9c17b1c0a6 100644 --- a/docs/passwordsecure/9.1/installation/requirements/client_configuration.md +++ b/docs/passwordsecure/9.1/installation/requirements/client_configuration.md @@ -8,7 +8,9 @@ sidebar_position: 30 #### System Components -NOTE: Our Windows Application (Win App) is not available for MSP-customers! +:::note +The Windows Application (Win App) isn't available for MSP-customers. +::: | Attribute | Minimum | Recommended | | --------------------------- | ----------------------------------- | ---------------------- | @@ -28,3 +30,4 @@ NOTE: Our Windows Application (Win App) is not available for MSP-customers! - WAN/VPN connection to application server: MTU-size = 1500 bytes (1472 bytes + 28 bytes for the header) + diff --git a/docs/passwordsecure/9.1/installation/requirements/mobile_apps.md b/docs/passwordsecure/9.1/installation/requirements/mobile_apps.md index e1eb446d5e..ca9f6e4c09 100644 --- a/docs/passwordsecure/9.1/installation/requirements/mobile_apps.md +++ b/docs/passwordsecure/9.1/installation/requirements/mobile_apps.md @@ -9,7 +9,7 @@ sidebar_position: 50 #### Required Version :::warning -Our mobile apps are only supported on devices with the official OS (no jailbreak, not +The mobile apps are only supported on devices with the official OS (no jailbreak, not rooted). ::: diff --git a/docs/passwordsecure/9.1/installation/requirements/mssql_server.md b/docs/passwordsecure/9.1/installation/requirements/mssql_server.md index 1378a1d0b2..96c6cde47c 100644 --- a/docs/passwordsecure/9.1/installation/requirements/mssql_server.md +++ b/docs/passwordsecure/9.1/installation/requirements/mssql_server.md @@ -9,9 +9,9 @@ sidebar_position: 20 #### Required Version RECOMMENDED: Using MS SQL Server Express can lead to significant performance issues because of the -various limitations. Our recommendation is to use MS SQL Server Standard as a minimum. +various limitations. The recommendation is to use MS SQL Server Standard as a minimum. -Please follow Microsoft recommendations for system requirements for SQL Server. +follow Microsoft recommendations for system requirements for SQL Server. | Attribute | Minimum | Recommended | | --------------------- | ------- | ----------- | @@ -19,7 +19,7 @@ Please follow Microsoft recommendations for system requirements for SQL Server. :::warning If you plan to install the MS SQL Server on the machine with the Netwrix Password -Secure application server, please ensure to meet the combined minimum requirements for both systems. +Secure application server, ensure to meet the combined minimum requirements for both systems. ::: diff --git a/docs/passwordsecure/9.1/introduction/introduction.md b/docs/passwordsecure/9.1/introduction/introduction.md index 733c122808..abad3a29fa 100644 --- a/docs/passwordsecure/9.1/introduction/introduction.md +++ b/docs/passwordsecure/9.1/introduction/introduction.md @@ -6,7 +6,7 @@ sidebar_position: 2 # Introduction -## Welcome to the official Netwrix Password Secure documentation! +## Welcome to the official Netwrix Password Secure documentation All Netwrix product announcements have moved to the Netwrix Community. See announcements for Netwrix Password Secure in the diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.0.29823.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.0.29823.md index d8a23b6ef9..b5d13ffeaf 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.0.29823.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.0.29823.md @@ -34,7 +34,7 @@ sidebar_position: 140 #### Web Application -- Creating a role when creating an organisational unit is not possible without the "Can create role" +- Creating a role when creating an organisational unit isn't possible without the "Can create role" right anymore. - Removed structure view in certain modules. diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.5.30226.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.5.30226.md index b0af0b6dcd..60c40131aa 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.5.30226.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_8.16.5.30226.md @@ -34,11 +34,11 @@ sidebar_position: 100 - After restoring a user, the authorizations for roles are now correct again. - The tag/image management window can be closed if no changes have been made. - Adding a new organisational unit from within structure view works again. -- The website can be reloaded without any problems if you are logged in with an Entra ID user. +- The website can be reloaded without any problems if you're logged in with an Entra ID user. #### Server -- If a password cannot be shared, this now also applies to the password fields. +- If a password can't be shared, this now also applies to the password fields. - In the emergency web viewer revealing passwords with umlauts now works correctly. #### Server Manager @@ -51,5 +51,5 @@ sidebar_position: 100 #### LightClient in the Web View -- The website can be reloaded without any problems if you are logged in with an Entra ID user. +- The website can be reloaded without any problems if you're logged in with an Entra ID user. - A tag will be created when using predefined rights. diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.0.1.30479.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.0.1.30479.md index 35725bb6ea..3919a1152f 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.0.1.30479.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.0.1.30479.md @@ -26,4 +26,4 @@ sidebar_position: 70 - System tasks are no longer deactivated after each run if they were configured with the interval 'Once' in the past. - HSM accesses are limited to a minimum now. -- A self-defined password can be used for the WebViewer export again +- A self-defined password supports the WebViewer export again diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.0.30996.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.0.30996.md index 06053dc822..173b3de0e4 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.0.30996.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.0.30996.md @@ -13,7 +13,7 @@ sidebar_position: 40 - UserVoice Winner: Stored OTPs can now be retrieved directly via the browser extension. - New improved autofill logic: The autofill function has been completely revised to enable a more convenient automatic login in the browser. -- Cross-platform authentication is now possible: The Windows app, browser extension and autofill +- Cross-platform authentication is now possible: The Windows app, browser extension, and autofill add-on can now authenticate each other. - UserVoice Winner: You can now also use htaccess forms for automatic login. - The SSO agent connection for the browser extension has been deprecated. Here you can find @@ -59,8 +59,8 @@ The following names have been changed: | AdminClient | Server Manager | Server Manager | | SAML Service | IdP service | IdP Service | -\* This improvement affects all views (basic and advanced view), apps and add-ons (Server Manager, -web and Windows app, autofill and offline add-on) the browser extension, API, and the server as well +\* This improvement affects all views (basic and advanced view), apps, and add-ons (Server Manager, +web, and Windows app, autofill, and offline add-on) the browser extension, API, and the server as well as MSP. #### Basic view (formerly LightClient)\* @@ -102,5 +102,5 @@ This only affects the Windows app: #### API -- It is no longer possible to attach data to more than one organizational unit. +- It's no longer possible to attach data to more than one organizational unit. - Passwords that are changed via the JavaScript API/SDKbuD are encrypted correctly. diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.2.31276.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.2.31276.md index fa81285966..232c795847 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.2.31276.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.2.31276.md @@ -26,7 +26,7 @@ sidebar_position: 20 #### Web App -- It is now possible to define the URL in applications of type Web as a regular expression. +- It's now possible to define the URL in applications of type Web as a regular expression. #### Browser extension @@ -40,7 +40,7 @@ sidebar_position: 20 - The quick view and history of passwords can be opened again. - Spontaneous errors when changing selected passwords have been fixed. - Web applications with URLs defined as regex are recognized correctly. -- Logging in to the Windows app is possible again if you were last logged in in the standard view. +- Logging in to the Windows app is possible again if you were last logged in to the standard view. #### Web App diff --git a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.3.31365.md b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.3.31365.md index c05c90b5e7..88d0589cfb 100644 --- a/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.3.31365.md +++ b/docs/passwordsecure/9.1/introduction/versionhistory/version_9.1.3.31365.md @@ -28,12 +28,12 @@ sidebar_position: 10 #### Extended view - An external package with a vulnerability classified as weak has been updated. The vulnerability - could not be exploited via Netwrix Password Secure (This also affects the server & Server Manager + couldn't be exploited via Netwrix Password Secure (This also affects the server & Server Manager as well as the autofill & offline add-on.). - The obsolete property “Spaces” has been removed from the password policies (This also affects the offline add-on.). - A possible XSS vulnerability in the WebViewer has been closed (This also affects the web app.). -- A problem has been fixed where the password was not saved on the server after a change when it was +- A problem has been fixed where the password wasn't saved on the server after a change when it was copied to the clipboard. - The cross-client login for the browser extension is now also operational for synchronized Windows profiles. diff --git a/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_administrator_manual.md index a7e6ff49f1..a16687813d 100644 --- a/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -10,33 +10,31 @@ sidebar_position: 10 Before you execute the migration, you must ensure that the following preparations have been made: -- Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client +- Installation of the latest Netwrix Password Secure-Server, Native Client, and Web Client - Check in the [Database properties](/docs/passwordsecure/9.1/configuration/servermanager/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed - If that should be the case, **contact your users and make sure that they have to synchronize the + If that should be the case, **contact your users and ensure that they have to synchronize the Offline Add-on and the mobile app**. :::warning -If the OfflineClient or App does have not yet synchronized items, they are lost after -the migration mode is enabled! +If the OfflineClient or App does haven't yet synchronized items, they're lost after +the migration mode is enabled. ::: - - Backup all certificates using the Netwrix Password Secure Server Manager :::warning -Only certificate backups made through the Server Manager are valid! +Only certificate backups made through the Server Manager are valid. ::: - ![Certificates](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/certificates-ac-1-en.webp) ![Export certificates](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/certificates-ac-2-en.webp) - Delete or restore all non “permanent deleted” users If you have deactivated or non “permanent deleted“ users it would make sense to delete them - permanently, otherwise the migration would never finalize. Keep in mind, that every E2EE User must + permanently, otherwise the migration would never finalize. Remember that every E2EE User must log in, before you can complete the migration. - Only have **one active Netwrix Password Secure-Server** In the case of multiple Netwrix Password Secure-Servers, you need to stop all Netwrix Password @@ -46,8 +44,9 @@ Only certificate backups made through the Server Manager are valid! ## Migration -NOTE: During the migration, the database is in read-only mode. So it is possible to read all records -from the database, but it is not possible to add new or edit existing records. +:::note +During the migration, the database is in read-only mode. So it's possible to read all records from the database, but it isn't possible to add new or edit existing records. +::: #### Start migration @@ -57,8 +56,8 @@ Clicking on the icon **“Start migration”** in the databases' module to start Select the database you want to migrate and enter the code-word. -Remember, The code word is “Start”. Please make sure that you have read the whole documentation. -Otherwise, data loss might occur! +Remember, The code word is “Start”. ensure that you have read the whole documentation. +Otherwise, data loss might occur. ![select database](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/start-migration-2-en.webp) @@ -71,13 +70,12 @@ Manager. If you have multiple servers in use import the certificates via the Ser end of the migration process. :::warning -If certificates are missing the migration cannot be continued. +If certificates are missing the migration can't be continued. ::: - #### Watch the migration process -In the migration process you find all information about the current process, what is already +In the migration process you find all information about the current process, what's already migrated and what still needs to be migrated ![migration progress](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/migration-progress-en.webp) @@ -86,3 +84,4 @@ After each user has logged into the database and has been successfully migrated, complete. ![migration finished](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/migration-finished-en.webp) + diff --git a/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_user_manual.md b/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_user_manual.md index 9da007883f..c7ed3be70a 100644 --- a/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_user_manual.md +++ b/docs/passwordsecure/9.1/maintenance/eccmigration/ecc_migration_user_manual.md @@ -8,15 +8,14 @@ sidebar_position: 20 ## Preparation: -If you use the Offline Add-on and the Mobile app it is necessary to synchronize them before your +If you use the Offline Add-on and the Mobile app it's necessary to synchronize them before your admin starts the migration. :::warning -If you do not synchronize your data, it is lost and no more accessible after the -migration! +If you don't synchronize your data, it's lost and no more accessible after the +migration. ::: - ## Migration During the migration every E2EE-User of the database has to log in. Keep the client running until @@ -24,5 +23,7 @@ the message **„Userdata migration finished”** appears. ![userdata_migration_finished_en](/images/passwordsecure/9.1/configuration/server_manager/ecc_migration/userdata_migration_finished_en.webp) -NOTE: The migration can only be carried out with the Web Application and NativeClient. A migration -just using the Extension, Autofill Add-on or the Mobile App is not possible. +:::note +The migration can only be performed with the Web Application and NativeClient. A migration just using the Extension, Autofill Add-on or the Mobile App isn't possible. +::: + diff --git a/docs/passwordsecure/9.1/maintenance/moving_the_server.md b/docs/passwordsecure/9.1/maintenance/moving_the_server.md index e17d658e68..ff56afa8d3 100644 --- a/docs/passwordsecure/9.1/maintenance/moving_the_server.md +++ b/docs/passwordsecure/9.1/maintenance/moving_the_server.md @@ -8,12 +8,12 @@ sidebar_position: 20 ## Preparations -It is necessary to make some preparations so that the move can be completed without any problems. +It's necessary to make some preparations so that the move can be completed without any problems. #### 1. Installing the SQL server If the SQL server and the application server are on the same machine, the SQL server should be -installed on the new machine first. It is necessary to observe the +installed on the new machine first. It's necessary to observe the [MSSQL Server](/docs/passwordsecure/9.1/installation/requirements/mssql_server.md) for this process. @@ -29,7 +29,7 @@ The installation itself is described under After the server has been installed, the [Basic configuration](/docs/passwordsecure/9.1/configuration/servermanager/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you -want to retain the old SQL server, it is necessary to give the configuration database a new name. +want to retain the old SQL server, it's necessary to give the configuration database a new name. #### 4. Deactivating the old server @@ -45,20 +45,20 @@ After making these preparations, the data from the old server can be backed up. #### 1. Backing up the system If using a virtual machine, a backup of it should be created. The old version of the server can then -be restored in the event of problems. +be restored if problems occur. #### 2. Backing up the database -In order to transfer the data to the new server, a backup of the database should be created. -Although this is also possible via the Server Manager, we recommend carrying out the backup at the -SQL level: right click on the database, then on Tasks and Backup. The desired target folder is +To transfer the data to the new server, a backup of the database should be created. +Although this is also possible via the Server Manager, Netwrix recommends carrying out the backup at the +SQL level: right click the database, then on Tasks, and Backup. The desired target folder is selected in the following window. ![insert backup](/images/passwordsecure/9.1/maintenance/sql-backup-en.webp) #### 3. Backing up the server certificate -It is essential that the all available +It's essential that the all available [Certificates](/docs/passwordsecure/9.1/configuration/servermanager/certificates/certificates.md) are backed up. Depending on the installation, a different number of certificates are required here. @@ -70,7 +70,7 @@ needs to be integrated. #### 1. Integrating the database at the SQL level Firstly, a new database is created on the SQL server. This option can be found in the SQL Management -Studio after right clicking on Databases. It is usually sufficient to simply enter the database +Studio after right clicking on Databases. It's usually sufficient to simply enter the database names. ![integrate the database](/images/passwordsecure/9.1/maintenance/sql-new-db-en.webp) @@ -81,15 +81,16 @@ is also essential to check whether the correct database has been selected in the ![restore db](/images/passwordsecure/9.1/maintenance/sql-restore-en.webp) -NOTE: This method can be also used to import backups that were directly created from the Server -Manager. +:::note +This method can be also used to import backups that were directly created from the Server Manager. +::: #### 2. Setting up the server -After the backup has been installed on the new database, you can be start the Server Manager and run +After the backup has been installed on the new database, you can be start the Server Manager, and run the setup wizard. The [Setup wizard](/docs/passwordsecure/9.1/configuration/servermanager/setup_wizard.md) -is used for (amongst other things) reactivating the license. It is now possible to enter all of the +is used for (amongst other things) reactivating the license. It's now possible to enter all of the desired configurations for the server. #### 3. Importing the certificates @@ -102,5 +103,6 @@ Finally, the database is integrated onto the server via the database wizard. ## Modifications on the client -If the IP and/or host name for the server has changed, it is necessary to create/roll out new +If the IP and/or host name for the server has changed, it's necessary to create/roll out new database profiles from the client. + diff --git a/docs/passwordsecure/9.1/maintenance/update.md b/docs/passwordsecure/9.1/maintenance/update.md index 3eb609f9ed..45627a1242 100644 --- a/docs/passwordsecure/9.1/maintenance/update.md +++ b/docs/passwordsecure/9.1/maintenance/update.md @@ -8,38 +8,34 @@ sidebar_position: 10 ## Reasons for regular updates -Our development team is constantly working on the further development of the software. This does not +The development team is constantly working on the further development of the software. This doesn't only involve fixing any problems but also primarily the development of new features to adapt the -software as best as possible to the requirements of our customers. Therefore, it is recommended that +software as best as possible to the requirements of customers. Therefore, it's recommended that you regularly install updates. The documentation always refers to the latest version available. If Netwrix Password Secure deviates -from the documentation (e.g. in appearance or also its functional scope), it makes sense to firstly +from the documentation (e.g. in appearance or also its functional scope), it makes sense to first update to the latest version. -NOTE: The update check on the server or the client can be used to easily install the latest version. -The update check on the client must be activated in the settings for users beforehand. We recommend -leaving the update check deactivated for normal users! Otherwise these users could independently -attempt to install updates. Since a new client cannot connect to an old server, this results in the -user not being able to log in. +:::note +The update check on the server or the client lets you install the latest version. The update check on the client must be activated in the settings for users beforehand. Netwrix recommends leaving the update check deactivated for normal users. Otherwise these users could independently attempt to install updates. Since a new client can't connect to an old server, this results in the user not being able to log in. +::: ## Requirements The requirements should be checked or established before an update. :::warning -Please always check the Changelog for requirements or breaking changes before updating! +Always check the Changelog for requirements or breaking changes before updating. ::: - ### Check the software maintenance package -The right to install updates is acquired with the software maintenance package. It is important to -note that you are permitted to install all updates as long as the software maintenance package is -still active. If the software maintenance package has expired, you are only permitted to use those +The right to install updates is acquired with the software maintenance package. You're permitted to install all updates as long as the software maintenance package is +still active. If the software maintenance package has expired, you're only permitted to use those versions that were released during the term of the software maintenance package. Therefore, you should check whether the software maintenance package is still active before an update. This can be -easily checked on the Server Manager under +checked on the Server Manager under [License settings](/docs/passwordsecure/9.1/configuration/servermanager/mainmenu/license_settings.md). ### Creating a backup @@ -51,43 +47,41 @@ problem arises. ### Checking compatibility -An attempt is always made to design the Server Manager so that it is backwards compatible. -Unfortunately this is not always possible. Therefore, you should always check which client version +An attempt is always made to design the Server Manager so that it's backwards compatible. +Unfortunately this isn't always possible. Therefore, you should always check which client version the Server Manager is compatible with before an update. The version history for the relevant version -will provide this information. +provides this information. :::warning If the password for logging in to the Server Manager on the database has been saved, it -is essential that it is noted down or temporarily saved elsewhere before an update! +is essential that it's noted down or temporarily saved elsewhere before an update. ::: - ### Latest installation files The installation files can be downloaded from the -[customer information system](https://license.passwordsafe.de/kis). Please simply use the access -data that we sent to you by email to log in. +[customer information system](https://license.passwordsafe.de/kis). Use the access +data sent to you by email to log in. ## Perform update ### Updating the Server Manager -The Server Manager is simply installed on top of the existing installation. The password from the +The Server Manager is installed on top of the existing installation. The password from the Server Manager should be made available at this point in any case. After the installation of the -Server Manager, the database is only accessible when it is activated. If the password is only in the +Server Manager, the database is only accessible when it's activated. If the password is only in the Netwrix Password Secure, it should be temporarily stored at this point. -NOTE: If the service has not been ended in advance, the installation wizard will give you the -opportunity to do so. If the service is still not ended at this stage, the computer will then need -to be restarted. It is thus recommended that the Netwrix Password Secure services are ended before -the update. +:::note +If the service hasn't been ended in advance, the installation wizard will give you the opportunity to do so. If the service is still not ended at this stage, the computer will then need to be restarted. It's thus recommended that the Netwrix Password Secure services are ended before the update. +::: Further information on the installation wizard can be found in the section [Installation Server Manager](/docs/passwordsecure/9.1/installation/installation_server_manager.md). ### Patch level update for the databases -The databases are usually deactivated after updating the Server Manager because they do not yet have +The databases are usually deactivated after updating the Server Manager because they don't yet have the corresponding patch level. This should be immediately checked. After logging in to the Server Manager, the module “Databases” is immediately visible. If the databases have been deactivated, you can reactivate them directly in the ribbon via the corresponding button. The patch level will be @@ -95,9 +89,9 @@ updated during this process. ### Updating the client -The updates for the client are also simply installed over the existing installation. Further -information can be found in the section Installation of the client. Naturally, the update can also -be carried out using the installation parameters. +The updates for the client are also installed over the existing installation. Further +information can be found in the section Installation of the client. the update can also +be performed using the installation parameters. ### Updating the Web Application @@ -109,13 +103,11 @@ to the document directory on the corresponding web server. :::warning If the Web Application is being operated on an IIS web server, a new config.bat is -generated for creating the new version. This must not be executed if the Web Application has already +generated for creating the new version. This mustn't be executed if the Web Application has already been installed and it must be deleted without fail after a successful update. ::: +:::note +If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the chapter [Webserver](/docs/passwordsecure/9.1/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 or newer. +::: -NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using -Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the -chapter -[Webserver](/docs/passwordsecure/9.1/installation/requirements/webserver/webserver.md). -This applies to version 8.5.0.14896 or newer. diff --git a/docs/passwordsecure/9.1/msp_system.md b/docs/passwordsecure/9.1/msp_system.md index e6d7811376..3e8e545bbb 100644 --- a/docs/passwordsecure/9.1/msp_system.md +++ b/docs/passwordsecure/9.1/msp_system.md @@ -19,7 +19,7 @@ These are the minimum system requirements for managing approximately 10 customer - 100 GB HDD minimum :::warning -SQL Server Express edition is not recommended due to its limitations. +SQL Server Express edition isn't recommended due to its limitations. ::: As your customer count grows, add the following resources for every 200 additional users: @@ -43,7 +43,7 @@ As your customer count grows, add the following resources for every 200 addition - 4 GB RAM :::tip -Configure each application server to handle a maximum of 100 customers. When you reach that limit, set up a second application server or implement load balancing across your application servers. +Configure each application server to handle a maximum of 100 customers. When you reach that limit, set up a second application server, or implement load balancing across your application servers. ::: :::warning @@ -55,5 +55,5 @@ Add an additional application server — including load balancing — for every ::: :::note -Individual variables, such as the number of passwords per user, affect performance. For MSP systems, monitor performance continuously and add resources as needed. +Individual variables, such as the number of passwords per user, affect performance. For MSP systems, monitor performance continuously, and add resources as needed. ::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md index 485317c25f..2a0da8731d 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md @@ -6,9 +6,9 @@ sidebar_position: 80 # Applications -## What are applications? +## Applications overview -Applications can be used to configure automated logins to various systems. Especially when combined +Applications lets you configure automated logins to various systems. Especially when combined with various protective mechanisms, the company benefits in terms of security because complex passwords are automated and entered in the login masks in concealed form. Various types are available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**) @@ -22,22 +22,21 @@ automatic logon to almost any kind of software. ## The four types of applications -Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web +Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO, and web applications. ![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_2-en.webp) -In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types +**RDP and SSH** applications can be covered together in terms of how they are handled. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then opens in its own tab in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also -applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded +applications for websites. In contrast to RDP and SSH applications, they can't be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as -[Learning the applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, -RDP and SSH can be both completely defined and also started within Netwrix Password Secure. +[Learning the applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). RDP and SSH applications, by contrast, can be both completely defined and started within Netwrix Password Secure. ## RDP and SSH @@ -59,9 +58,9 @@ The connection to the desired session can be established via the icon **Establis ![estabish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) Netwrix Password Secure now attempts to log in to the target system with the information available. -Data that are not saved in the form will be directly requested when opening the session. It is thus +Data that aren't saved in the form will be directly requested when opening the session. It is thus also possible to only enter the IP address and/or the password after starting the Netwrix Password -Secure application. If all data has been retrieved, the RDP session will open in a tab – if so +Secure application. If all data has been retrieved, the RDP session opens in a tab – if so defined (Window mode field in the application): ![RDP session](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_5-en.webp) @@ -71,7 +70,7 @@ defined (Window mode field in the application): It is also possible to complete the authentication process using SSH certificates. For this purpose, the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this file ending in the settings). The document is then linked to the record via the footer. The record -does not need to have a password. However, it is necessary for the record to be linked to a SSH +doesn't need to have a password. However, it is necessary for the record to be linked to a SSH application. ## Linking records and applications @@ -80,7 +79,7 @@ The application defines the requirements for the desired connection and also opt target system. By linking records with applications, the complete login process can be automated. If the record now also supplies the user name and password, all of the information required for the login is available. Applications and records are linked via the "Start" tab in the ribbon. If this -link to a record is established, a 1-click login to the target system is possible. +link to a record is established, a 1-click log in to the target system is possible. ![linking RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_6-en.webp) @@ -95,16 +94,18 @@ multiple access points. ![multiple access points](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_8-en.webp) -This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple +This is generally a very common scenario. Nevertheless, accessing multiple servers with one single password is questionable from a security standpoint. It is generally recommended that a unique password is issued for every server/access point. -NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP -address** field exists in the linked record then this address will be used. If there is also no IP -address in the record, a popup window will appear in which the desired IP address can be entered +:::note +You can leave the **IP address** field empty in the application. If an **IP +address** field exists in the linked record then this address is used. If there is also no IP +address in the record, a popup window appears in which the desired IP address can be entered manually. +::: -Alternatively, it is possible to connect several records with one RDP connection. In this way, you -can combine different users with an RDP connection and register them straightforward. +Alternatively, you can connect several records with one RDP connection. In this way, you +can combine different users with an RDP connection and register them. ![connect RDP sessions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_9-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md index 3f5a4f9827..c1721444a2 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Configuration of SAML -## What is SAML? +## SAML overview The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and authorization information. It provides functions to describe and transmit security-related @@ -22,13 +22,13 @@ Web Application must already be "set up or installed". ## Configuration -In order to create **SAML applications**, SAML must **first** be activated. +To create **SAML applications**, SAML must **first** be activated. This is implemented in the settings of the database in the Server Manager: ![activate SAML](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_1-en.webp) -As soon as the check box is ticked, the next step is to enter the URL of the Web Application. The +As soon as the checkbox is ticked, the next step is to enter the URL of the Web Application. The SAML configuration screen should then look like this: ![SAML configuration ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_2-ewn.webp) @@ -37,8 +37,10 @@ The screen is left open and the configuration is continued at the Advanced view. to the client as usual and switch to the **Applications** module. Select a **new SAML application** and fill it with the relevant data from the service provider. -NOTE: The data of the service provider, which are entered in the Advanced view, can be found at the +:::note +The data of the service provider, which are entered in the Advanced view, can be found at the respective provider. This differs from provider to provider. +::: ![new SAML application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml_3-en.webp) @@ -52,10 +54,14 @@ himself. After verification, the **SAML application** can be started from the Basic view view. -**CAUTION:** As this is a passwordless authentication, it is not necessary to link the **SAML +:::warning +As this is a passwordless authentication, it isn't necessary to link the **SAML application** with a password. +::: -NOTE: Setup and configuration instructions for +:::note +Setup and configuration instructions for [SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and [SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be found in the corresponding chapters. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md index 5d4d167343..c3bf8d2356 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md @@ -13,11 +13,11 @@ This chapter explains how to configure the SAML application for **Postman**. It activated in the Server Manager. - First, you register with Postman. -- After logging in, click on the avatar and select "**Settings**". +- After logging in, click the avatar and select "**Settings**". ![settings postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_1-en.webp) -- Then click on **Authentication**. Select a new method in the upper right corner. +- Then click **Authentication**. Select a new method in the upper right corner. ![option authentication postman](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_2-en.webp) @@ -38,5 +38,7 @@ Then you come to the actual configuration. ![postman service provider details](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_postman_5-en.webp) -NOTE: Please note that a **Relay State** is required. This value can be created in the **Configure +:::note +A **Relay State** is required. This value can be created in the **Configure Identity Provider Details View**. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index 47fd2f3abf..d828b03334 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -10,7 +10,7 @@ sidebar_position: 10 Logging into SAP can be achieved via the usage of [Start Parameter](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The -prerequisite here is for the login process to be carried out via the "SAPshortcut". All available +prerequisite here is for the login process to be performed via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). Form Firstly, a [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 7aa901d064..ce3b1d9e3c 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -6,13 +6,13 @@ sidebar_position: 10 # Learning the applications -## Which applications need to be learned? +## Applications that require learning -As already indicated in the previous section, RDP and SSH applications are completely embedded in -Netwrix Password Secure. These applications thus do not need to be specially learned. All other +As already indicated in the previous section, RDP, and SSH applications are completely embedded in +Netwrix Password Secure. These applications thus don't need to be specially learned. All other applications in Windows need to be learned once. -## What does learning mean? +## Learning overview The record contains the user name and password. Learning involves defining the steps required. The result is equivalent to a script that defines where precisely the login data should be entered. In @@ -36,32 +36,34 @@ First, a new SSO application is created via the ribbon. ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp) Various properties for the application can now be defined in the tab that opens. The fields **Window -title**, **Application** and **Application path** are not manually filled. This is done via the +title**, **Application** and **Application path** aren't manually filled. This is done via the **Create application** button in the ribbon: ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp) A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields. -You can see the field assignment for the user name below using a login to an SQL server as an +The following example shows the field assignment for the user name using a log in to an SQL server as an example. All of the other fields that should be automatically entered are assigned in the same way. The process is always the same. You select the field that needs to be automatically filled and then decide which information should be used to fill it. ![mapping fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_3-en.webp) -In parallel to the previous step, all of the already assigned fields will be displayed on the right +In parallel to the previous step, all of the already assigned fields are displayed on the right edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP, -user name, password and clicking the button to subsequently confirm the login. +user name, password, and clicking the button to subsequently confirm the login. ![connected fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp) -NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It -can be used to define other factors for the SSO. An area is defined that then serves as the output -for the comparison (e.g. for login masks with an image). In order to activate the graphical -recognition function, click on the eye at the top right after assigning the fields! The area that -will serve as the output point is then marked. +:::note +"Graphical recognition:" The graphical recognition function provides additional protection. It +lets you define other factors for the SSO. An area is defined that then serves as the output +for the comparison (e.g. for login masks with an image). To activate the graphical +recognition function, click the eye at the top right after assigning the fields. The area that +serves as the output point is then marked. +::: -Once you have assigned all of the fields, you can exit the application process using the enter +After you have assigned all of the fields, you can exit the application process using the enter button. The fields "Window title", "Application" and "Application path" mentioned at the beginning are now automatically filled. @@ -74,7 +76,7 @@ storage location for all users, it can then also be accessed by all other users. In the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly linked. To do this, mark the record to be linked and open the "Connect application" menu in the -"Start" tab via the ribbon. This will open a list of all the available applications. It is now +"Start" tab via the ribbon. This opens a list of all the available applications. It is now possible here to link to the previously created application "VMware". ![connect application with record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_6-en.webp) @@ -84,6 +86,8 @@ future. Pressing the button directly opens the linked application. ![start application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_7-en.webp) -**CAUTION:** With respect to permissions, applications are subject to the same rules as for -passwords, roles or documents. It is possible to separately define which group of users is permitted +:::warning +With respect to permissions, applications are subject to the same rules as for +passwords, roles, or documents. You can separately define which group of users is permitted to use each application. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md index ee8140d3f6..178aefbddf 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md @@ -55,7 +55,7 @@ the following start parameters are transferred: ## Placeholder for fields⚓︎ Fields can be added via certain placeholders based on their type or their name. The easiest way to -do this is using the configuration window described above. +do this is using the configuration window described in the previous section. | Field type | Placeholder | | ----------------------- | ----------------- | diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index f01360b811..2ecd82c049 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -37,9 +37,11 @@ also possible to enter the IP address and/or password after starting the applica It is also possible to use SSH-certificates for authentication. For this purpose, the certificate is stored as a document in .ppk format. The document is then linked to the data record via the footer. -The data record does not have to contain a password, but it must be linked to an SSH application. +The data record doesn't have to contain a password, but it must be linked to an SSH application. -NOTE: The file extension may first have to be enabled via the settings. +:::note +The file extension may first have to be enabled via the settings. +::: ## Keyboard shortcuts diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index f4e655a4a1..f7ee64977e 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Recording a session -## What is session recording? +## Session recording overview -Session recording can be used to make a visual recording of RDP and SSH sessions. These recordings +Session recording lets you make a visual recording of RDP and SSH sessions. These recordings can then be subsequently viewed and evaluated. In this context, it is also possible to limit this functionality so that only the user themselves or an assigned person e.g. security officer can view and evaluate these recordings. @@ -23,10 +23,12 @@ The following options are required to manage sessions for an application. - Can manage recordings for an application -NOTE: Please note that session recording uses disk space in the database. Although the way the +:::note +Session recording uses disk space in the database. Although the way the recordings are saved is efficient in terms of resources, the required amount of disk space varies greatly depending on the content. The more that is done during the recorded session, the higher the disk space usage. +::: Session recording firstly needs to be activated for the relevant RDP or SSH application before it can take place. @@ -39,27 +41,29 @@ SSH ![activating session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_3-en.webp) -If the setting has been activated, the recording will start automatically the next time a connection +If the setting has been activated, the recording starts automatically the next time a connection is established. -NOTE: The recordings are already streamed to the server and saved into the database during the +:::note +The recordings are already streamed to the server and saved into the database during the recording process. Therefore, no recordings are lost even if the connection is terminated. They are immediately saved until the connection is terminated or until the end of the session. +::: ## Viewing the session recordings -If recordings exist for an application, these can be called up and viewed in the Applications +If recordings exist for an application, these can be opened and viewed in the Applications module. ![viewing session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_4-en.webp) -It is possible to search the session recordings using the filter as usual. It is also possible here +You can search the session recordings using the filter as usual. It is also possible here to limit the search results based on the date and user. In the section on the right, it is also possible to further filter the searched list based on all column contents. ![session records](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_5-en.webp) -Once a session recording has been selected, a new tab will open in which you can view the recording. +Once a session recording has been selected, a new tab opens in which you can view the recording. The function "Skip inactivity" can be activated via the ribbon so that a recording can be effectively and quickly viewed so as only to see the relevant actions. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md index a91528d405..36cdbe969b 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Client Module -## What are modules? +## Modules overview Netwrix Password Secure can be customized according to the needs of the users. This requirement can be applied by the user, and can also be applied by administrative users. This means that everyone @@ -25,7 +25,9 @@ individually within the user rights. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_2-en.webp) -NOTE: The visibility of modules can always be adapted to the needs of individual user groups +:::note +The visibility of modules can always be adapted to the needs of individual user groups +::: ## Sorting modules @@ -37,10 +39,12 @@ example). ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_3-en.webp) -The navigation options enable you to define the maximum number of visible elements and also how they +The navigation options let you define the maximum number of visible elements and also how they are sorted. ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_4-en.webp) -NOTE: The previously described visibility of the modules is a basic requirement for viewing and +:::note +The previously described visibility of the modules is a basic requirement for viewing and sorting them in the navigation options +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index c6e931c71f..e272f799a6 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -19,7 +19,9 @@ table: ![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-2-en.webp) -NOTE: The information can be grouped together using the column editor. +:::note +The information can be grouped together using the column editor. +::: ## Network Scan @@ -78,8 +80,10 @@ finished, the **Network Scan** scans the **network** according to these guidelin second section defines the scan configuration for the local computer. Select from either Local user of services or _Local user_. -**CAUTION:** The system executing the scan – on which the Server Manager is installed – is not -scanned! +:::warning +The system executing the scan – on which the Server Manager is installed – isn't +scanned. +::: ## Interval / Executing server / Tags @@ -104,6 +108,8 @@ After the **Discovery Service Task** has been configured, a connection test is p configuration is saved. The system then indicates whether the configuration is correct or faulty. Depending on the message, the **Discovery Service Task** may need to be amended. -**CAUTION:** The **default setting** for the **Discovery Service Task** after it has been saved is -**Activated!** It will **immediately actively** scan the network for data. This data is **read** but -not amended! +:::warning +The **default setting** for the **Discovery Service Task** after it has been saved is +**Activated.** It will **immediately actively** scan the network for data. This data is **read** but +not amended. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md index 7643e359de..1cb7cbbb9e 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -15,7 +15,7 @@ the **System Tasks**. ![ribbon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_1-en.webp) After the **Discovery Service Task** has been successfully executed, the entries are available in -the **Discovery Service**. Further processing of the entries is then carried out using the +the **Discovery Service**. Further processing of the entries is then performed using the **Conversion Wizard**. For processing in the **Conversion Wizard**, the network is scanned for the following types: @@ -24,7 +24,7 @@ following types: 3. Discovered type: User account !! hint Only those **services are recorded** to which at least one **AD user** or **user account** -can be assigned! Only **AD users** and **user accounts** to which **at least one service** can be +can be assigned. Only **AD users** and **user accounts** to which **at least one service** can be assigned are recorded. ## Execution @@ -36,20 +36,22 @@ In the **Discovery Service** table, the user selects the entries for which he wa ![data selection](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_2-en.webp) 1. A **Discovery Service Task** first needs to be selected. This determines the context in which the - new data will be created (for a new **Password Reset**, the **password for the domain + new data is created (for a new **Password Reset**, the **password for the domain administrator** for the task will be used as the executing user. In addition, only those **Discovery Service Task entries** that are also discovered by the entered **Discovery Service - Task** will be used for the conversion). -2. The discovered entries will be displayed in this column with the **services** for which the user + Task** are used for the conversion). +2. The discovered entries are displayed in this column with the **services** for which the user has been entered. 3. This column shows the **discovered type** for the entry. 4. This column shows already existing passwords in Netwrix Password Secure that match the discovered - **Active Directory user** or **user account**. It is possible to select here which password can + **Active Directory user** or **user account**. you can select here which password can be used when creating a **Password Reset** (it is then used as the only password linked to the Password Reset). Alternatively, these passwords can also be newly created. -NOTE: Logically, **every root node** corresponds to **one user** and all of its associated data +:::note +Logically, **every root node** corresponds to **one user** and all of its associated data (e.g. services). A **Password Reset** is created later for **every user** and its associated data. +::: The following image shows the options **add new password** or retain **existing password**. @@ -63,29 +65,33 @@ The **Password Reset** is configured in the **Settings Ribbon**. ![reset setting](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_4-en.webp) -The **settings** will be described in more detail below: +The following list describes the **settings** in more detail: 1. The organisational unit in which the **Password Reset** should be created is entered here. In addition, a template for the rights inheritance can be entered here. 2. The **responsible user** for the **password** is entered here. A special tag can be set here. 3. Adding a **Password Reset** Option 1: **Do you also want to add a Password Reset?** Adds a - **Password Reset** If **option 1** is not selected, the following options are not displayed. + **Password Reset** If **option 1** isn't selected, the following options aren't displayed. 4. Setting for executing a **Password Reset** Option 2: **(Execute Password Resets immediately after - they are created)** means that the **Password Reset** will be executed as soon as you click on + they are created)** means that the **Password Reset** is executed as soon as you click **Finish**. 5. The **responsible user for the Password Reset** is entered here. 6. Various **triggers for the Password Reset** can be selected here. -**CAUTION:** After clicking on **Finish**, the **Password Resets** will be **immediately executed** -and the **passwords changed!**. This also applies to **Windows passwords!** +:::warning +After clicking on **Finish**, the **Password Resets** are **immediately executed** +and the **passwords changed.**. This also applies to **Windows passwords.** +::: -If option 1: **Do you also want to add a Password Reset?** is not selected, \*steps 4, 5 and 6 are +If option 1: **Do you also want to add a Password Reset?** isn't selected, \*steps 4, 5, and 6 are not displayed for configuration. ![password reset option](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_5-en.webp) -NOTE: After clicking on **Finish**, one or more **passwords will be created** but **no corresponding -Password Resets will be created!** +:::note +After clicking on **Finish**, one or more **passwords are created** but **no corresponding +Password Resets are created.** +::: ## Assignment (Active Directory user) @@ -109,8 +115,8 @@ The following images shows the **Assignment (Active Directory user)** Ribbon ### Procedure 1. An **Existing form** is selected here -2. The **assignment** to the fields is carried out here Important assignments are **Type: General** - and **Type: Password Reset**. An amendment can be carried out here +2. The **assignment** to the fields is performed here. Important assignments are **Type: General** + and **Type: Password Reset**. You can amend these here ### "New form" selected @@ -120,12 +126,12 @@ The following images shows the **Assignment (Active Directory user)** Ribbon 1. A name for the **New form** needs to be entered here 2. The discovered entries are **automatically** assigned as standard Important assignments are - **Type: General** and **Type: Password Reset**. An amendment can be carried out here + **Type: General** and **Type: Password Reset**. You can amend these here ### Summary -A brief overview of the actions that will be carried out with the added configuration is displayed -in the **Summary** Ribbon. These actions will then be carried out if you click on **Finish**. +A brief overview of the actions that are performed with the added configuration is displayed +in the **Summary** Ribbon. These actions are then executed when you click **Finish**. ![summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_9-en.webp) @@ -137,27 +143,33 @@ creating **Password Resets**. If the option **Execute Password Resets immediatel created** is used in the configuration, the **selected passwords** are immediately changed after clicking on **Finish**. -**CAUTION:** **If you are not paying careful attention, this could have inconvenient consequences.** +:::warning +**If you aren't paying careful attention, this could have inconvenient consequences.** +::: **Security level 1:** An **Important note** is displayed in the **Summary** after clicking on **Finish**. -**CAUTION:** **Please observe the note and read it through carefully!** +:::warning +**observe the note and read it through carefully.** +::: -An **Overview** of which actions will be carried out is displayed for the user together with this -note. The user can then still decide to **Cancel** the process. If you click on **OK**, an +An **Overview** of which actions are performed is displayed for the user together with this +note. The user can then still decide to **Cancel** the process. If you click **OK**, an **additional confirmation warning** will be displayed. ![important note](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_10-en.webp) **Security level 2:** -Another **confirmation prompt** highlights that it is important to understand what you are about to -do. It will no longer be possible to reverse the actions afterwards! +Another **confirmation prompt** highlights that understand what you are about to +do. It is no longer possible to reverse the actions afterwards. -**CAUTION:** **Last chance to cancel the execution!** +:::warning +**Last chance to cancel the execution.** +::: ![securtiy warning](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_11-en.webp) After **entering the displayed number** and **confirming with OK**, the process is **executed -immediately** and the **Password Resets** are carried out and the **associated passwords changed**. +immediately** and the **Password Resets** are executed and the **associated passwords changed**. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md index 5cb0fb12aa..8ecfe2323e 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md @@ -25,7 +25,7 @@ Another password is created in the **Password Reset module** and is required for ![password reset list](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords_2-en.webp) -Points 1-7 are described below: +The following list describes points 1-7: 1. The name of the Password Reset 2. Overview of the password diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md index a05b5d4992..0176eee65b 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -12,14 +12,14 @@ Service Task** that was executed and can be found and displayed using the filter ## Deletion process -The discovered data in the **Discovery Service** cannot simply be deleted and removed from the -**Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it is -necessary to delete the discovered entries via the **Discovery Service Task** that was created. If -entries were discovered using a joint **Discovery Service Task**, it is not possible to simply -delete them. This is the case if two different users have carried out a scan on the same area. If +The discovered data in the **Discovery Service** can't be deleted directly from the +**Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, you must +delete the discovered entries via the **Discovery Service Task** that was created. If +entries were discovered using a joint **Discovery Service Task**, you can't +delete them individually. This is the case if two different users have performed a scan on the same area. If you delete one of the two **Discovery Service Task**, only the entries that had a single link to -this **Discovery Service Task** will be deleted. The entries for the other **Discovery Service -Task** will be retained and must be deleted via the associated **Discovery Service Task**. You can +this **Discovery Service Task** are deleted. The entries for the other **Discovery Service +Task** are retained and must be deleted via the associated **Discovery Service Task**. You can find out which **Discovery Service Task** found a particular entry by selecting the entry via the **Conversion Wizard**. @@ -29,9 +29,9 @@ find out which **Discovery Service Task** found a particular entry by selecting If the IP range for an existing **Discovery Service Task** is changed and the **Discovery Service Task** is then executed for this new IP range, the previously discovered entries from the previous -executed **Discovery Service Task** will be deleted from the **Discovery Service**. If you want to -carry out a **Discovery Service Task** for a different IP range, you should create a new **Discovery -Service Task**. This will prevent any already discovered entries from being deleted. However, if the +executed **Discovery Service Task** are deleted from the **Discovery Service**. To +carry out a **Discovery Service Task** for a different IP range, create a new **Discovery +Service Task**. This prevents any already discovered entries from being deleted. However, if the existing entries are no longer required, you can delete them by using the same **Discovery Service Task** with a different IP range. @@ -44,8 +44,10 @@ Task** with a different IP range. 7. Exception: 8. Task B scans the IP address: 192.168.150.1 9. The same entries for IP address 192.168.150.1 are discovered as for 1. -10. A new scan using Task A with a different IP address 192.168.150.2 will not delete the data from +10. A new scan using Task A with a different IP address 192.168.150.2 does not delete the data from Task B -NOTE: The **Password Resets** and **passwords** created using the **Conversion Wizard** are not +:::note +The **Password Resets** and **passwords** created using the **Conversion Wizard** aren't deleted when the **Discovery Service Tasks** are deleted. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md index d56f9fb6f3..37638fcdd2 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -8,27 +8,29 @@ sidebar_position: 30 The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can take some time for all the data on the systems for the entered IP network to be collected. This can -be easily recognized by the **blue arrow** symbol on the **Discovery Service Task** and a -corresponding message is also shown in the General display. Once the **Discovery Service Task** has -been completed, the data will be shown in the **Discovery Service module**. +be recognized by the **blue arrow** symbol on the **Discovery Service Task** and a +corresponding message is also shown in the General display. After the **Discovery Service Task** has +been completed, the data is shown in the **Discovery Service module**. ![new discovery service task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_1-en.webp) The **Discovery Service Task** needs to be carefully configured. The configurable sections are -described below. +described in the following sections. 1. **Discovery Service Task**: Display of the status: this can be updated in the preview and logbook using the F5 button. Red hand: Deactivated Blue arrow: Activated and being executed Boxes: Corresponds to the assigned tag 2. **General**: The latest information about the **Discovery Service Task** is shown here. A - **message** will be shown to indicate an active **Discovery Service Task**. + **message** is shown to indicate an active **Discovery Service Task**. 3. **Overview**: Current data for the **Discovery Service Task** about its progress and subsequent executions are shown here. 4. **Logbook**: The **logbook** can be found in the **footer** of the **Discovery Service Task**. - The latest activities carried out by the **Discovery Service Task** are shown here. + The latest activities performed by the **Discovery Service Task** are shown here. -NOTE: The **data** is **not kept up-to-date while the task is being executed** and does not always -show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**! +:::note +The **data** is **not kept up-to-date while the task is being executed** and doesn't always +show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**. +::: ## Using the Discovery Service entries @@ -45,26 +47,28 @@ Task** and selected for the **Conversion Wizard** are displayed. If multiple entries are selected for a **Password Reset**, a corresponding number of **passwords** and **Password Resets** need to be added in the **Conversion Wizard**. Depending on the entries -selected (service, Active Directory user, user account), it is necessary to carry out corresponding +selected (service, Active Directory user, user account), you must carry out corresponding **assignments** in the **Conversion Wizard** for the **passwords**. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_3-en.webp) -Every line must be connected to a **password** in the end. Therefore, it is necessary to carry out +Every line must be connected to a **password** in the end. Therefore, you must carry out an assignment process in the **Conversion Wizard** for every entry. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_4-en.webp) -For **Active Directory users**, it is possible to assign an existing **password**. +For **Active Directory users**, you can assign an existing **password**. -NOTE: The subsequent process is carried out in the same way as when only one **Discovery Service +:::note +The subsequent process is performed in the same way as when only one **Discovery Service entry** is selected. +::: ## Filter settings A good filter is required for processing the discovered data. A **filter that has been adapted for this purpose** is available for processing the entries in the **Discovery Service module**. The -options in the **filter** are described below: +options in the **filter** are described in the following sections: ![Filter for discovered data](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_5-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md index d9dc37f534..ff20cd00f7 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -9,13 +9,13 @@ sidebar_position: 100 ## The problem **Service accounts** are used on most networks. These accounts are used, for example, to carry out -certain services. It is not uncommon for **one and the same password** to be used here for multiple +certain services. It isn't uncommon for **one and the same password** to be used here for multiple accounts. Manually changing these passwords is extremely time consuming. Therefore, this process is often ignored for reasons of convenience. The result is that the same outdated passwords are often used for many **security-critical access -points**. This naturally represents a **severe security risk** and leaves the door wide open for any -attacker who gains access to just one of the passwords! +points**. This represents a **severe security risk** and leaves the door wide open for any +attacker who gains access to even one of the passwords. ## The solution diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index 53d0c046fe..d4957be577 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -34,11 +34,11 @@ If an error occurs during the execution of the **Discovery Service Task**, this ## Display in the logbook In general, the **logbook module** displays more detailed information about the **Discovery Service -Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data +Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) lets you select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. ![logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-3-en.webp) -The column editor can be used to arrange and display the data in the table according to their +The column editor lets you arrange and display the data in the table according to their importance. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md index bcb85dff67..6024900b79 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -24,8 +24,10 @@ data. Before configuring the **Network Scan**, a password needs to be issued tha data. This user should be a member of admin for the corresponding group of domains. Otherwise, you can use a domain administrator. -**CAUTION:** A corresponding **password** with **rights** for the **domains** must exist before -adding a **Network Scan**! +:::warning +A corresponding **password** with **rights** for the **domains** must exist before +adding a **Network Scan**. +::: ### Password @@ -37,14 +39,16 @@ adding a **Network Scan**! - The computer to be scanned and AD controller must be accessible via the network. - The service: “Windows Management Instrumentation” must have been started on the computer to be - scanned (carried out by Windows as standard). + scanned (performed by Windows as standard). - Help section for starting the service: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa826517(v=vs.85).aspx) - The firewall must not block WMI requests (not blocked as standard). - Help section for configuring the firewall: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa822854(v=vs.85).aspx) -NOTE: Only **IPv4 addresses** can currently be scanned. +:::note +Only **IPv4 addresses** can be scanned. +::: ### Open ports for the scan (necessary) @@ -59,7 +63,7 @@ Server 2003) – port 1025-5000 (TCP) or a static WMI port 2. Computer name and associated IP address: The computer name is first requested on the **DNS server** for the domain. The computer name returned by the server also contains the domain names as a postfix (e.g. Client01.domain.local). If there is no entry on the domain for the requested - IP address, the computer name is determined via **NetBIOS**. The domain name is not displayed on + IP address, the computer name is determined via **NetBIOS**. The domain name isn't displayed on the computer (e.g. Client01). In Netwrix Password Secure V8, the **DNS request** is the preferred function for determining the computer name. If no result is delivered, a request via **NetBIOS** is made. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md index c50d9318aa..dbb1163ab8 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md @@ -6,15 +6,15 @@ sidebar_position: 20 # Documents -## What are documents? +## Documents overview -Security-critical data does not necessarily need to be in the form of passwords. To enable the +Security-critical data doesn't necessarily need to be in the form of passwords. To enable the uniform and secure storage of data other than passwords, Netwrix Password Secure version 9 offers effective tools for the professional handling of sensitive documents and files. The ability to share documents with others according to their permissions gives you access to the current status of a document and helps avoid redundancies. The documents module is complemented by a sophisticated version management system, which records all versions of a document that were saved in the past and -thus enables you to revert back to historical versions. The configuration of visibility is explained +thus lets you revert back to historical versions. The configuration of visibility is explained in a similar way to the other modules in one place.. ![Document modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_1-en.webp) @@ -32,7 +32,7 @@ The following option is required to add new documents. There are two ways to manage documents and files in Netwrix Password Secure v8: - **Creating a link**: In this case, only a file that is located locally or on a network drive will - be linked. The file itself is not stored in the database. Neither version management nor the + be linked. The file itself isn't stored in the database. Neither version management nor the traceability of changes in the history are possible. - **Storing the document in the database**: The file becomes part of the encrypted database. It is saved within the database and can be made available selectively to employees for further @@ -56,12 +56,16 @@ versions can be restored if necessary. Netwrix Password Secure provides this fun history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can be used in the same way as the [History](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list of all information that is -relevant to the handling of sensitive data. Version management can be used to restore any historical +relevant to the handling of sensitive data. Version management lets you restore any historical versions of a document. -NOTE: The file size for a **linked document** can only be updated if the document was opened using +:::note +The file size for a **linked document** can only be updated if the document was opened using Netwrix Password Secure. +::: -NOTE: If desired, the document history can be automatically cleaned up. This option can be +:::note +If desired, the document history can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section Managing databases. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md index 045899a013..1009b5f079 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md @@ -20,7 +20,7 @@ previously used form to the new form. In this example, a record that previously ![change form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_2-en.webp) -The drop-down menu allows you to select the target form. The comparison of current and new form +The dropdown menu lets you select the target form. The comparison of current and new form fields is shown in the lower section. - Fields **marked in green** have already been assigned to the new form @@ -34,12 +34,14 @@ The following options are required to change forms. - Can change form for a password -**CAUTION:** Please note that information could be lost during this process! In the example, this +:::warning +Information could be lost during this process. In the example, this applies to the fields "Website" and "Information". +::: ## The effects of changes to forms on existing records -In general, changes to forms do not effect existing records. This means that a record that was +In general, changes to forms don't effect existing records. This means that a record that was created with a certain form will not itself be changed after this form has been adapted/changed. It remains in its original state. However, there are methods by which changes to forms could be adopted by existing records. There are two possibilities in this context: @@ -55,8 +57,8 @@ be directly shown and adopted after it is saved. ### Apply form changes to passwords The setting "Apply form changes to passwords" makes it possible to force the change to the form to -be adopted. This becomes effective when editing the record! It is immaterial here whether changes -are being made to the record. Simply re-editing and saving the record will cause the adjustment to +be adopted. This becomes effective when editing the record. It is immaterial here whether changes +are being made to the record. Re-editing and saving the record will cause the adjustment to the form. ### The following permissions/configuration must exist @@ -67,7 +69,7 @@ the form. ## Conclusion -A common feature of both variants is that adjustments to forms cannot be automatically triggered. +A common feature of both variants is that adjustments to forms can't be automatically triggered. Already existing records are thus not automatically adjusted. The adjustment thus needs to be -carried out manually. In the first case, the manual step is to use the function "Change form". In -the second case, it is sufficient to simply edit and save the record. +performed manually. In the first case, the manual step is to use the function "Change form". In +the second case, it is sufficient to edit and save the record. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md index 6be41ee81e..3f4ca4000d 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md @@ -1,19 +1,19 @@ --- -title: "Forms" -description: "Forms" -sidebar_position: 60 +Title: "Forms" +Description: "Forms" +Sidebar_position: 60 --- # Forms -## What are forms? +## Forms overview When creating a new data record, it is always indispensable to query all relevant data for the -intended application. In this context, **Forms** represent templates for the information which have -to be stored. The manageability of existing forms primarily ensures the completeness of the data -which have to be stored. Nevertheless, their use as an effective filter criterion is not to be -ignored! Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed -and maintained with the necessary care by the administration. +Intended application. In this context, **Forms** represent templates for the information which have +To be stored. The manageability of existing forms primarily ensures the completeness of the data +Which have to be stored. Nevertheless, their use as an effective filter criterion isn't to be +Ignored. Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed +And maintained with the necessary care by the administration. ![form module](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_1-en.webp) @@ -29,45 +29,47 @@ The following options are required to add new forms. ## Standard forms Netwrix Password Secure is supplied with a series of standard forms – these should generally cover -all standard requirements. Naturally, it is still possible to adapt the standard forms to your -individual requirements. +All standard requirements. It is still possible to adapt the standard forms to your +Individual requirements. ![forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) The associated preview for the form selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) appears in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). Both the field name and also -the field type are visible. +The field type are visible. ## Creating new forms The wizard for creating new forms can be started via the ribbon, the keyboard shortcut "Ctrl + N" or -also the context menu that is accessed using the right mouse button. The same mechanisms can now be -used to create new form fields within the wizard. Depending on the selected field type, other -options are available in the **field settings** section. This will be clearly explained below using -the example of the field type "Password". The sequence in which form fields are requested when -creating new records corresponds to the sequence within the form. This can be adapted using the -relevant buttons in the ribbon. +Also the context menu that is accessed using the right mouse button. The same mechanisms can now be +Used to create new form fields within the wizard. Depending on the selected field type, other +Options are available in the **field settings** section. The following example explains this using +The example of the field type "Password". The sequence in which form fields are requested when +Creating new records corresponds to the sequence within the form. This can be adapted using the +Relevant buttons in the ribbon. ![Creating new forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_3-en.webp) The following field settings thus appear for the field type "Password": "Mandatory field, reveal -only with reason, check only generated passwords and password policy". These can now be defined as -desired. (**Note**: It is possible to select +Only with reason, check only generated passwords and password policy". These can now be defined as +Desired. (**Note**: you can select [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; -they are defined as part of the options in the main menu) +They are defined as part of the options in the main menu) -**CAUTION:** If a form has been created, it can then be selected for use when creating new records. +:::warning +If a form has been created, it can then be selected for use when creating new records. The prerequisite is that the logged-in user has at least read rights to the form. +::: ## Permissions for forms In the same way as for other objects (records, roles, documents,…), permissions can also be granted -for forms. On the one hand, this ensures that not everyone can edit existing forms, while on the -other hand, it allows you to make forms available to selective groups. This ensures that clarity is -maintained and that users are not confronted with information that is irrelevant to them. The form -"Credit cards" may be relevant within the accounting department but administrators do not generally -need to use it. +For forms. On the one hand, this ensures that not everyone can edit existing forms, while on the +Other hand, it lets you make forms available to selective groups. This ensures that clarity is +Maintained and that users aren't confronted with information that is irrelevant to them. The form +"Credit cards" may be relevant within the accounting department but administrators don't generally +Need to use it. ## Configuring the info field @@ -77,31 +79,33 @@ The name of the form is displayed in between in a blue font. ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_4-en.webp) -The name of the record (192.168.150.236) and the form (password) cannot be adjusted – these are -always displayed. The user (Administrator) that is still saved for the record is currently -displayed. This can be configured in the info field for the form. It is thus possible to separately -define for each form what information for a record can be directly seen in list view. In the form -module, the info field is configured by opening the form which has to be edited in editing mode by -double clicking on it and then pressing the \*Configure info field” button in the ribbon. +The name of the record (192.168.150.236) and the form (password) can't be adjusted – these are +Always displayed. The user (Administrator) that is still saved for the record is +Displayed. This can be configured in the info field for the form. It is thus possible to separately +Define for each form what information for a record can be directly seen in list view. In the form +Module, the info field is configured by opening the form which has to be edited in editing mode by +Double clicking on it and then pressing the \*Configure info field” button in the ribbon. ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_5-en.webp) -This will open a separate tab that enables you to design the info section via drag & drop. The -fields that are available on the right can be "dragged" onto the configuration window on the left. +This opens a separate tab that lets you design the info section via drag & drop. The +Fields that are available on the right can be "dragged" onto the configuration window on the left. In the following example, "Start RDP session2 will be made visible in the info section, whereby only -the word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the -top section. +The word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the +Top section. ![preview form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_6-en.webp) The info field for the form is now updated. It is now possible to start the RDP session directly in -the RDP session. +The RDP session. ![updated form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) -NOTE: The **forms module** is based on the +:::note +The **forms module** is based on the [Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) module of the same name. Both modules -have a different scope and design but are almost identical to use. +Have a different scope and design but are almost identical to use. +::: ## Standard form diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md index f9171ef849..8eca8bda97 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Logbook -## What is a logbook? +## Logbook overview Netwrix Password Secure logs all user interactions. These entries can be viewed and filtered via the logbook. The logbook records which user has made exactly what changes. This module is @@ -25,7 +25,7 @@ The following options are required: ## Use of the filter in the logbook -You can also use the filter in the logbook. This enables you to limit the number of displayed +You can also use the filter in the logbook. This lets you limit the number of displayed elements based on the defined criteria. In the following example, the user is searching for logbook entries relating to the object type “Password” that also match the event criteria "Change". In short: The entries are being filtered based on changes to passwords. @@ -36,7 +36,7 @@ short: The entries are being filtered based on changes to passwords. This list can also be grouped together by dragging and dropping column headers – see the following grouping of the columns for **computer user**. The filtered results now show all changes to -passwords carried out by the computer user "administrator". +passwords performed by the computer user "administrator". ![Logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_3-en.webp) @@ -47,9 +47,11 @@ of state is recorded and saved in the MSSQL database. There are no plans to allo logbook entries to be selectively defined. It is only by using this process that changes are completed in a traceable and audit-proof manner to prevent falsification. -NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the +:::note +If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section [Managing databases](/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/managing_databases.md). +::: ## Transferring to a Syslog server diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md index 867d7e34d1..7110c5f231 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md @@ -6,11 +6,11 @@ sidebar_position: 30 # Notifications -## What are notifications? +## Notifications overview With the notification system, you are always up-to-date on all events that you consider important. -Almost all modules allow users to configure notifications. All configured messages are only created -for the currently registered Netwrix Password Secure user. It is not possible to create a +Almost all modules support notification configuration. All configured messages are only created +for the registered Netwrix Password Secure user. It isn't possible to create a notification for another user. Each user can and should define himself which passwords, which triggers as well as changes are important and informative for him. The configuration of visibility is explained in a similar way to the other modules in one place @@ -18,8 +18,10 @@ is explained in a similar way to the other modules in one place ![Notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) -NOTE: The reading pane is deactivated in this module by default. It can be activated in the +:::note +The reading pane is deactivated in this module by default. It can be activated in the "Display" tab in the ribbon. +::: ## Module-specific ribbon functions @@ -31,13 +33,13 @@ administrators and users to maintain control and transparency independent of the ### Mark notifications as read -The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +The two buttons on the ribbon let you mark notifications as read/unread. In particular, the filter criterion available in this context (see following screenshot) enables fast sorting according to current and also historical notifications. ![filter notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) -It is possible to mark the notifications as read/unread via the ribbon and also via the context menu +You can mark the notifications as read/unread via the ribbon and also via the context menu that is accessed using the right mouse button. If the corresponding setting has been activated, opening a notification will also mean that it is marked as read. @@ -60,7 +62,7 @@ that a notification is really only triggered for relevant events. ## Other triggers for notifications As well as manually configurable notifications, there are other triggers in Netwrix Password Secure -which will result in notifications. +that result in notifications. - [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests to release sealed records are handled via the notification system diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md index 2af4c8d6d2..0bbd92e6d6 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Active Directory link -## What are active directory profiles? +## Active directory profiles overview The connection to Active Directory (AD) is established via so-called AD profiles. These profiles contain all of the information relevant for establishing a connection to AD and enable imports/synchronization of users, organisational units or roles. To connect to various different -ADs, it is naturally also possible to create multiple AD profiles. +ADs, it is also possible to create multiple AD profiles. ## Two import modes in comparison @@ -21,17 +21,19 @@ differ significantly and are explained in separate sections. - End-to-end encryption - Master Key mode -In principle, the two variants differ by the presence of the encryption mentioned above. In the +In principle, the two variants differ by the presence of the encryption described in the previous section. In the solution with active end-to-end encryption (**E2EE**), the process may be less convenient (see table) but there is a huge benefit in terms of security. In Master Key mode, a master key is created on the server that has full permissions for all users, organisational units and roles. This -represents an additional attack vector, which does not exist in end-to-end mode. In return, however, +represents an additional attack vector, which doesn't exist in end-to-end mode. In return, however, in Master Key mode, users can be updated via synchronization with the Active Directory. Memberships of organisational units and roles are also imported. In the more secure end-to-end mode, this -synchronization of the changes must be carried out manually. +synchronization of the changes must be performed manually. -NOTE: It is technically possible to create several profiles with different modes. However, this is +:::note +It is technically possible to create several profiles with different modes. However, this is not recommended for the sake of clarity. +::: | Comparison of the modes | End-to-end mode | Master key mode | | ---------------------------------------------------------- | --------------- | --------------- | @@ -57,7 +59,7 @@ Secure. In contrast, a connection in **Master Key mode offers the highest level imports not only users, organisational units and roles but also their links and assignments. Synchronization with Active Directory is possible – **The AD is used as the leading system**. -## Users, groups and roles +## Users, groups, and roles When importing or synchronizing from Active Directory, users are also added as users in Netwrix Password Secure. Netwrix Password Secure also uses the organisational units as such. @@ -66,10 +68,14 @@ In order for Netwrix Password Secure to be quickly integrated into the given inf can also be directly imported from the Active Directory. Namely Active Directory Groups are used to password-safe roles. -NOTE: Groups in groups Memberships, which may be present in the Active Directory, will not be +:::note +Groups in groups Memberships, which may be present in the Active Directory, will not be displayed within Netwrix Password Secure. Both groups are imported as roles, but independent and not linked in any way. +::: -**CAUTION:** If Master Key mode has been selected for the Active Directory profile, the AD is the -leading system. In this mode, roles that have been imported cannot be changed locally in Netwrix +:::warning +If Master Key mode has been selected for the Active Directory profile, the AD is the +leading system. In this mode, roles that have been imported can't be changed locally in Netwrix Password Secure. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index eee5b94bd3..250a7818a4 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Maximum encryption -[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is @@ -34,15 +34,17 @@ The process for creating a new profile is started via the icon "manage profiles" ![New AD profile](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_1-en.webp) -NOTE: "End-to-end" needs to be set in the "Encryption" field +:::note +"End-to-end" needs to be set in the "Encryption" field +::: A **user** is required to access the AD. The user should be formatted as follows: Domain\user. It must have access to the AD. -- The relevant **user password** (domain password) is required for the user mentioned above +- The relevant **user password** (domain password) is required for the user specified in the previous field - **Direct search** is recommended for very large domain trees. The representation of the tree structure is omitted, elements can only be found and selected via the search. -- The **filter** can be used to directly specify an AD path as an entry point via an LDAP query. +- The **filter** lets you directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration – can be selected for the connection of the AD to Netwrix Password Secure: - Secure @@ -95,8 +97,10 @@ provides helpful functions for selecting the individual elements. In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. -NOTE: If individual users, organisational units, or roles cannot be selected for import, they have +:::note +If individual users, organisational units, or roles can't be selected for import, they have already been imported via another profile +::: ## Summary @@ -107,20 +111,24 @@ element is imported. The number of objects is added together at the bottom. ![Import wizard/Summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) -NOTE: Depending on the amount of data, it may take several minutes to create the summary. +:::note +Depending on the amount of data, it may take several minutes to create the summary. +::: ## Importing -The import itself is carried out by the server in the background. The individual elements then +The import itself is performed by the server in the background. The individual elements then appear in the list one by one. This may take some time, depending on the amount of import data. If the import is terminated, you will receive a confirmation. ![confirmation](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) -NOTE: As end-to-end encryption is retained in this mode, the server does not receive a key to match +:::note +As end-to-end encryption is retained in this mode, the server doesn't receive a key to match already imported users with the AD. There is thus no synchronization with the AD. Similarly, no memberships can be imported. After the import, users must be manually assigned to the appropriate organisational units and roles. +::: ## Imported users and organisational units @@ -150,11 +158,13 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | None | None | None | -NOTE: In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +:::note +In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +::: ## Logging into Netwrix Password Secure -Users imported in this mode can not login with the domain password. Rather, a password is generated +Users imported in this mode can't login with the domain password. Rather, a password is generated during import. This password is sent to the users by e-mail. If a user has not entered an e-mail address, the user name is entered as the password. The initial password can be changed by the administrator or the user himself at the first login. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index 5464b79721..20c867138f 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -36,7 +36,9 @@ The following information must be provided in the profile: - An optional **description** - Masterkey mode is selected for the **encryption** -NOTE: In the case of already created profiles, the encryption can no longer be changed. +:::note +In the case of already created profiles, the encryption can no longer be changed. +::: - The **domain** field is used to define which domain is to be read. The value entered here will also be used for authentication if no alternative spellings have been saved under **Other domain @@ -56,7 +58,7 @@ NOTE: In the case of already created profiles, the encryption can no longer be c updated on the next synchronization, regardless of whether the record has changed in the Active Directory or not. (This checkbox is automatically activated when you have edited the other responsible users and is deactivated again after the next synchronization). -- The **LDAP filter** can be used to directly specify an AD path as an entry point via an LDAP +- Use the **LDAP filter** to directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration (**Flags**) – can be selected for the connection of the AD to Netwrix Password Secure: @@ -66,23 +68,29 @@ NOTE: In the case of already created profiles, the encryption can no longer be c - Signing - Sealing -NOTE: The first two options are already activated by default when configuring a new profile. If a -connection is not possible, deactivate SecureSocketsLayer and try again. +:::note +The first two options are already activated by default when configuring a new profile. If a +connection isn't possible, deactivate SecureSocketsLayer and try again. +::: -- **Other responsible users or roles** can be used to define who is permitted to carry out the +- **Other responsible users or roles** defines who is permitted to perform the synchronization with the AD. -- The option **Other domain names** can be used to save alternative spellings of the login domain. +- Use the option **Other domain names** to save alternative spellings of the login domain. These must correspond to the spelling entered in the login window. For example, if a connection is being established to the domain **jupiter.local** or an IP address, the login can only be carried out with **jupiter\user** if **jupiter** has been saved here. -**CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the -generated certificate! If the database is being moved to another server, the certificate also needs -to be transferred! Further information can be found in the section +:::warning +The master key is added in form of a certificate. It is **essential to back up** the +generated certificate. If the database is being moved to another server, the certificate also needs +to be transferred. Further information can be found in the section [Certificates](/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md). +::: -NOTE: You can now use the option to integrate a RADIUS server. Read more in +:::note +You can now use the option to integrate a RADIUS server. See [RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +::: ## Import @@ -122,8 +130,10 @@ selection of the individual elements. ![select subjects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) -NOTE: If individual users cannot be selected for import, they have already been imported via an +:::note +If individual users can't be selected for import, they have already been imported via an end-to-end encrypted profile. +::: In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. @@ -147,7 +157,7 @@ this is symbolized by a hint. ## Imported users and organisational units -The users and organisational units imported in Masterkey mode cannot be edited in Netwrix Password +The users and organisational units imported in Masterkey mode can't be edited in Netwrix Password Secure. Therefore, any changes must be made in AD and synchronized. AD thus becomes the leading system. Affiliations to roles are also synchronized and must be set in the AD. In organisational units or roles created in Netwrix Password Secure, the users can be included directly in Netwrix @@ -175,23 +185,29 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | All with the "authorize" right | None | All with the "authorize" right | -NOTE: If a user is imported, he will be given those roles that he also had in AD insofar as these +:::note +If a user is imported, he will be given those roles that he also had in AD insofar as these roles already exist in Netwrix Password Secure or have also been imported. +::: ## Logging into Netwrix Password Secure -Users who are imported using this mode can log in with the domain password. Please note that no +Users who are imported using this mode can log in with the domain password. No domain needs to be specified when logging in. Of course, the login process can also be supplemented with [Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). -NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server +:::note +Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain -password. If the logon via Kerberos does not work – e.g. due to incorrect configuration of the +password. If the logon via Kerberos doesn't work – e.g. due to incorrect configuration of the domain controller – the logon via the NTLM protocol is attempted. However, these are all settings that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. +::: -**CAUTION:** Logging on to Netwrix Password Secure using SSO via Kerberos is currently not possible. +:::warning +Logging on to Netwrix Password Secure using SSO via Kerberos isn't possible. +::: ## Permissions to imported objects @@ -199,15 +215,17 @@ The rights to be issued to imported users are explained in the following example ![Permission MKM User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode_7-en.webp) -1. In Master Key mode, **all** users will be issued with the **read** right. -2. The **responsible user** will be issued with all rights and the key. This ensures that he can +1. In Master Key mode, **all** users are issued with the **read** right. +2. The **responsible user** is issued with all rights and the key. This ensures that he can also synchronize or change the user in the future 3. **Other responsible users** are issued with the same rights as the **responsible user** 4. The **Master Key** for the **Active Directory** profile will also be issued with all rights and - keys as it will be used for the synchronization -5. Finally, users will be issued with the rights for themselves + keys as it is used for the synchronization +5. Finally, users are issued with the rights for themselves -NOTE: All users and roles issued with **rights** to the imported object also receive its rights key. +:::note +All users and roles issued with **rights** to the imported object also receive its rights key. +::: ## Synchronization @@ -217,8 +235,10 @@ or deactivated according to the settings in the AD. If the membership of organis be changed, this can be done by **Drag & Drop**. New users and correspondingly defined roles are imported. -NOTE: If the tick was not set in the Synchronization column when a user is imported, no changes are +:::note +If the tick wasn't set in the Synchronization column when a user is imported, no changes are made. +::: ### Manual synchronization @@ -231,7 +251,7 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks -The synchronization can also be carried out automatically. This is made possible via the +The synchronization can also run automatically. This is made possible via the [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users @@ -241,9 +261,9 @@ next synchronization. For this purpose, it is necessary for the user to be impor **synchronizable** user. If the user is only deleted from Netwrix Password Secure but retained in Active Directory, a -synchronization needs to be carried out to delete it from the database. For this purpose, the wizard -is called up via **import**. The first step is to select an organisational unit. This has no effect -when simply deleting a user. The second step is to search for the user. Both ticks are removed. +synchronization needs to run to delete it from the database. For this purpose, the wizard +is opened via **import**. The first step is to select an organisational unit. This has no effect +when deleting a user. The second step is to search for the user. Both ticks are removed. After checking the summary, the process is concluded. The synchronization is completed and the user is deleted from the database. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md index 9f6b032355..7e9b796238 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 30 # RADIUS authentication -## What is the RADIUS authentication? +## RADIUS authentication overview RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol used primarily for authentication and authorization of users during dial-up connections in corporate networks. Netwrix diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md index bad86ef5f7..ad0b460743 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Directory services -It is possible to use existing user and group structures from external directories with Netwrix +You can use existing user and group structures from external directories with Netwrix Password Secure. Choose your preferred integration method: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md index f2975dd9af..4a208be550 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -13,14 +13,14 @@ from multiple Entra IDs, you can create multiple profiles. ## Introduction -## Why Entra ID? +## Entra ID benefits More and more companies use cloud services. Therefore, also the management of users is outsourced. Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password Secure integrates the possibility to bring in users and roles from Azure. To use users and roles from multiple Entra IDs, you can create multiple profiles. -Remember, In order to use Azure login with the windows application, +Remember, to use Azure login with the windows application, [WebView2](https://developer.microsoft.com/de-de/microsoft-edge/webview2/) from Microsoft must be installed on the client device. @@ -28,19 +28,19 @@ installed on the client device. The connection to the Entra ID differs in one special point from the connection to a conventional Active Directory. While Netwrix Password Secure queries the users, groups, and roles actively from -the conventional AD, the Entra ID is pushing them automatically to our server. For this a so-called +the conventional AD, the Entra ID is pushing them automatically to the server. For this a so-called [SCIM service](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) is used. -To login to Netwrix Password Secure, after entering the username a popup opens for the +To log in to Netwrix Password Secure, after entering the username a popup opens for the authentication with the entered Microsoft account. Here, a possible configured second factor is also requested. The authentication is handled via the [Open ID Connect protocol](https://openid.net/connect/). ### Linking Entra ID -Below you will find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure +The following instructions describe how to connect Entra ID to Netwrix Password Secure. In the Azure portal, go to the management page of your Microsoft Entra ID. Use an account with administrative -permissions for this. During this, login to Netwrix Password Secure with an account that has the +permissions for this. During this, log in to Netwrix Password Secure with an account that has the user right "Display organisational structure module", "Can manage Entra ID profiles", and "Can create new Entra ID profiles" enabled. @@ -48,10 +48,12 @@ create new Entra ID profiles" enabled. ### New enterprise application -Login to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of +Log in to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of your Microsoft Entra ID. -NOTE: You need an account with administrative permissions +:::note +You need an account with administrative permissions +::: - Write down your "Tenant ID" shown in the Azure console or by using PowerShell: @@ -62,27 +64,33 @@ Connect-AzureAD ``` - Navigate in your Entra ID to "Enterprise applications" -- Add an own application, that is not listed in the Azure Gallery – in our example, we name it +- Add an own application, that isn't listed in the Azure Gallery – in this example, it is named "Netwrix Password Secure" -NOTE: A key feature of Netwrix Password Secure is, that it is self-hosted by our customers. However, -to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure is not +:::note +A key feature of Netwrix Password Secure is, that it is self-hosted by the customers. However, +to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure isn't available in the Azure Gallery. +::: - When the application was created successfully, you are redirected to it automatically - Write down the "Application ID" - In the navigation, click "Users and groups" - Add the Users and groups that should be available to Netwrix Password Secure -**CAUTION:** The import of Azure groups as Netwrix Password Secure roles is only possible if you -have booked the Azure package Entra ID Premium P1! +:::warning +The import of Azure groups as Netwrix Password Secure roles is only possible if you +have booked the Azure package Entra ID Premium P1. +::: - Navigate to the "Provisioning" page - Configure the Provisioning Mode to "Automatic" ### Netwrix Password Secure Entra ID configuration -NOTE: Your Netwrix Password Secure user need the following permissions: +:::note +Your Netwrix Password Secure user need the following permissions: +::: ``` @@ -93,7 +101,7 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ``` - Navigate to the module "Organisational structure" -- In the toolbar, click on "Manage profiles" in the category "Entra ID" +- In the toolbar, click "Manage profiles" in the category "Entra ID" - Create the profile with your information - Insert the `Tenant ID` and the `Application ID` - As soon as the profile has been saved, a popup opens for generating a token @@ -103,18 +111,22 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ### Azure provisioning configuration Fill the fields "Tenant URL" and "Secret Token" with the information provided by Netwrix Password -Secure Click "Test Connection" When the test has been successful, click on "Save" at the top of the +Secure Click "Test Connection" When the test has been successful, click "Save" at the top of the page Back on the "Provisioning" page, click "Start provisioning" In the settings of the provisioning, check if "Provisioning Status" is set to "On" All allocated users and groups are created in Netwrix Password Secure now -NOTE: Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and +:::note +Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and roles are shown in Netwrix Password Secure. +::: -**CAUTION:** Please note that Azure establishes the connection to Netwrix Password Secure. For this, +:::warning +Azure establishes the connection to Netwrix Password Secure. For this, the client URL must be accessible from an external network / provisioning agent and any used SSL -certificate must be valid! If the users are not created in Netwrix Password Secure, consult the -Azure Enterprise Application Provisioning log for more information. +certificate must be valid. If the users aren't created in Netwrix Password Secure, consult the +Azure Enterprise Application Provisioning log for troubleshooting details. +::: ### Azure login configuration @@ -123,8 +135,8 @@ To enable the Azure login for your users, a few more steps are required: - Navigate to the Overview page of your Entra ID - Navigate to "App registrations" - If no application is displayed, click "All applications" -- Click on "Netwrix Netwrix Password Secure" and navigate to "Authentication" -- Click on "Add a platform", select "Web" and configure the required URIs: +- Click "Netwrix Password Secure" and navigate to "Authentication" +- Click "Add a platform", select "Web" and configure the required URIs: | Client | URI | | ------------------------ | ------------------------------------------------------------------------- | @@ -136,7 +148,7 @@ To enable the Azure login for your users, a few more steps are required: ![web_configuration_entra_id](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/web_configuration_entra_id.webp) -Click on "Add a platform", select "Mobile & desktop applications" and configure the required +Click "Add a platform", select "Mobile & desktop applications" and configure the required mobile-app URI: | Client | URI | @@ -147,7 +159,7 @@ mobile-app URI: #### Create client secret -Navigate to your Netwrix Netwrix Password Secure App registration -> Certificates & secrets -> +Navigate to your Netwrix Password Secure App registration -> Certificates & secrets -> Client secret Create a client secret: @@ -160,11 +172,11 @@ Copy it over to the Netwrix Password Secure Entra ID profile: #### Set API permissions -Finally, the API permissions for the Azure API have to be set, so the login to can be performed +Finally, the API permissions for the Azure API have to be set, so the log in to can be performed successfully. 1. Navigate to "API permissions" and click "Add a permission" 2. Select "Microsoft Graph" and then "Delegated permissions" 3. Set the checkboxes for "openid" and "profile" just under "OpenId permissions" -4. Click on "Add permissions" -5. Click on "Grant admin consent for YOUR_AD_NAME" +4. Click "Add permissions" +5. Click "Grant admin consent for YOUR_AD_NAME" diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md index 8825ca490e..efa0b42d1d 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -6,25 +6,25 @@ sidebar_position: 10 # Microsoft Entra ID Services FAQ -## Is it possible to migrate from LDAP to Entra ID? +## Migrating from LDAP to Entra ID -Currently, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is -not possible! +, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is +not possible. -## Which port is used for the SCIM endpoint for provisioning users/groups from Entra ID to the Application Server? +## SCIM endpoint port for provisioning users and groups from Entra ID to the Application Server 11015 is the port that will be used for the communication from Entra ID to Netwrix Password Secure. -## Does the Entra ID connection support nested groups? +## Entra ID connection support for nested groups -Due to Azure based technical limitations, Netwrix Password Secure does not support nested groups. +Due to Azure based technical limitations, Netwrix Password Secure doesn't support nested groups. -## Does Entra ID work on servers that are only available internally? +## Entra ID on servers that are only available internally -An integration on servers, that are not accessible from external sources, the integration of Entra +An integration on servers, that aren't accessible from external sources, the integration of Entra ID is also possible. For this, you can use the [Entra ID on-premises application provisioning to SCIM-enabled apps](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning). -This can be installed on all or only one application server. It must be noted that the IP or DNS +This can be installed on all or only one application server. the IP or DNS name of the "Tenent URL" specified in the subsequently created enterprise application is present in the alternative application names in the server certificate. Tip: `https://127.0.0.1:11015/scim` can also be specified as the "Tenent URL", in which case 127.0.0.1 must again be present in the @@ -52,6 +52,6 @@ alternative application names in the server certificate. - Click "Get started" - Set provisioning mode "Automatic" - Unhide "On-Premises Connectivity" -- Assign the just installed agent to this application by selecting it and click "Assign Agent(s)" +- Assign the just installed agent to this application by selecting it and click "Assign Agents" - It takes about 20 minutes until the agent is correctly connected to your application and you can proceed. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index 3948cb7583..74b2ec6aa5 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -6,9 +6,9 @@ sidebar_position: 40 # First factor -## What is meant by first factor? +## First factor overview -It is a process that regulates access to our system. +It is a process that regulates access to the system. ## Requirements @@ -25,19 +25,23 @@ The configuration is done via the user setting **First factor**. ![Smartcard 1st factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_2-en.webp) -NOTE: This option is only valid for users in master key mode +:::note +This option is only valid for users in master key mode +::: -**CAUTION:** Be Aware" The smartcard logon tries to determine whether the certificate belongs to the +:::warning +Be Aware" The smartcard logon tries to determine whether the certificate belongs to the user to be logged on based on the applicant in the smartcard certificate. This is done using regex, the default regex `^{username}[.@\\/-_:]({domain})$` or `^({domain})[.@\\/-_:]({username})$` is applied to the applicant. In this case, `{username}` is replaced with the user to be registered and `{domain}` is replaced with the domain in the AD profile in the regex and if the regex query is -positive, the user is registered. If the format of your applicant in your certificates is not +positive, the user is registered. If the format of your applicant in your certificates isn't compatible with these two regex queries, you must set a custom regex query in the Server Manager. -Please note that `{username}` for username and `{domain}` for the AD domain SHOULD be present in the +`{username}` for username and `{domain}` for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters. +::: -In addition, the smartcard certificate must of course also be valid on the server! +In addition, the smartcard certificate must of course also be valid on the server. ## Fido2 (only at the Web Application) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md index 1cbe829669..80743c9e24 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Managing users -## How are users managed in Netwrix Password Secure? +## User management in Netwrix Password Secure The way in which users are managed is highly dependent on whether Active Directory is connected or not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then @@ -25,14 +25,14 @@ Can add new users -Display organisational structure module ## Adding local users In general, new users are added in the same way as creating a local organisational unit. Therefore, -only the differences will be covered below. +only the differences are covered in the following sections. ### Creating users ![create user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/create-user-wc.webp) - **Allocated roles**: New users can directly be allocated one or more rolls when they are created -- **Change password on next login**: The user will be requested to change their user password on the +- **Change password on next login**: The user is requested to change their user password on the next login (obligatory) - **Account is deactivated**: The user is created with the status "deactivated". The account is thus not useable. The write rights for a user can be set/removed with this option. In editing mode, the @@ -41,17 +41,19 @@ only the differences will be covered below. checking the integrity and hierarchies of various pieces of information with one another but are not required to productively work with the information themselves. This could be a data protection officer or also an administrator in some cases. This would be the case if an administrator was - responsible for issuing permissions to other people but should not be able to view the data + responsible for issuing permissions to other people but shouldn't be able to view the data themselves. The property **restricted user** is used to limit the visibility of the password field. It thus deals with purely administrative users or controlling entities. -NOTE: Restricted users cannot view any passwords +:::note +Restricted users can't view any passwords +::: ### Configuring rights -The second tab of the wizard allows you to define the permissions for the newly created user. If an +The second tab of the wizard lets you define the permissions for the newly created user. If an allocated organisational unit or a rights template group was defined in the first tab, the new user -will inherit its permissions. Here, these permissions can be adapted if desired. +inherits its permissions. Here, these permissions can be adapted if desired. ### Configuring user rights @@ -61,26 +63,30 @@ globally defined user rights. ## Importing users -Importing from Active Directory can be carried out in two ways that are described in a separate +Importing from Active Directory can be performed in two ways that are described in a separate section. ## User licenses There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all -other editions you can only purchase Advanced view licenses. Please note that licensed Basic view -users are not able to use the Advanced view. However, Advanced view Users can also switch to the +other editions you can only purchase Advanced view licenses. Licensed Basic view +users aren't able to use the Advanced view. However, Advanced view Users can also switch to the Basic view. -**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a -Basic view user! +:::warning +For licensing reasons, it isn't intended to switch from a Advanced view user to a +Basic view user. +::: -Our sales team will be happy to answer any questions you may have about licensing. +The sales team will be happy to answer any questions you may have about licensing. -Display data to which the user is authorized In order to display the data to which a user is -authorized, you must right-click on the corresponding user in the organisational structure. In the -context menu that opens, you will find the following options under **displaying data records**: +Display data to which the user is authorized to display the data to which a user is +authorized, you must right-click the corresponding user in the organisational structure. In the +context menu that opens, you find the following options under **displaying data records**: Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates -NOTE: All authorizations for a data record are taken into account, regardless of whether you are +:::note +All authorizations for a data record are taken into account, regardless of whether you are authorized by a role or the user. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index c45176f6a7..56ae223b52 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -1,68 +1,68 @@ --- -title: "User passwords / logging in to client" -description: "User passwords / logging in to client" -sidebar_position: 10 +Title: "User passwords / logging in to client" +Description: "User passwords / logging in to client" +Sidebar_position: 10 --- # User passwords / logging in to client ## User passwords -Depending on the type of user, they will either be allocated their password in Netwrix Password -Secure or the login will be carried out using access data for the domain. How the user logs in also -differs according to the type of user. +Depending on the type of user, they are either allocated their password in Netwrix Password +Secure or the login will be performed using access data for the domain. How the user logs in also +Differs according to the type of user. ### Differences between users and passwords - **Local users** Local users are those users that were directly created in Netwrix Password Secure. These users must be directly assigned a password when they are created. If local users are - migrated from older versions, they receive a randomly generated password that is sent to them via - email. + Migrated from older versions, they receive a randomly generated password that is sent to them via + Email. - **AD users in end-to-end mode** These users must also be assigned a password in Netwrix Password - Secure. A new password will also be issued via email for these users in the case of a possible - migration. + Secure. A new password is also issued via email for these users in the case of a possible + Migration. - **AD users in Master Key mode** These users log in directly with access data for the domain. It is - thus not necessary to assign them a password. As these users directly authenticate themselves via - Active Directory, the currently saved password in Active Directory is thus always valid. These - users can still directly log in using the existing password even after a migration + Thus not necessary to assign them a password. As these users directly authenticate themselves via + Active Directory, the saved password in Active Directory is thus always valid. These + Users can still directly log in using the existing password even after a migration ### Required rights -Various rights are required in order to issue or change user passwords. One prerequisite is the user -right **Can display organisational structure module**. **Read** and **write** rights for the user -are also required. Finally, membership of the user is required. Normally, the user themselves and -the user who created or imported the user have the right to change their password. +Various rights are required to issue or change user passwords. One prerequisite is the user +Right **Can display organisational structure module**. **Read** and **write** rights for the user +Are also required. Finally, membership of the user is required. Normally, the user themselves and +The user who created or imported the user have the right to change their password. ![Permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_1-en.webp) ### Assigning and changing passwords As already explained, local users are directly assigned their initial password when the user is -created. The situation is different for users that are imported in end-to-end mode. They do not -possess a password directly after the import and can thus not log in. It is thus necessary to assign -passwords after the import. +Created. The situation is different for users that are imported in end-to-end mode. They don't +Possess a password directly after the import and can thus not log in. It is thus necessary to assign +Passwords after the import. -The passwords can be directly assigned or changed via the ribbon. Naturally, it is also possible to -select multiple users if e.g. several imported users should be assigned the same password. +The passwords can be directly assigned or changed via the ribbon. It is also possible to +Select multiple users if e.g. several imported users should be assigned the same password. ![change password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_2-en.webp) ### Change password on next login Even if several users receive the same initial password, it is sensible to force them to change it -to an individual password. There is a corresponding option for this purpose. In the case of **local -users**, this can be activated during the creation of the user. In the case of **users in end-to-end -mode**, this option is directly activated during import for security reasons. This option is -automatically deactivated after the user has successfully logged in and changed the password. +To an individual password. There is a corresponding option for this purpose. In the case of **local +Users**, this can be activated during the creation of the user. In the case of **users in end-to-end +Mode**, this option is directly activated during import for security reasons. This option is +Automatically deactivated after the user has successfully logged in and changed the password. ![change password next login](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_3-en.webp) ### Security of passwords -To guarantee that passwords are sufficiently strong, it is recommended that corresponding +To guarantee that passwords are sufficiently strong, Netwrix recommends that corresponding [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is -especially important to ensure here that user names are excluded. The password rule then still needs -to be defined as a user password rule. +Especially important to ensure here that user names are excluded. The password rule then still needs +To be defined as a user password rule. ## Logging in to the database @@ -70,7 +70,7 @@ The process for logging into the database differs depending on the type of user. ### Local user -Local users simply log in using their user name and the assigned password. +Local users log in using their user name and the assigned password. ![login username](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_4-en_415x238.webp) @@ -79,13 +79,15 @@ Local users simply log in using their user name and the assigned password. ## AD user If only one domain has been configured, the users from AD can also log in with their user name and -password the same as local users. If multiple domains have been configured or there is a local user -with the same name, the name of the domain must be entered in front of the user name +Password the same as local users. If multiple domains have been configured or there is a local user +With the same name, the name of the domain must be entered in front of the user name The name of the domain must be entered as it is configured in the AD profile under **Domains**. The -option **Other domain names** can be used to save other forms of the domain name. +Option **Other domain names** lets you save other forms of the domain name. ![AD User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_6-en.webp) -NOTE: The logon to the client is automatically forwarded to the Autofill Add-on and other clients on -the same computer. The same applies to logging on to the Autofill Add-on. +:::note +The logon to the client is automatically forwarded to the Autofill Add-on and other clients on +The same computer. The same applies to logging on to the Autofill Add-on. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index f2abe7d124..df97ac9d6c 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Multifactor authentication -## What is multifactor authentication? +## Multifactor authentication overview By means of multifactor authentication, you can save the login – in addition to the password – with a further factor. Setting up a multifactor authentication can be done by either the administrator or @@ -19,7 +19,7 @@ Manager. In the database module, open the settings for the selected database via ![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_1-en.webp) -It is possible to separately define in the settings whether it is permitted to use each interface on +You can separately define in the settings whether it is permitted to use each interface on the database. ![multifactor authentication](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_2-en.webp) @@ -29,9 +29,11 @@ the database. In the user settings, it is also possible to define the "Length of validity of a multifactor authentication token" in minutes. -NOTE: In order for a user (administrator) to be able to **configure** multifactor authentication for +:::note +In order for a user (administrator) to be able to **configure** multifactor authentication for other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It is important that these rights exist before Multifactor Authentication is set up. +::: ## Configuration of multifactor authentication @@ -51,18 +53,20 @@ QR code is displayed, which must be scanned using the Google Authenticator app o ![google authenticator](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_4-en.webp) -Once the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must -then enter it in the appropriate field. Finally, click on **Create** in the ribbon. +After the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must +then enter it in the appropriate field. Finally, click **Create** in the ribbon. ## RSA SecurID Token -To set up multifactor authentication using RSA SecurID, simply enter the RSA user name and click +To set up multifactor authentication using RSA SecurID, enter the RSA user name and click **Create** directly in the ribbon. ![RSA SecurID Token](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_5-en.webp) -NOTE: The prerequisite for the use of RSA SecurID token is that the access data has been stored in +:::note +The prerequisite for the use of RSA SecurID token is that the access data has been stored in the Database settings on the Server Manager. +::: ## Public key infrastructure @@ -71,7 +75,7 @@ All eligible certificates are displayed. ![Public key infrastructure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_7-en.webp) -Now just select the desired certificate from the list to confirm the process. +Select the desired certificate from the list to confirm the process. ## Yubico One Time Password @@ -84,7 +88,7 @@ The multifactor authentication can be deleted by the user himself or by another authorization. The rights **Read**, **Write**, **Authorize** and **Delete** are required for another user to perform the deletion. -In order to delete a file, you should go to the main menu. Under **Account** you will find the item +To delete a file, you should go to the main menu. Under **Account** you will find the item **Multifactor Authentication**. An alternative way is to enter the management of multifactor authentication via the organisational structure. To do so, select the corresponding user and click on the **Multifactor Authentication** ribbon. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md index 7be3d97af0..aab9f01689 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -8,7 +8,7 @@ sidebar_position: 20 ## Using OTP in Netwrix Password Secure -A one-time password is a password that is valid once and can be used for authentication or +A one-time password is a password that is valid once and supports authentication or transactions. Accordingly, each additional authentication or authorization requires a new one-time password. @@ -43,10 +43,12 @@ How to use the HTML WebViewer can be read in the chapter with the same name. ##### OTP in Emergency WebViewer -NOTE: The special feature of the Emergency WebViewer is that the stored OTP secret is also +:::note +The special feature of the Emergency WebViewer is that the stored OTP secret is also displayed. +::: -In order to use the One-Time-Password in the +To use the One-Time-Password in the [EmergencyWebViewer](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index 79b26a6621..f84526b8e6 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -30,13 +30,13 @@ The **One Time Password** is entered directly into the corresponding field. ![yubico OTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_3-en.webp) -Once the general terms and conditions have been approved, the API Key can be requested. +After the general terms and conditions have been approved, the API Key can be requested. ![yubico key](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_4-en.webp) ### Configuring the Yubikey API -The actual setting up of the multifactor authentication is carried out on the Server Manager in the +The actual setting up of the multifactor authentication is performed on the Server Manager in the **Database** module. First select the required data base; then open the "Features" in the ribbon. The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and saved. @@ -44,15 +44,17 @@ The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and The interface is now ready and can be used. -NOTE: The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for -communication with Yubico. Please make sure that the Netwrix Password Secure Server can connect to +:::note +The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for +communication with Yubico. Ensure that the Netwrix Password Secure Server can connect to this endpoint. +::: ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) -menu. In order to configure the Yubikey, simply select **Yubico OTP**. +menu. To configure the Yubikey, select **Yubico OTP**. ![setup second factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) @@ -62,7 +64,7 @@ only need to touch the touch panel. The same applies to **Yubikey Nano**. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) The token is entered directly into the corresponding field. The multifactor authentication is -configured once you’ve clicked on configure. +configured after you’ve clicked on configure. ![Configuration yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_8-en.webp) @@ -75,7 +77,7 @@ After the first password authentication, another window for the **Yubico Key** i ![Login yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_10-en.webp) -Click on the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. +Click the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md index 02c0ed46de..798478faf7 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -1,19 +1,19 @@ --- -title: "Organisational structure" -description: "Organisational structure" -sidebar_position: 40 +Title: "Organisational structure" +Description: "Organisational structure" +Sidebar_position: 40 --- # Organisational structure -## What are organisational structures? +## Organisational structures overview The storage of passwords or documents always takes place according to the defined organisational -structures. The module enables complex structures to be defined, which later form the basis for the -systematic storage of data. It is often possible to define them on the basis of already existing -organization diagrams for the company or department. It is also possible to use other criteria, such -as the function / activity performed, as the basis for creating hierarchies. It is always up to the -customer themselves to decide which structure is most useful for the purpose of the application. +Structures. The module enables complex structures to be defined, which later form the basis for the +Systematic storage of data. It is often possible to define them on the basis of already existing +Organization diagrams for the company or department. It is also possible to use other criteria, such +As the function / activity performed, as the basis for creating hierarchies. It is always up to the +Customer themselves to decide which structure is most useful to the application. ![Organizational structure modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) @@ -29,85 +29,93 @@ The following options are required for adding new organisational structures. ## Module-specific ribbon functions The operation of the ribbon differs fundamentally in a couple of aspects to how it works in other -modules. The following section will focus on only those elements of the ribbon that differ. The -remaining actions have already be explained for the password module. +Modules. The following section will focus on only those elements of the ribbon that differ. The +Remaining actions have already be explained for the password module. ![create new user/organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_2-en.webp) - **New organisational unit/user**: New organisational units or new users can be added via the - ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right - mouse button. Due to its complexity, there is a separate section for this function: + Ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right + Mouse button. Due to its complexity, there is a separate section for this function: [User management](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) -- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational - units in list view via drag & drop +- **Drag & Drop**: If this option has been activated, you can move users or organisational + Units in list view via drag & drop - **Permissions**: The configuration of permissions within the organisational structure is important - both for the administration of the structure and also as the basis for the permissions in - accordance with + Both for the administration of the structure and also as the basis for the permissions in + Accordance with [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md). The benefits of [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) are - explained in a separate section. + Explained in a separate section. - **Settings**: The settings can be configured for both users and also organisational units. More - information on [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… + Information on [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… - **Active Directory**: The connection to Active Directory is explained in a dedicated section [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - **Microsoft Entra ID**: The connection to Microsoft Entra ID is explained in a dedicated section - **Multi Factor authentication**: Additional security during login is provided through positive - authentication based on another factor. More on this subject… + Authentication based on another factor. More on this subject… - **Reset password**: Administrators can reset the passwords with which users log in to Netwrix - Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Password Secure to a defined value. This is only possible if the connection to Active Directory is configured - via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the - alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the - authentication is linked to the correct entry of the AD password. + Via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the + Alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the + Authentication is linked to the correct entry of the AD password. -NOTE: To reset a user password, membership for the user is a prerequisite. +:::note +To reset a user password, membership for the user is a prerequisite. +::: -The example below shows the configuration of a user where only the user themselves is a member. +The following example shows the configuration of a user where only the user themselves is a member. ![permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) -This configuration means that the user password cannot be reset by administrators. The disadvantage -is that if the password is lost there is no technical solution for "resetting" the password in the -system. +This configuration means that the user password can't be reset by administrators. The disadvantage +Is that if the password is lost there is no technical solution for "resetting" the password in the +System. -**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has -membership. No other interventions can be made if the password is then lost. +:::warning +It isn't recommended to configure the permissions so that only the user themselves has +Membership. No other interventions can be made if the password is then lost. +::: ## Adding local organisational units Both users and also organisational units themselves can be added as usual via the ribbon (alternatively via Ctrl + N or via the context menu). These processes are supported by various -wizards. The example below shows the creation of a new organisational unit: +Wizards. The following example shows the creation of a new organisational unit: ### Create organisational unit ![Add new organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) - **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, - it is not allocated to an existing organisational unit + It isn't allocated to an existing organisational unit - **Rights template group**: If an already existing organisational unit was selected under "allocated organisational unit", you can select one of the existing rights template groups. -NOTE: The organisational unit marked in list view will be used as a default. This applies to the -fields "allocated organisational unit" and also "rights template". +:::note +The organisational unit marked in list view will be used as a default. This applies to the +Fields "allocated organisational unit" and also "rights template". +::: ### Create role ![Create role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) -When creating a new organisational unit, the second tab in the wizard enables you to directly create -a new role. This role will not only be created but also given "read permission" to the newly created -organisational unit. +When creating a new organisational unit, the second tab in the wizard lets you directly create +A new role. This role will not only be created but also given "read permission" to the newly created +Organisational unit. ### Configuring rights ![Configuring rights](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) -The third tab of the wizard allows you to define the permissions for the newly created -organisational unit. If an allocated organisational unit or a rights template group was defined in -the first tab, the new organisational unit will inherit its permissions. These permissions can be -adapted if desired. +The third tab of the wizard lets you define the permissions for the newly created +Organisational unit. If an allocated organisational unit or a rights template group was defined in +The first tab, the new organisational unit will inherit its permissions. These permissions can be +Adapted if desired. -NOTE: The **organisational structure** module is based on the Web Application module of the same -name. Both modules have a different scope and design but are almost identical to use. +:::note +The **organisational structure** module is based on the Web Application module of the same +Name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md index 0d090cc864..d66a273de2 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Inheriting permissions -## What is inherited in organisational structures? +## Inheritance in organisational structures -If you open the permissions for an organisational structure, the currently configured permissions +If you open the permissions for an organisational structure, the configured permissions will be visible. In the following example, there are a total of four roles with varying permissions for the organisational structure. @@ -34,5 +34,7 @@ The two highlighted options are now available on the ribbon. Both mechanisms are protected by a confirmation prompt. If both "inherit" and also "overwrite" are selected, "overwrite" is considered the overriding function. -**CAUTION:** Both mechanisms are not protected by user rights. The **authorize** right for the +:::warning +Both mechanisms aren't protected by user rights. The **authorize** right for the organisational structure is required to activate the inheritance or overwrite functions. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index 1a93abebea..caa124c593 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -16,7 +16,7 @@ permissions for organisational structures. [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective [Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). - Configuration of the visibility is carried out directly when issuing permissions to + Configuration of the visibility is performed directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) @@ -25,14 +25,14 @@ permissions for organisational structures. organisational structures. The way in which permissions for organisational structures are designed thus effects the subsequent -work with Netwrix Password Secure in many ways. The following diagram describes the above-mentioned +work with Netwrix Password Secure in many ways. The following diagram describes these interfaces. ![Permissions for organizational structures](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_1-en.webp) ## Permissions -The visibility and also inheritance mechanisms are not considered below. This section exclusively +The visibility and also inheritance mechanisms aren't considered in this section. This section exclusively deals with permissions for the actual organisational structure. It deals with which users and roles have what form of permissions for a given organisational structure. Permissions for organisational structures can be defined via the ribbon or also the context menu that is accessed using the right @@ -40,23 +40,29 @@ mouse button. A permissions tab appears: ![Permissions for OU](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_2-en.webp) -NOTE: The basic mechanisms for setting permissions is described in detail in the Authorization +:::note +The basic mechanisms for setting permissions is described in detail in the Authorization concept. +::: -**CAUTION:** It is important that the permissions displayed here are interpreted correctly! The -example above shows the permissions for the "organisational structure IT". +:::warning +It is important that the permissions displayed here are interpreted correctly. The +example shows the permissions for the "organisational structure IT". +::: -The user Max Muster possesses all rights to the organisational structure IT and can thus edit, -delete and also grant permissions for this structure. +The user Max Muster possesses all rights to the organisational structure IT, and can thus edit, +delete, and also grant permissions for this structure. ## The add right -The "add" right holds a special position amongst the available rights because it does not refer to +The "add" right holds a special position amongst the available rights because it doesn't refer to the organisational unit itself but rather to data that will be created within it. In general, it is fair to say that to add objects in an organisational unit requires the add right. If a user wants to -add a new record to an organisational unit, the user requires the above-mentioned right. In the -example above, only the administrator has the required permissions for adding new records. Even the -IT manager – who possess all other rights to the organisational structure "IT" – does not have the +add a new record to an organisational unit, the user requires the add right. In the +previous example, only the administrator has the required permissions for adding new records. Even the +IT manager – who possess all other rights to the organisational structure "IT" – doesn't have the right to add records. -**CAUTION:** The add right merely describes the right to create objects in an organisational unit. +:::warning +The add right merely describes the right to create objects in an organisational unit. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md index c5ad12aed1..4a651b229f 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -30,7 +30,7 @@ and "Linked passwords". ### Trigger -Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. +Triggers describe the conditions that need to be fulfilled so that a Password Reset is performed. There are a total of three possible triggers available: - Reset the password x minutes after the password has been viewed @@ -42,8 +42,10 @@ triggers is equivalent to deactivating the Password Reset. All three triggers ca deactivated independently of one another. Only one selection can be made in each of the three categories. -NOTE: A separate system task within Netwrix Password Secure checks every minute whether a trigger +:::note +A separate system task within Netwrix Password Secure checks every minute whether a trigger applies. +::: ### Scripts @@ -58,12 +60,14 @@ A new dialogue appears after the selection in which the type of system "to be re The functions and configuration process are described in detail in the section Scripts. -NOTE: It is not possible to create a Password Reset without an associated script. +:::note +It isn't possible to create a Password Reset without an associated script. +::: ### Linked passwords All records that should be reset with the Password Reset according to the selected trigger are listed under “Linked passwords”. Multiple objects can be entered. The linked Password Reset is also -visible in the footer of the reading pane once it has been successfully configured. +visible in the footer of the reading pane after it has been successfully configured. ![new script password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index a78d1678c9..96f3da2d7a 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -6,10 +6,10 @@ sidebar_position: 50 # Heartbeat -## What is the heartbeat? +## Heartbeat overview The heartbeat checks whether passwords in Netwrix Password Secure match the login data on the -relevant systems. This process ensures that the passwords do not differ from one another. +relevant systems. This process ensures that the passwords don't differ from one another. ## Requirements @@ -33,14 +33,14 @@ The testing process using the heartbeat can be executed via various methods. ## Testing via Password Reset -The heartbeat is always carried out before the first resetting process using a Password Reset. After -the script has run, the testing process is carried out again. Further information on this process +The heartbeat is always performed before the first resetting process using a Password Reset. After +the script has run, the testing process is performed again. Further information on this process can also be found in the section [Rollback](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing The heartbeat can be executed in the ribbon for the password module by clicking on **Check login -data**. The currently marked password is always tested. +data**. The marked password is always tested. ### Automatic testing via the password settings @@ -61,8 +61,8 @@ the mouse over the icon. The icon has three different versions. These have the following meanings: -The last test was successful. The password is correct The test could not be performed. For example, -the password could not be reached. The last test was completed. However, the password is different +The last test was successful. The password is correct The test couldn't be performed. For example, +the password couldn't be reached. The last test was completed. However, the password is different to the one on the target system. ## Filtering the results diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md index 6b9cc63df7..897427e618 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -27,7 +27,7 @@ logbook entries are written: | Execution Error | Password Reset | | Error during rollback | Password Reset | -If an attempt was made to perform a rollback, but the rollback cannot be performed because the old +If an attempt was made to perform a rollback, but the rollback can't be performed because the old password was incorrect before the reset, or the first script is of the type “user-defined”, the following logbook entry is written: @@ -36,7 +36,7 @@ following logbook entry is written: | Error during rollback | Password Reset | If a password reset has failed and an attempt is made to perform a rollback, the reset is blocked -for one day and the following logbook entry is written: (It does not matter if the rollback worked +for one day and the following logbook entry is written: (It doesn't matter if the rollback worked or not) | Logbook type | Logbook record | diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md index c84a61949b..5c297992de 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Password Reset -## What is a Password Reset? +## Password Reset overview The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to a new and unknown value according to freely definable triggers. A trigger could be a definable time @@ -15,15 +15,19 @@ Password Secure and also on the target system.** ![Password reset diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_1-en.webp) -This process will be explained below using a specific example. The password for the MSSQL user has +The following example explains this process. The password for the MSSQL user has expired. The Password Reset changes the password in Netwrix Password Secure and also in the target system to a new value. ![Password reset process diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_2-en.webp) -NOTE: If an error occurs during the execution of a password reset, the affected reset is blocked +:::note +If an error occurs during the execution of a password reset, the affected reset is blocked with all associated passwords. This is noted in the logbook with an entry "blocked". +::: -**CAUTION:** Due to the complexity of the process, it is strongly recommended that Password Reset is +:::warning +Due to the complexity of the process, it is strongly recommended that Password Reset is configured **in combination with certified partners**. The desired simplification of work processes -using the above-mentioned automated functions is accompanied by numerous risks. +using these automated functions is accompanied by numerous risks. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md index 823b2016ae..39402ed070 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Rollback -## What is a rollback? +## Rollback overview If an error occurs while running a script, a rollback is initiated. This ensures that the original password is restored. -## When does a rollback run? +## Rollback execution conditions The following diagram shows when and according to which criteria a rollback is initiated: @@ -25,5 +25,5 @@ rollback. ## Logbook -The logbook can be used to see if a rollback has been run and if it was successful. After a +The logbook lets you see if a rollback has been run and if it was successful. After a rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md index a1b706fffb..583af810ca 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -9,7 +9,7 @@ sidebar_position: 30 ## Available scripts The following scripts are supplied and can be directly used. In all scripts, a password is firstly -selected in the upper section. This is not the password that will be reset on the target system. +selected in the upper section. This isn't the password that is reset on the target system. Instead, a user should be entered here that can complete the rest of the process on the target system. This password thus requires administrative rights to the target system. @@ -32,7 +32,7 @@ changed. The **host name** – i.e. the target computer – and the **service na ![Service accounts scripts](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) -Please note that the **display name** for the **service** needs to be used. +The **display name** for the **service** needs to be used. ![display name service](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) @@ -48,7 +48,7 @@ The access data in the associated password can be saved as follows: ## Windows user -This script can be used to reset the passwords for local Windows users. Only the **host name** needs +Use this script to reset the passwords for local Windows users. Only the **host name** needs to be saved here. ![Windows user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) @@ -77,6 +77,6 @@ script **Active Directory user**. ## Planned task The passwords for users of Windows Task Scheduler can be changed using this script. The **host -name** of the computer on which the task will run and the **name** of the task itself are entered. +name** of the computer on which the task runs and the **name** of the task itself are entered. ![planned task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_9-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 2a3c58fa5a..acb8210dc7 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -8,11 +8,11 @@ sidebar_position: 40 ## Individual solutions using your own scripts -If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible +If your requirements can't be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. -## Storage location, name and call +## Storage location, name, and call The scripts must be saved in the following directory: `C:\ProgramData\MATESO\Password Safe and Repository Service\System\PowerShell` @@ -44,17 +44,17 @@ The following standard parameters can be used here: - UserName: The user name for which the password should be changed - Password: The password that should be reset -- CredentialsUserName: The user name of the user authorized to carry our the reset (e.g. +- CredentialsUserName: The user name of the user authorized to carry the reset (e.g. administrator) - CredentialsPassword: The password of the authorized user ### Scriptblock The **scriptblock** can be used when the script should run in the context of another user. The -actual change is then carried out in the **scriptblock**. +actual change is then performed in the **scriptblock**. It is important in this case that you provide Netwrix Password Secure with feedback about what has -been changed via a **Write-Output**. The following example simply uses the outputs **true** or +been changed via a **Write-Output**. The following example uses the outputs **true** or **false**. However, it is also conceivable that an error message or similar is output. @@ -69,7 +69,7 @@ been changed via a **Write-Output**. The following example simply uses the outpu ``` -Naturally, CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. +CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. without the **scriptblock**). You can view the supplied MSSQL script as an example. ### Invoke diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md index 66879a2767..d380fa4328 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Creating new passwords -## What does creating new passwords/records mean? +## Creating new passwords and records overview Saving a record/password stores information in the MSSQL database. This process is started in the Passwords module for the client. It is accessed either via the icon in the ribbon, using the keyboard shortcut "CTRL + N" or via the context menu that is accessed using the right mouse button -in list view. The next step is to select a suitable form that will open in a modal window. +in list view. The next step is to select a suitable form that opens in a modal window. ## Requirements @@ -22,7 +22,7 @@ The following 2 user rights are required: ## Selecting a form -When creating a new record, it is possible to select from all the forms for which the logged-in user +When creating a new record, you can select from all the forms for which the logged-in user has the required permissions. To make the selection process as easy as possible, a preview of the form fields included in the form is shown on the right hand side. @@ -35,7 +35,7 @@ forms is covered in a separate section) ## Entering data -The window for creating a new record always open in a separate tab. As can be seen below, the +The window for creating a new record always opens in a separate tab. The corresponding form fields for the previously selected form can now be filled. Password fields deserve special mention here because they can be handled differently based on password rules. The record can be saved via the ribbon when all fields have been filled. @@ -51,7 +51,7 @@ record. Both values are optional. - The **validity** defines an end date until which the record is valid. This information can be evaluated e.g. in the logbook or in reports. It is thus possible to create a list of all expired - passwords for a user or an authorized entity. However, it is not possible to limit the usability + passwords for a user or an authorized entity. However, it isn't possible to limit the usability of expired passwords for security reasons. - **Tags** are freely definable properties of records that can be used as search criteria. This also allows thematically linked information to be grouped together. @@ -59,29 +59,35 @@ record. Both values are optional. ## Setting permissions for new records In principle, there are various approaches for setting permissions for newly created records. All of -them have already been described in the Authorization concept section. It is important to note here +them have already been described in the Authorization concept section. note here that **manual setting of permissions is only possible after saving** a record. Automatic permissions are set before the record is saved. In this context, the selection of the organisational structure and the permissions for a record are important aspects. ![permissions new record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_4-en.webp) -- **Manual setting of permissions**: If you want to manually set permissions for the record, select +- **Manual setting of permissions**: To manually set permissions for the record, select the organisational structure in which the record should be saved. After saving the record, the - permissions can be manually amended via the permissions tab in the ribbon. If you only want to - create a personal record for which no other user will receive permissions, simply select your own + permissions can be manually amended via the permissions tab in the ribbon. To + create a personal record for which no other user receives permissions, select your own organisational structure and conclude the process with "save" via the ribbon. -NOTE: If any kind of automatic permissions have been activated for the selected OU, this will always -be prioritized. +:::note +If any kind of automatic permissions have been activated for the selected OU, this is always +prioritized. +::: -**CAUTION:** Even when creating private records, inheritance of permissions based on the logged-in +:::warning +Even when creating private records, inheritance of permissions based on the logged-in user can also be activated as an option. This option is described in a separate section. +::: -NOTE: The user right Allow sharing of personal passwords can be used to define that personal -passwords cannot be released to other users. +:::note +The user right Allow sharing of personal passwords lets you define that personal +passwords can't be released to other users. +::: -**Automatic setting of permissions**: Automatic setting of permissions is carried out before the +**Automatic setting of permissions**: Automatic setting of permissions is performed before the record is saved. Irrespective of whether predefined rights or rights inheritance is being used, the -configuration is always carried out in the organisational structure or permissions area. Saving the +configuration is always performed in the organisational structure or permissions area. Saving the record thus completes the process for creating the password including the issuing of permissions. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md index 9d246adca8..af0bba104a 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -6,10 +6,10 @@ sidebar_position: 40 # Form field permissions -## What are form field permissions? +## Form field permissions overview The authorization concept allows separate permissions to be set for each object. These objects could -be records, forms or users. Netwrix Password Secure goes one step further in this context. Every +be records, forms, or users. Netwrix Password Secure goes one step further in this context. Every single form field for a record can also be granted with separate permissions. It is thus possible to grant different permissions for the password field of a record than are set for the other fields. @@ -25,11 +25,11 @@ The following options are required to view "inherit" and "overwrite" icons. ## Configuration The associated form field permissions for the marked record can be opened via the ribbon using the -drop-down menu under "Permissions". +dropdown menu under "Permissions". ![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_1-en.webp) -The window that opens allows you to select the relevant form field for which you want to grant +The window that opens lets you select the relevant form field for which you want to grant permissions. The following example focuses on the password field. ![permissions of password field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_2-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md index 2b897e9f10..45e7e23ae7 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md @@ -6,17 +6,17 @@ sidebar_position: 60 # History -## What is the history? +## History overview Alongside saving passwords and keeping them safe, the ability to trace changes to records also has great relevance. The history maintains a seamless account of the versions for all form fields in a -record. Every change to records is separately recorded, saved and can thus also be restored. In +record. Every change to records is separately recorded, saved, and can thus also be restored. In addition, it is always possible to compare historical values with the current version. The history is thus an indispensable component of every security concept. ## The history in the reading pane -The optional footer area can be used to already display the history when in the reading pane. All of +The optional footer area lets you already display the history when in the reading pane. All of the historical entries are listed and sorted in chronological order. ![history in footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) @@ -29,7 +29,7 @@ in the ribbon or via a double click. ## Detailed history in the Extras -The detailed history for the record marked in list view can be called up in the Start/Extras tab. +The detailed history for the record marked in list view can be opened in the Start/Extras tab. ![History](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) @@ -40,7 +40,7 @@ versions with the date and time of their last change are sorted in chronological ## Comparison of versions -At least two versions need to be selected in order to carry out a comparison. In list view, mark the +At least two versions need to be selected to carry out a comparison. In list view, mark the first version and then add another version via the “Add” button on the right of the reading pane to compare with the first one. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md index 345a9483b1..586bf82a26 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -6,14 +6,13 @@ sidebar_position: 30 # Moving passwords -## What happens when records are moved? +## Record movement behavior -Data can be moved within Netwrix Password Secure to another organisational structure. This does not -necessarily have to be linked to a change in permissions (the effects are described separately -below). Moving records without changing the permissions mainly has effects on the filtering or +Data can be moved within Netwrix Password Secure to another organisational structure. This doesn't +necessarily have to be linked to a change in permissions (the effects are described in the following section). Moving records without changing the permissions mainly has effects on the filtering or search functions for records. -## How do you move a record? +## Move a record The (marked) records are moved either via the ribbon or via the context menu that is accessed using the right mouse button. @@ -25,7 +24,7 @@ records in this case. ### Required permissions -No special user rights/settings are required in order to move records. The “move” right for the +No special user rights/settings are required to move records. The “move” right for the record is the only deciding factor. ![required permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_2-en.webp) @@ -34,15 +33,17 @@ record is the only deciding factor. ![effects on existing permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_3-en.webp) -- **Retain permissions**: The permissions for the record are not changed by moving it and are +- **Retain permissions**: The permissions for the record aren't changed by moving it and are retained - **Overwrite permissions**: The permissions for the record are overwritten by the target OU - **Extend permissions**: The existing permissions are extended to include the permissions for the target OU -**CAUTION:** From a technical perspective, all rights will be removed from the record when -overwriting the permissions. The permissions will then be applied to the record in accordance with -the rights template or inheritance from organisational structures. It is important to note here that -it is theoretically possible to remove your own rights to the record! The rights change will only be -carried out if at least one user retains the right to issue permissions as a result. Otherwise, the -rights change will be cancelled with a corresponding message. +:::warning +From a technical perspective, all rights are removed from the record when +overwriting the permissions. The permissions are then applied to the record in accordance with +the rights template or inheritance from organisational structures. Note here that +it is theoretically possible to remove your own rights to the record. The rights change is only +performed if at least one user retains the right to issue permissions as a result. Otherwise, the +rights change is cancelled with a corresponding message. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md index bcb187aa92..9410d3d407 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -6,16 +6,16 @@ sidebar_position: 50 # Password settings -## What are password settings? +## Password settings overview -The password settings can be used to define a diverse range of options. These can be found in the +The password settings lets you define a diverse range of options. These can be found in the ribbon in the subsection “Extras”. The settings open up in a new tab. ![password settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings_1-en.webp) ### Category: Browser -- **Default browser**: This option can be used to define a default browser for every record +- **Default browser**: Use this option to define a default browser for every record separately. You can select from all browsers that have been registered as a browser in Windows. ### Category: SSO @@ -26,7 +26,7 @@ ribbon in the subsection “Extras”. The settings open up in a new tab. - **Browser Extensions**: Automatically fill login masks: This setting defines whether the login masks are automatically filled when logging in via SSO. This is the case when the user is located on a login page. If the record for this page has been saved, the login mask will be filled if this - option has been activated. Otherwise, this step needs to be carried out manually via the add-on. + option has been activated. Otherwise, this step needs to be performed manually via the add-on. If multiple records have been saved for this page, the user must complete this step manually via the add-on in both cases. - **Browser Extensions**: Automatically send login masks: If this option has been activated, the diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md index 205a7fddfa..d7bb7c3aa8 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md @@ -6,13 +6,12 @@ sidebar_position: 10 # Passwords -## What are passwords? +## Passwords overview In Netwrix Password Secure v8, the data record with the passwords represents the central data object. The Passwords module provides administrators and users with central access to the passwords -for the purpose of handling this sensitive data that requires protection. Search filters in -combination with color-highlighted tags enable very focussed work. Various approaches can be used to -help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module +to handling this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. Various approaches help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module helps all users to use Netwrix Password Secure in an efficient and targeted manner. ![Password modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_1-en.webp) @@ -28,7 +27,7 @@ The following user right is required for adding new passwords: The ribbon offers access to all possible actions relevant to the situation at all times. Especially within the "Passwords" module, the ribbon plays a key role due to the numerous module-specific functions. General information on the subject of the ribbon is available in the relevant section. -The module-specific ribbon functions will be explained below. +The following sections explain the module-specific ribbon functions. ![ribbon functions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_2-en.webp) @@ -40,7 +39,7 @@ The module-specific ribbon functions will be explained below. - **Open**: Opens the object marked in list view and provides further information about the record in the reading pane. - **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). -- **Reveal**: The function **Reveal** can be used for all records that have a password field. The +- **Reveal**: The function **Reveal** applies to all records that have a password field. The passwords in the reading pane will be revealed. In the example, the passwords have been revealed and can be hidden again with the **Hide** button. @@ -49,10 +48,10 @@ The module-specific ribbon functions will be explained below. ### Actions - **Notifications**: Defining notifications enables a constant flow of information about any type of - interaction. The issuing of notifications is carried out in the module designed for this purpose. + interaction. Notifications are configured in the module designed for this purpose. - **Duplicate**: Duplicating creates an exact copy of the record in a new tab. - **Move**: Moves the record marked in list view to another organisational structure. -- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch +- **Toggle** **Favorite**: The selected record is marked as a favorite. you can switch between all records and favorites at any time. - **Quick view**: A modal window opens for the selected record for 15 seconds and displays all available information **including the value of the password**. @@ -60,7 +59,7 @@ The module-specific ribbon functions will be explained below. ### Permissions -- **Permissions**: The drop-down menu can be used to set both password permissions and also form +- **Permissions**: Use the dropdown menu to set both password permissions and also form field permissions. This method only allows the manual setting of permissions for data (see authorization concept) @@ -86,7 +85,7 @@ Conveniently working with passwords is only possible via the efficient usage of via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with (unsecure) entries via "copy & paste". -- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open +- **Open web page**: If a URL is saved in the record, use this menu option to directly open it. - **Applications**: If applications have been linked to records, they can be directly opened via the "start menu". @@ -98,18 +97,22 @@ via RDP, SSH, general Windows applications or websites. This makes it possible t ![external link](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_5-en.webp) -**CAUTION:** If several sessions are opened on a client, an external link is always called in the +:::warning +If several sessions are opened on a client, an external link is always called in the first session. +::: - **History**: This icon opens the history for those records selected in list view in a new tab. Due to the comprehensive recording of historical versions of passwords, it is now possible to compare several versions with one another. -- **Print**: This option can be used to open the print function. -- **Export**: It is possible to export all the selected records and also the data defined by the +- **Print**: Use this option to open the print function. +- **Export**: you can export all the selected records and also the data defined by the filter to a .csv file. -- **Change form**: It is possible to change the form used for individual records. "Mapping" of the - previous form fields can be directly carried out in the process. +- **Change form**: you can change the form used for individual records. "Mapping" of the + previous form fields can be directly completed in the process. - **Settings**: The password settings are described in a separate section. -NOTE: The password module is based on the module of the same name in the Web Application. Both +:::note +The password module is based on the module of the same name in the Web Application. Both modules have a different scope and design. However, they are almost identical to use. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md index 9e3a039c62..6d6e18c769 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -6,12 +6,12 @@ sidebar_position: 70 # Recycle Bin -This option allows you to view and permanently delete deleted passwords to which you are entitled. +This option lets you view and permanently delete deleted passwords to which you are entitled. ## Procedure for deleting passwords To put passwords into the recycle bin there are 2 possible procedures. Select the passwords you want -to delete and click on **Move to bin (1)** or right-click on the passwords and select **Move to +to delete and click **Move to bin (1)** or right-click the passwords and select **Move to bin(2)**. ![bin_2](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/bin_2.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md index f9080a3f71..cee5147dcf 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Revealing passwords -## What is involved in revealing passwords? +## Revealing passwords overview Not all information is encrypted by the MSSQL database in Netwrix Password Secure for performance reasons. Only the password itself (=secret) is encrypted with the help of the used encryption @@ -16,7 +16,7 @@ secured via access permissions, this process enables the **maximum possible work methods**. Revealing passwords describes the mechanism by which a password is made visible to the user in the client. This process for dealing with passwords very precisely reflects the importance of data security in Netwrix Password Secure – and this process will thus be described in detail -below. +in the following sections. ### Example case @@ -29,32 +29,32 @@ means the user can view the value of the password using the "reveal" function. ## Revealing passwords – diagram -In this context, it is important to note that the word "reveal" does not really accurately describe +In this context, the word "reveal" doesn't really accurately describe this process. It creates the **incorrect** impression that the client already has the password and only needs to reveal it. However, the processes running in the background until the password are -revealed are much more complex and will thus be described below. +revealed are much more complex and are described in the following diagram. ![revealing password diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords_2-en.webp) ### Saving the password on the server Even though you would assume the opposite, at the start a masked password (\*) is neither available -on the client nor the server in plain text! The password is stored as part of the MSSQL database in -a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it is not -currently possible either on the server or the client to view the password. If you mark a record, -the password is not available at all on the client and is encrypted on the server before it is +on the client nor the server in plain text. The password is stored as part of the MSSQL database in +a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it isn't + possible either on the server or the client to view the password. If you mark a record, +the password isn't available at all on the client and is encrypted on the server before it is revealed. ### The encrypted password is requested Pressing the "reveal"- button triggers the process for requesting the password. A request is sent to -the server to apply for the encrypted password to be released. The server itself does not possess +the server to apply for the encrypted password to be released. The server itself doesn't possess the required key (private key) to decrypt the password. Therefore, it can only deliver the **encrypted value**. ### Checking the permissions -Whether the request sent in step 2 is approved is defined in the authorization concept. Once the +Whether the request sent in step 2 is approved is defined in the authorization concept. After the request has been received, the server checks whether the user possess the required rights. It also checks the possible existence of other security mechanisms such as a seal or password masking. If the necessary requirements for releasing the password have been met, the server now sends the diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md index 49929697c6..4965faa997 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Roles -## What are roles? +## Roles overview Each employee in a company is ultimately a member of a department and / or part of a particular function level. These departments or groups are mapped within Netwrix Password Secure using the role @@ -55,25 +55,29 @@ present in a company is the starting point for the success of Netwrix Password S design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all the requirements of all project participants have been met. -## Why are there no groups? +## Roles instead of groups Netwrix Password Secure enforces the avoidance of unnecessary structures through the role concept. A -group-in-group nesting is not supported – and is not necessary at all. The resultant increase in +group-in-group nesting isn't supported – and isn't necessary at all. The resultant increase in performance as well as increased overview promotes efficiency and effectiveness. The elegant interplay of organisational structures, roles, and granular filter options can cover all customer-specific scenarios. -NOTE: This architecture makes nesting of roles obsolete. +:::note +This architecture makes nesting of roles obsolete. +::: ## Overview of members for a role As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with -permissions but without membership of the role are not taken into account. +permissions but without membership of the role aren't taken into account. ![role overview](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) -NOTE: The roles module is based on the +:::note +The roles module is based on the [Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md index b4f38d29cf..9372b760b2 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Account -## What is an account? +## Account overview -Users can configure all user-specific information in their account. It should be noted that if the +Users can configure all user-specific information in their account. if the [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) -process is used, user data will always be taken from Active Directory – editing this information in +process is used, user data is always taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. ![account](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/installation_with_parameters_123-ewn.webp) @@ -21,35 +21,45 @@ All of the information in the contact and address sections can be defined under areas of the profile overlap with the **management of users.** This information is explained in [Managing users](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). -NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this -case, all information will be imported from AD. +:::note +No changes can be made to users that were imported from AD using Master Key mode. In this +case, all information is imported from AD. +::: #### Editing user image A new image can be added or the existing one replaced or deleted by clicking on the profile image. -NOTE: No changes can be made to users that were imported from AD with the aid of Master Key mode. If -an image has been saved in AD, it will be used here. +:::note +No changes can be made to users that were imported from AD with the aid of Master Key mode. If +an image has been saved in AD, it is used here. +::: #### Change password -It is recommended that the user password is changed on a regular basis. If you want to use a new -password, it is necessary to enter the existing password in advance. The strength of the password -will be directly displayed. +Netwrix recommends that the user password is changed on a regular basis. To use a new +password, you must enter the existing password in advance. The strength of the password +is directly displayed. -NOTE: Users who were imported from AD with the aid of Master Key mode log in with the domain +:::note +Users who were imported from AD with the aid of Master Key mode log in with the domain password. Therefore, no password can be configured in this case. +::: -NOTE: The strength of the user password can be stipulated by administration through the issuing of +:::note +The strength of the user password can be stipulated by administration through the issuing of password rules. +::: -NOTE: If a user changes his or her password, all sessions that are still open are automatically +:::note +If a user changes his or her password, all sessions that are still open are automatically terminated. +::: #### Multifactor authentication Multifactor authentication provides additional protection through a second login authentication -using a hardware token. The configuration is carried out via the ribbon in the “Security” section. +using a hardware token. The configuration is performed via the ribbon in the “Security” section. See also in [Multifactor authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) @@ -57,10 +67,10 @@ See also in #### Configure autologin -This option can be used to automate the login to Netwrix Password Secure. For setup, just enter the +Use this option to automate the log in to Netwrix Password Secure. For setup, enter the password twice and save it. -The autologin is linked to the hardware and thus will not work on a different computer. If you +The autologin is linked to the hardware and thus does not work on a different computer. If you change the hardware or the hardware ID, an existing autologin needs to be recreated. #### Relevant right @@ -71,11 +81,15 @@ User right - Can manage autologin -**CAUTION:** The automatic login should be handled as a process critical to security. It is -important to note that all data can be accessed, for example, if you forget to lock the computer. +:::warning +The automatic login should be handled as a process critical to security. It is +important to all data can be accessed, for example, if you forget to lock the computer. +::: -NOTE: For security reasons, the autologin is only valid for 180 days and then needs to be +:::note +For security reasons, the autologin is only valid for 180 days and then needs to be subsequently renewed. +::: #### Reset settings @@ -84,6 +98,6 @@ etc. to the default values. #### Start offline synchronization -If you have made changes to the database and do not want to wait for the next automatic +If you have made changes to the database and don't want to wait for the next automatic synchronization, an offline synchronization can also be started manually. The synchronization runs in the background and is indicated by a status bar in the footer as well as by the icon. More… diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md index 07d7869388..d6e435b9f4 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md @@ -13,11 +13,11 @@ purely informative in character and thus no configurations can be made here. ![installation_with_parameters_120](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_120.webp) -The session view starts in the currently active module in a separate tab. +The session view starts in the active module in a separate tab. #### Locked users -All currently locked users can also be retrieved. There are two scenarios here: +All locked users can also be retrieved. There are two scenarios here: 1. User name correct, password incorrect: The user name is displayed 2. User name incorrect: The client is displayed @@ -31,7 +31,7 @@ case can be seen. Password rules can be defined for both user passwords and also for WebViewer exports that then need to be fulfilled. In the following example, a user password must correspond to the “default password” -rule in order to be valid +rule to be valid ![Standard password rule](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_122-en_677x129.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md index f3eb6de3bb..56b0d3c474 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md @@ -6,18 +6,20 @@ sidebar_position: 80 # Export -## What is an export? +## Export overview An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and automated [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from Netwrix Password Secure in this manner. -**CAUTION:** Please note that extracting passwords is always associated with a weakening of the +:::warning +Extracting passwords is always associated with a weakening of the security concept. The informative value of the logbook will suffer when data is exported because the revision of this data will no longer be logged. This aspect needs to be taken into account particularly in conjunction with the Netwrix Password Secure -[Export wizard](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +[Export wizard](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result isn't separately secured by a password. +::: The export function is accessed via the Main menu/Export. There are two fundamental types of export – the WebViewer export and the export wizard. However, the latter is divided into four @@ -39,7 +41,7 @@ rights ![Export in the ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) -In this example, the marked role IT employee does not have the required permissions to export the +In this example, the marked role IT employee doesn't have the required permissions to export the record. In contrast, the IT manager does have the required permissions. In addition, the administrator possesses all rights, including the right to export. @@ -51,6 +53,8 @@ User right - Can export -NOTE: If a record is exported, this user right and also the corresponding permissions for the record +:::note +If a record is exported, this user right and also the corresponding permissions for the record must be set. The user right defines whether a user can generally export data, while the permissions for the record define which records can be exported. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md index bd0b2731a5..7d32a2c38c 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -6,18 +6,18 @@ sidebar_position: 20 # Export wizard -## What export wizards are there? +## Available export wizards There are a total of four different export wizards. ![installation_with_parameters_74_548x283](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_74_548x283.webp) The functionality of these wizards only differs based on the data to be exported. A distinction is -made between passwords, organisational structures, forms and applications. **As all four wizards are +made between passwords, organisational structures, forms, and applications. **As all four wizards are handled in the same way, the following section will only describe the password export wizard.** The remaining three wizards function in the same way. -## What is the password export wizard? +## Password export wizard overview This wizard allows records to be exported in standard.csv format. In contrast to the [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is @@ -38,7 +38,7 @@ The export wizard can be accessed in a variety of different ways: The password export wizard can be started via the ribbon in two ways. **Selected passwords** exports only those passwords marked in list view, whereby **Passwords based on the filter** uses the -currently defined filter settings as the criteria. + defined filter settings as the criteria. The wizard @@ -47,12 +47,14 @@ corresponding preview is also provided. ![installation_with_parameters_76](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_76.webp) -Once the wizard has been completed, the desired export is created and saved to the defined storage +After the wizard has been completed, the desired export is created and saved to the defined storage location. -**CAUTION:** It is important to once again point out the sensitive nature of this export function +:::warning +Once again point out the sensitive nature of this export function that could have critical consequences from a security perspective. As the required permissions for this export are generally only granted to users/roles with higher positions in the hierarchy, this -subject is even more relevant from a security perspective: It is possible to export all passwords +subject is even more relevant from a security perspective: you can export all passwords for which a user has the required permissions. Administrators could thus (intentionally or unintentionally) cause more damage per se. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index 1b647773b8..b3a137fd4e 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -6,7 +6,7 @@ sidebar_position: 10 # HTML WebViewer export -## What is a HTML WebViewer export? +## HTML WebViewer export overview The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the @@ -16,7 +16,7 @@ has the corresponding permissions are exported. They are displayed in a current ## Data security -- Naturally, the HTML WebViewer file is **encrypted** +- The HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords @@ -97,7 +97,9 @@ stick, external HDD, …). The **HTML file** can be opened in a standard browser **Netwrix Password Secure – HTML WebViewer / Login** when started. The **database** and the **user name** are predefined. The user \*password is used for the login. -**CAUTION:** The login mask is blocked for a period of time if the password is incorrectly entered! +:::warning +The login mask is blocked for a period of time if the password is incorrectly entered. +::: 1. Database: Predefined 2. User: Predefined @@ -110,7 +112,9 @@ name** are predefined. The user \*password is used for the login. After logging in to Netwrix Password Secure, the overview page for the \*HTML- WebViewer \* with the passwords is displayed. -NOTE: Use the password search function in the event of more than 20 passwords! +:::note +Use the password search function when there are more than 20 passwords. +::: 1. Displayoftherecords(max.20) 2. Detailedinformationontheselectedrecord @@ -122,10 +126,12 @@ NOTE: Use the password search function in the event of more than 20 passwords! #### Closing the HTML WebViewer overview -You can log out by clicking on **Logout**. In the event of a longer period of inactivity, the user +You can log out by clicking on **Logout**. After a longer period of inactivity, the user will be **automatically logged out after a set period of time has expired (time until logout).** -NOTE: You have been logged out due to inactivity. +:::note +You have been logged out due to inactivity. +::: The browser will then show the **Netwrix Password Secure– HTML WebViewer / Login** again and also -the reason for being logged out. It is possible to log in again. +the reason for being logged out. you can log in again. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md index 8a61adb4c0..73d9501487 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Extras -## What are Extras? +## Extras overview -Netwrix Password Secure provides a diverse range of supporting features that do not directly provide +Netwrix Password Secure provides a diverse range of supporting features that don't directly provide added value but mostly build on existing approaches and expand their functionalities. They are work-saving features that in total simplify the process of working with Netwrix Password Secure. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md index b177af37e5..b4cd7dc019 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Image management -## What is image management? +## Image management overview All logos and icons are managed in the image management. They can then be linked to the corresponding data records. The images are then displayed in the Basic view as well as in the list @@ -21,8 +21,10 @@ The following options are required: - Can upload new password images - Can manage password images -NOTE: It is important that the setting “Ask for Favicon-Download “ is only considered, if the right -“Can upload new password images “ has been activated! +:::note +It is important that the setting “Ask for Favicon-Download “ is only considered, if the right +“Can upload new password images “ has been activated. +::: #### Managing Icons/Logos @@ -30,7 +32,7 @@ There are two ways to upload icons. 1. By creating or saving the dataset. -In order to import favicons directly when saving the data set, the following preconditions must be +To import favicons directly when saving the data set, the following preconditions must be met: - Setting “Ask Favicon-Download “ is activated. @@ -40,7 +42,9 @@ If these preconditions are met, the stored URL is checked for the favicon when s record. If a favicon is found, it will be imported into the database and displayed in the data record in future. -NOTE: If there are several deposited, always use the first one. +:::note +If there are several deposited, always use the first one. +::: 2. Manual filing @@ -49,7 +53,7 @@ possibility to store icons and logos manually. ![Image management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) -Click on the + symbol to open the mask for creating images. +Click the + symbol to open the mask for creating images. ![add image](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_108-en.webp) @@ -62,9 +66,11 @@ Click on the + symbol to open the mask for creating images. - **Applications**: URL stored in the application -> attached tags -> application name - ![icon_open_folder](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/icon_open_folder.webp) - This symbol can be used to upload locally saved icons and logos. + Use this symbol to upload locally saved icons and logos. -NOTE: Please note that the icons and logos are not stored locally, but in the database. +:::note +The icons and logos aren't stored locally, but in the database. +::: ## Conditions diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md index a3ad8828e5..8f909b62c0 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Password generator -## What is the password generator? +## Password generator overview -The complexity of passwords is generally determined by their randomness. In order to be able to rely +The complexity of passwords is generally determined by their randomness. To be able to rely 100% on the fact that the passwords are randomly generated, an algorithm for generating passwords is indispensable. The password generator performs this function and is completely integrated into the software. @@ -24,7 +24,7 @@ The password generator can be opened in different ways: ![Password generator](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_83-en.webp) -- **When creating new records:** Once the password field has been selected in the reading pane, the +- **When creating new records:** After the password field has been selected in the reading pane, the password generator can then be directly opened in the “Form field” tab via the ribbon. Passwords generated here can be directly entered into the password field for the new record using the “Adopt” button. Alternatively: The password generator can also be accessed on the right in the @@ -33,7 +33,7 @@ The password generator can be opened in different ways: ## Functionality The Character section is used to define the character groups that should form part of the password. -This section can also be used to exclude (special) characters. Once the password length has been +This section can also be used to exclude (special) characters. After the password length has been defined, a preview of a password that corresponds to the configured criteria is displayed on the bottom edge of the password generator. The “shuffle function” can be activated via the icon on the right next to the password preview. This will generate a new password in accordance with the defined @@ -42,7 +42,7 @@ criteria. #### Phonetic passwords This type of password can be recognised by the fact that it is relatively easy to remember (they are -“readable”) but do not have any association to terms found in dictionaries. Only the number of +“readable”) but don't have any association to terms found in dictionaries. Only the number of syllables and the total length are defined in this case. Options that can be set are how the syllables are @@ -52,7 +52,7 @@ separated and whether to use LeetSpeak. Password rule -Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the +Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) supports the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md index a13e0f3ff4..6a697ddc44 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password rules -## What are password rules? +## Password rules overview It is generally recommended that passwords should consist of at least 12 different characters, be complex and be automatically created. Rules set guidelines that can be made binding for users – @@ -26,7 +26,7 @@ User right ## Managing password rules If “Password rules” is selected under Main menu/Extras, the available password rules will appear in -a separate tab in the currently active module. +a separate tab in the active module. ![installation_with_parameters_98](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) @@ -39,14 +39,14 @@ configuration for this rule: to contain according to this rule. The required Password quality is an internal measure of security, which is calculated for this rule. This value always lies between 1 (very unsecure) and 100 (maximum security). -- **Categories:** A password can consist of a total of four categories. It is possible to define +- **Categories:** A password can consist of a total of four categories. you can define which of these categories to use and also how many of them to use. - **Forbidden characters**: It is also possible to exclude some special characters. These characters need to be entered in the list without separators. - **Forbidden passwords:** Some passwords and the user name can also be added to the list of forbidden passwords - **Preview rules:** When new rules are created, an example password is generated that conforms to - the configured rules. This is only the case for passwords with a minimum length of 3 characters! + the configured rules. This is only the case for passwords with a minimum length of 3 characters. ## Using password rules @@ -57,7 +57,7 @@ Once password rules have been defined, they can be productively used in two diff When a password field is defined in a form, one of the defined password rules can be set as the default. This means that the default will always be used when a new password is created. In this -way, it is possible to ensure that the required level of complexity is maintained for certain +way, you can ensure that the required level of complexity is maintained for certain passwords. ![installation_with_parameters_99](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_99.webp) @@ -70,13 +70,15 @@ field is used for this purpose. ## Defining standard rules for user passwords -If Master Key mode is not being used, users can change their passwords in Netwrix Password Secure. +If Master Key mode isn't being used, users can change their passwords in Netwrix Password Secure. The administrator can define the password strength required for these passwords by using standard password rules. ## Visibility -The password rules themselves are not subject to any permissions. All defined rules are therefore +The password rules themselves aren't subject to any permissions. All defined rules are therefore available to all users. The rules are managed from the Main menu. -NOTE: Users can only manage the rules if they have the appropriate user right +:::note +Users can only manage the rules if they have the appropriate user right +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md index 11695c9f73..fa3f349973 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Reports -## What are reports? +## Reports overview Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix Password Secure. Similar to selectively configurable @@ -19,7 +19,9 @@ the creation of a report. This process can also be automated via ![reports](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) -NOTE: Reports only ever contain information for which the user has the required permissions. +:::note +Reports only ever contain information for which the user has the required permissions. +::: A separate tab for managing existing reports and creating new reports can be opened in the current module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the @@ -29,7 +31,7 @@ contents are always the same. The filter on the left has no relevance in relation to reports. Although reports can also be “tagged” in theory, filtering has no effect on the reports. In -[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), there are currently three +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), there are three configured report requests shown. #### Creating a report request @@ -37,21 +39,21 @@ configured report requests shown. New report requests can be created in list view via the ribbon or also the context menu that is accessed using the right mouse button. The form for creating a new report request again opens in a separate tab. Alongside a diverse range of variables, the report type can be defined using a -drop-down list. There are currently dozens of report types available. +dropdown list. There are dozens of report types available. ![installation_with_parameters_80](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) -The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a -selection of tags. Once saved, the report will now be shown in the list of report requests. +The filter lets you define the scope of the report e.g. to focus on a certain OU or a +selection of tags. Once saved, the report is now shown in the list of report requests. ###### Manually create reports -You can now create a manual report via the ribbon. This will open in a separate tab and can be +You can now create a manual report via the ribbon. This opens in a separate tab and can be displayed in the default web browser if desired. ![installation_with_parameters_81](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_81.webp) Automated sending of reports via system tasks -In general, reports are not manually created but are automatically sent to defined recipients. This +In general, reports aren't manually created but are automatically sent to defined recipients. This is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md index dc3111ef56..8f1d146633 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Seal templates -## What are the seal templates? +## Seal templates overview The configuration of [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be @@ -18,14 +18,18 @@ and very fast. ![Seal templates](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_101-en.webp) -NOTE: A separate tab opens in the active module in order to edit the default templates +:::note +A separate tab opens in the active module to edit the default templates +::: ## Creating templates -**CAUTION:** The right Can manage seal templates is required +:::warning +The right Can manage seal templates is required +::: When creating seals, the seal can be saved as a template using the wizard. All templates saved in -this way are listed in the overview of the seal templates. Furthermore, it is possible to edit +this way are listed in the overview of the seal templates. Furthermore, you can edit existing templates directly or create new ones via the button in the ribbon. This is done in the same way as the seal assistant. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index f22c746b22..55d7e0806d 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -6,11 +6,11 @@ sidebar_position: 10 # EmergencyWebViewer -## What is an Emergency WebViewer export? +## Emergency WebViewer export overview -Safeguarding data is essential and this should be carried out using +Safeguarding data is essential and this should be performed using [Backup management](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due +However, a backup isn't sufficient in some cases e.g. if a backup can't be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -21,26 +21,30 @@ the core system of the backup mechanism. ## Creation of the file and key The **Emergency WebViewer Export** is created in Netwrix Password Secure as a -**[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +**[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task lets you guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The associated key is only created once at the beginning and needs to be saved. The current version of the **HTML file** can only be decrypted using this **key**. -**CAUTION:** The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto -a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! +:::warning +The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto +a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location. +::: ## Data security -• Naturally, the HTML WebViewer file is encrypted +• the HTML WebViewer file is encrypted • The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) • The file can only be encrypted using the **PrivateKey.prvkey** file -**CAUTION:** The export right for the passwords is not required for the Emergency WebViewer Export! +:::warning +The export right for the passwords isn't required for the Emergency WebViewer Export. +::: ## Required rights @@ -55,9 +59,9 @@ The **Emergency WebViewer Export** creates two associated files. 1. The file **Emergency WebViewer.html** is created on the computer executing the task 2. The associated key **PrivateKey.prvkey** is created on the client. -## Calling up the Emergency WebViewer Export +## Opening the Emergency WebViewer Export -The Emergency WebViewer Export is set up as a **system task**. It can be called up in the main menu +The Emergency WebViewer Export is set up as a **system task**. It can be opened in the main menu under **Extras -> System Tasks**. ![installation_with_parameters_90_831x487](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_90_831x487.webp) @@ -69,7 +73,7 @@ Clicking on New opens a new window and the **Emergency WebViewer Export** can be ![installation_with_parameters_91_578x390](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_91_578x390.webp) -It is not possible to use the **Emergency WebViewer Export** with an **Active Directory user.** +It isn't possible to use the **Emergency WebViewer Export** with an **Active Directory user.** ![installation_with_parameters_92_467x103](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_92_467x103.webp) @@ -89,12 +93,14 @@ in accordance with the requirements. 5. **Executing server (optional)** Address (IP) of the additional server 6. **Tags** Freely definable characteristics of records -**CAUTION:** The private key for the Emergency WebViewer must be saved before the system task can be -saved! +:::warning +The private key for the Emergency WebViewer must be saved before the system task can be +saved. +::: ## Displaying the Emergency WebViewer Export tasks -Once the configuration has been completed, the **system task** is displayed in the current module in +After the configuration has been completed, the **system task** is displayed in the current module in the **System Tasks** tab. The user has the option of checking the data here @@ -103,15 +109,19 @@ the ## Using the Emergency WebViewer.html file -After the **system task** has been successfully executed, **two files** will have been created for +After the **system task** has been successfully executed, **two files** are created for the password backup. 1. Emergency WebViewer.html 2. PrivateKey.prvkey -**CAUTION:** The file Emergency WebViewer.html is saved on the server executing the task. The +:::warning +The file Emergency WebViewer.html is saved on the server executing the task. The +::: -**CAUTION:** key PrivateKey.prvkey needs to be securely saved by the user!\* +:::warning +Key PrivateKey.prvkey needs to be securely saved by the user.\* +::: The **Emergency WebViewer Export** is used in the same way as the **WebViewer export**. The **passwords** are displayed in a current browser. The passwords are accessed in the **Emergency @@ -119,8 +129,10 @@ WebViewer Export** with the **user password** and the **key** saved for the user function is used to select the **key (PrivateKey.prvkey)** and also to check its **validity**. If all data has been correctly entered, it is then possible to log in. -NOTE: The current user needs to log in using their password. If an incorrect password is entered, +:::note +The current user needs to log in using their password. If an incorrect password is entered, access is temporarily blocked. +::: Login data @@ -145,7 +157,7 @@ The following data is displayed in the overview: Overview data: -1. Display of the currently available records +1. Display of the available records 2. Detailed information on the selected record 3. Search, logout, timeout until logout 4. Copy password to clipboard @@ -159,7 +171,9 @@ closed by clicking on **Logout**. If the user is **inactive** for **60 seconds**, he is automatically **logged out** and the **login** is displayed with additional information. -NOTE: You have been logged out due to inactivity +:::note +You have been logged out due to inactivity +::: -The user can log in again using the **password** and **key** as described above. After successfully +The user can log in again using the **password** and **key** as described in the login section. After successfully logging in, the **Emergency WebViewer Export overview** is displayed again. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md index 7433e80cc0..e206fad320 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -6,10 +6,10 @@ sidebar_position: 40 # System tasks -## What are system tasks? +## System tasks overview Netwrix Password Secure supports administrators and users by automating repetitive tasks. These are -represented as system tasks. Predefined tasks can thus be carried out at freely defined intervals. +represented as system tasks. Predefined tasks can thus be performed at freely defined intervals. ![System Tasks](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_85-en.webp) @@ -25,9 +25,9 @@ User right - Can manage Emergency WebViewer export system tasks - Can manage WebViewer export system tasks -## What can be automated? +## Automation capabilities -There are currently four different work processes that can be automated using system tasks: +There are four different work processes that can be automated using system tasks: - **HTML WebViewer export:** Exports a freely definable selection of records in an AES-256 encrypted HTML file. The file is saved in the form of notifications. @@ -36,28 +36,28 @@ There are currently four different work processes that can be automated using sy - **Network service scan:** Searches for service accounts on the network at defined cycles - **Active Directory synchronization:** The comparison with Active Directory can also be automated via system tasks. This requires an active directory profile to be created in advance. It is - important to note that only the Master Key profile can be automatically compared. + important to only the Master Key profile can be automatically compared. ## Creating system tasks System tasks can be initiated as usual via the ribbon or also the context menu that is accessed using the right mouse button. The desired process to be automated using system tasks is then -selected from the four above-mentioned work processes. +selected from the four listed work processes. ![installation_with_parameters_86](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_86.webp) -Naturally, the four work processes also share some similarities in their configuration. +The four work processes also share some similarities in their configuration. - **Status:** The system task is normally activated and then starts immediately after it has been saved according to the defined intervals. If the system task is deactivated here, it is still - saved but is not yet activated. + saved but isn't yet activated. - **Next run:** This setting describes when the system task will be performed or when it was already performed for the first time (if this task was already created and is now being edited) - **Interval:** The interval at which the system task should be executed is defined here. All increments between every minute and once only are possible. It is also possible to enter an end date. -The differences between the four work processes to be automated are described below. These +The following sections describe the differences between the four work processes. These differences are always part of the task settings within the system task form – the example here shows an HTML WebViewer export to be configured. @@ -86,13 +86,15 @@ Active Directory synchronization Emergency WebViewer export - The Emergency WebViewer export creates an encrypted HTML file that contains all passwords. In an - emergency, the data required to get the system up and running again can be accessed in this file. + emergency, the data required to get the system operational again can be accessed in this file. -NOTE: Tags could be defined for individual tasks – yet they have no relevance and can also not be +:::note +Tags could be defined for individual tasks – yet they have no relevance and can also not be used as filter criteria in the system tasks. +::: Status -A corresponding note will be displayed to indicate if a task is currently being executed. +A corresponding note will be displayed to indicate if a task is being executed. ![installation_with_parameters_88](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_88.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md index 5453fe4a64..4110083a94 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -6,9 +6,9 @@ sidebar_position: 60 # Tag manager -## What is the tag manager? +## Tag manager overview -All existing tags can be viewed, edited and deleted directly in the tag manager. This can be +All existing tags can be viewed, edited, and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the group [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md). @@ -31,4 +31,6 @@ User right - Manage tags -**CAUTION:** It is only possible to delete tags if there are no more data associated with them +:::warning +It is only possible to delete tags if there are no more data associated with them +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md index 51f8c4cfc6..6340750fa2 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # General settings -## What are general settings? +## General settings overview The **general settings** relate to users. Thus, each user can customize the software to their own needs. The following options can be configured: @@ -24,13 +24,13 @@ restarted. Starting the application minimised in the notification area -You can start the client minimized if you wish to run Netwrix Password Secure in the background. You -will be able to access it through the notification area. +You can start the client minimized to run Netwrix Password Secure in the background. You +can then access it through the notification area. Minimise the application on closing -If this option has been activated, the Netwrix Password Secure client will not end when the window -is closed but will merely be minimised. It will continue to run in the background. It is then only +If this option has been activated, the Netwrix Password Secure client does not end when the window +is closed but is merely minimised. It continues to run in the background. It is then only possible to properly end Netwrix Password Secure via the main menu. Starting with Windows diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md index 6af89d4ad8..fc913502f5 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Import -## What is an import? +## Import overview If another password management tool was used before Netwrix Password Secure, these data can be imported into Netwrix Password Secure. The formats .csv and especially Keepass (.xml) are supported. @@ -40,23 +40,25 @@ Settings 1. The settings are used to firstly define the level in the hierarchy for saving the imported structure. As can be seen in the example, the import will take place in the main organisational unit. One of the existing organisational units can also be defined as a parent instance via the - drop-down menu. + dropdown menu. 2. The slider defines whether the imported structures should be imported as an organisational unit or as a tag. If the slider is fully moved to the left, only tags are created. If it s moved to the right, all objects are imported as an organisational structure. In addition, every object can be configured separately via the context menu that is accessed using the right mouse button. It is also possible to ignore folders. -NOTE: No folders exist in Netwrix Password Secure. For this reason, it is necessary to define +:::note +No folders exist in Netwrix Password Secure. For this reason, you must define whether a folder is saved as an organisational structure or as a tag during the import. The same process is also used for the migration. +::: Assignment of the form fields ![installation_with_parameters_61](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_61.webp) The third step is to assign the forms from the file to be imported to already existing forms. As -form fields may also have different names, the assignment process must be carried out manually via +form fields may also have different names, the assignment process must be performed manually via drag & drop. Depending on which form was selected on the top line, form fields from the list on the right can now be assigned to the form fields to be imported via drag & drop. It is also possible to create new forms. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md index 7b0702b5b0..21cec70b5a 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Main menu -## What is the Main menu/Backstage? +## Main menu and Backstage overview -All settings that are not linked to a particular module are defined in the Backstage (main menu). +All settings that aren't linked to a particular module are defined in the Backstage (main menu). This makes it easy to access the settings at any time and in any module. ![Main menu](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md index cf524ad8cc..1df01c0965 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -107,8 +107,10 @@ column. The rights are grouped according to categories to provide a better overv | Can manage Emergency WebViewer export system tasks | | | Can manage WebViewer export system tasks | | -NOTE: There is a version selection box in the user rights. The options that were newly added in the +:::note +There is a version selection box in the user rights. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md index 2561e4a79e..29a8f89408 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -6,11 +6,11 @@ sidebar_position: 50 # User rights -## What are user rights? +## User rights overview In the user rights, access to functionalities is configured. Amongst tother things, this category includes both the visibility of individual [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md), as -well as the use of the import, export or management of rights templates functions. A complete +well as the use of the import, export, or management of rights templates functions. A complete listing is directly visible in the user rights. ## Administration of user rights @@ -20,7 +20,7 @@ thus require a disproportionate amount of care and maintenance. In the same way [Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some -functionalities, on the other hand, should be available to all users. In order to do this, Netwrix +functionalities, on the other hand, should be available to all users. To do this, Netwrix Password Secure offers a three-step concept. ![installation_with_parameters_111](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_111.webp) @@ -38,14 +38,18 @@ one of the following three ways: it in the client settings. How a user receives a user right is irrelevant. The only important thing is that the user actually -receives a required right in one of the three ways mentioned above. It is recommended that you link +receives a required right in one of the three ways listed. Netwrix recommends that you link user rights to roles and, if necessary, supplement them with global user rights. -**CAUTION:** In addition to personal and global user rights (as opposed to settings), user rights -are assigned via roles and not via organisational units! +:::warning +In addition to personal and global user rights (as opposed to settings), user rights +are assigned via roles and not via organisational units. +::: -NOTE: Only those user rights that the current user possesses themselves can be issued. However, all +:::note +Only those user rights that the current user possesses themselves can be issued. However, all rights can be removed. +::: ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -69,7 +73,7 @@ the desired configuration. This process is based as usual on the List Special attention should be given to the right Is database administrator. This right has the following effects: -- The user can also issue rights that he does not possess himself. +- The user can also issue rights that he doesn't possess himself. - The user can only have their rights removed by other database administrators. - The user can unlock other users on the Server Manager. - The user can also remove other users from the rights if they have the owner right. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md index 374f18d86f..cf5f950840 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -160,8 +160,10 @@ The settings are grouped according to categories to provide a better overview | Clear clipboard on minimising | | | Clipboard gallery | | -NOTE: There is a version selection box in the settings. The options that were newly added in the +:::note +There is a version selection box in the settings. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md index 7cb5307c11..1b7a6951d9 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # User settings -## What are user settings? +## User settings overview There are many functions within Netwrix Password Secure that can be adapted to the needs of users. It is also possible to define various parameters for optical representations. This can be inherited @@ -33,8 +33,10 @@ one of the following three ways: 3. Global settings apply to all users of a database without exception. You can configure them in the client settings. -**CAUTION:** In addition to personal and global settings (as opposed to authorizations), settings -are not assigned via roles, but via organisational units! +:::warning +In addition to personal and global settings (as opposed to authorizations), settings +aren't assigned via roles, but via organisational units. +::: ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -53,7 +55,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th ![inherit permissions](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_117-en.webp) -The “Settings” button in the ribbon allows you to see the settings for both organisational units and +The “Settings” button in the ribbon lets you see the settings for both organisational units and users. The many setting options can be restricted by the known [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) mechanisms. @@ -64,12 +66,14 @@ The diagram shows the settings for the user “Jones”. The search has been fil by the organisational unit “IT”. The top two options have no value in the column. This is because this parameter has been defined at user level. -NOTE: The inheritance for individual settings can be deactivated in the ribbon! +:::note +The inheritance for individual settings can be deactivated in the ribbon. +::: ## Security levels Option groups were created in the global settings to ensure that users can control only those -settings for which they hold permissions. Categorising security levels from 1 to 5 allows you to +settings for which they hold permissions. Categorising security levels from 1 to 5 lets you combine similar options and thus make them available to the users. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index 4b2456a7ff..477bdaebfe 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -1,31 +1,35 @@ --- -title: "Dashboard and widgets" -description: "Dashboard and widgets" -sidebar_position: 80 +Title: "Dashboard and widgets" +Description: "Dashboard and widgets" +Sidebar_position: 80 --- # Dashboard and widgets -## What are dashboards and widgets? +## Dashboards and widgets overview In case of large installations, the amount of information provided by Netwrix Password Secure may -seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily -customizable info area, which visually prepares important events or facts +Seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily +Customizable info area, which visually prepares important events or facts ![Dashboard](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_50-en.webp) Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md)s. A -separate dashboard can be set for each individual module. **Widgets** correspond to the individual -modules of the dashboard. There are various widgets, which can be individually defined and can be -configured separately. In the above example, three widgets are enabled and provide information about -current notifications, password quality, and user activity. The **maximum number of possible -widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). - -NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > +Separate dashboard can be set for each individual module. **Widgets** correspond to the individual +Modules of the dashboard. There are various widgets, which can be individually defined and can be +Configured separately. In the previous example, three widgets are enabled and provide information about +Current notifications, password quality, and user activity. The **maximum number of possible +Widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). + +:::note +You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. +::: -NOTE: The display of the dashboard is basically uncritical since the user can only see the data on -which he is also entitled. +:::note +The display of the dashboard is basically uncritical since the user can only see the data on +Which he is also entitled. +::: #### Relevant settings @@ -41,42 +45,42 @@ The following options are available in combination with the dashboard and widget #### Adding and removing widgets If the dashboard tab is enabled, you can enable the dashboard editing mode via the ribbon. Adding -and editing widgets is only possible in this mode. +And editing widgets is only possible in this mode. ![Adding and removing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_51-en.webp) -Use the drop-down menu to select the widget to be added \* (1) . **Then add the widget to the -dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can -be added can be configured in the user settings. In editing mode, any widget can be directly removed -from the dashboard via the button on the upper right edge. The processing mode is ended by saving -via the ribbon. +Use the dropdown menu to select the widget to be added \* (1) . **Then add the widget to the +Dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can +Be added can be configured in the user settings. In editing mode, any widget can be directly removed +From the dashboard via the button on the upper right edge. The processing mode is ended by saving +Via the ribbon. ![Adding widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_52-en.webp) ## Customizing widgets In the editing mode, you can customize each widget separately. To do this, select the widget and -switch to the \* widget content tab \* in the ribbon. +Switch to the \* widget content tab \* in the ribbon. ![Customizing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_53-en.webp) Separate variables can be customized for each widget. This example shows how often users have had -passwords displayed. Naturally, the variables are distinct for each widget since other information -could be relevant. +Passwords displayed. The variables are distinct for each widget since other information +Could be relevant. Widget event You can select the **Widget Event** option in the ribbon. This activates the interaction of the -widgets. In the following example, this feature was enabled for the Activity widget. As a result, -the dashboard not only displays all activities, but also filters them according to the user selected -in the **Team List** widget. It therefore concerns all activities of the user “Moore”. These are -filtered “live” and displayed in real-time. +Widgets. In the following example, this feature was enabled for the Activity widget. As a result, +The dashboard not only displays all activities, but also filters them according to the user selected +In the **Team List** widget. It therefore concerns all activities of the user “Moore”. These are +Filtered “live” and displayed in real-time. ![Widget event](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_54-en.webp) ## Arranging widgets -In the edit mode, the layout of the widgets is user-defined. Drag & drop allows you to place a -widget in the corresponding position on the dashboard (left, right, top, or bottom). +In the edit mode, the layout of the widgets is user-defined. Drag & drop lets you place a +Widget in the corresponding position on the dashboard (left, right, top, or bottom). ![Arranging widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_55-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index e695bd900d..916b337501 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -39,18 +39,18 @@ for this example. ## Filter tab in the ribbon The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). Here, it is -possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear -all currently applied filters. +possible e.g. to expand the configured filter criteria, save the filter, or clear +all applied filters. ![installation_with_parameters_20](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_20.webp) #### Saving, editing, and deleting filters -In many cases, it is recommended to store defined filters. In this way, it is possible to make +In many cases, it is recommended to store defined filters. In this way, you can make efficient use of filter results from previous searches. The button **“Save filter”** directly prompts you to assign a meaningful name to this filter. The filter is saved according to the -criteria currently configured in the filter. This filter is now listed in the selection menu and can -now be selected. Note that a selected filter selection is immediately applied to the filter but is +criteria configured in the filter. This filter is now listed in the selection menu and can +now be selected. A selected filter selection is immediately applied to the filter but is not automatically executed. The filter must be used for this purpose. Both the button in the ribbon, so also the counterpart in the filter, lead to the same result here. @@ -58,7 +58,7 @@ so also the counterpart in the filter, lead to the same result here. Deleting and overwriting existing filters is identical in the procedure. The filter, which has been marked in the selection field, is always deleted. If an existing filter is to be overwritten, the -name of the filter is retained and is overwritten with the filter criteria currently configured in +name of the filter is retained and is overwritten with the filter criteria configured in the filter. ————————— @@ -83,7 +83,7 @@ following example, a content filter was added and all other filter groups remove ![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced-filter-settings-3-en_923x441.webp) -In this example, only the content filter is used – in two instances! \* The “And” link will now +In this example, only the content filter is used – in two instances. \* The “And” link will now display all records that contain both the word “password” and the phrase “important”. \* #### Negation of filters @@ -105,7 +105,9 @@ is still unmanageable despite the fact that filters has been appropriately defin Negations are defined directly in the checkbox of an element within a filter group. Without negations, you can only search e.g. for a tag. Negations make the following queries possible: -”Deliver all records that have the tag “Development” but are not tagged with “Important”! +”Deliver all records that have the tag “Development” but aren't tagged with “Important”. -**CAUTION:** In order to effectively use negations, it is important that “and links” are always -enabled. Otherwise operations with negations cannot be modelled mathematically. +:::warning +To effectively use negations, it is important that “and links” are always +enabled. Otherwise operations with negations can't be modelled mathematically. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md index c59065536f..5458fdfd5b 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -6,16 +6,18 @@ sidebar_position: 10 # Display mode -## What display modes exist? +## Available display modes -In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure -view. This alternative view enables you to filter solely on the basis of the organisational -structure. Although this type of filtering is also possible in standard filter view, you are able to +In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), you can switch to structure +view. This alternative view lets you filter solely on the basis of the organisational +structure. Although this type of filtering is also possible in standard filter view, you can directly see the complete organisational structure in structure view. -NOTE: As there are no longer any folders in Netwrix Password Secure version 9, the structure view -can not mirror all of the functionalities of the folder view in version 7. However, the structure +:::note +As there are no longer any folders in Netwrix Password Secure version 9, the structure view +can't mirror all of the functionalities of the folder view in version 7. However, the structure view has been modelled on the folder view to make the changeover from the previous version easier. +::: ![installation_with_parameters_15](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_15.webp) @@ -29,9 +31,9 @@ associated with the display mode: ![installation_with_parameters_16](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) -- **Display mode:** It is possible to define whether the standard filter, structure filter or both +- **Display mode:** you can define whether the standard filter, structure filter or both are displayed. If the last option is selected, you can switch between both views. -- **Jump to filter on quick search:** If you are using structure view, it is possible to define +- **Jump to filter on quick search:** If you are using structure view, you can define whether the system should automatically jump to the standard filter if you click the quick search (top right in the client) - **Display mode status when starting the program:** This setting defines which display mode is diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md index 0020bfd37e..22fccbd465 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Filter -## What is a filter? +## Filter overview The freely configurable filters of the PSR client provide all methods for easy retrieval of stored -data. The filter criteria are always adapted according to the module in which you are currently -located. When you select one or several search criteria, and click on “Apply filter”, the results +data. The filter criteria are always adapted according to the module in which you are +located. When you select one or several search criteria, and click “Apply filter”, the results will be displayed in the list view. If necessary, this process can be repeated as desired and further restrictions can be added. @@ -24,7 +24,7 @@ The following option is required for editing filters: ![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_10-en.webp) -## Who is allowed to use the filter? +## Filter access permissions The filter is an indispensable working tool because of the possibility to restrict existing results according to individual requirements. Consequently, all users can use the filter. It is, of course, @@ -34,10 +34,12 @@ individual employees can be restricted by means of For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) password if he has the read permission for that form. -**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). This means that any employee can +:::warning +There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the frequency of use. This process is -not critical to security, since tags do not grant any permissions. They are merely a supportive +not critical to security, since tags don't grant any permissions. They are merely a supportive measure for filtering. +::: ## Application example @@ -50,7 +52,7 @@ authorization. ![editing criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_11-en.webp) -As you can see, 133 records are not really manageable. In most situations you will need to reduce +As you can see, 133 records aren't really manageable. In most situations you will need to reduce the number of records by adding filters. **Adding filter criteria** @@ -59,8 +61,8 @@ The filter **organization** can be applied directly to the authorizations to res records according to the authorizations granted. In this case, the logged-on user holds rights for various areas. However, it would like to see only those records which are assigned to the **Own passwords** area within the organisational structure. In addition, there should be further -restrictions, which could be formulated as in the following sentence: “Deliver all records from my -own passwords that were created with the form **password** and which contain the expression **2016** +restrictions, which could be formulated as in the following sentence: “Deliver all records from the +Own passwords area that were created with the form **password** and which contain the expression **2016** and the tag **Administrator**. ![Adding filter criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_12-en.webp) @@ -68,9 +70,11 @@ and the tag **Administrator**. As can be seen, the filter delivers the desired results. The extent to which the filter criteria match the three remaining data sets is assigned in colour. -**CAUTION:** When filtering with several criteria, such as forms, content and tags, all filter +:::warning +When filtering with several criteria, such as forms, content, and tags, all filter criteria must be complied with. It is therefore a logical “AND operation”. Other possible methods for linking criteria are described in detail in the Advanced Filter Settings. +::: **Content filter** @@ -91,8 +95,10 @@ It is very easy to abstract, because of the present example, that the filter can personal requirements. It is thus the most important tool to be able to retrieve data once stored in the database. -**CAUTION:** The effectiveness of the filter is closely linked to data integrity. Only when data is +:::warning +The effectiveness of the filter is closely linked to data integrity. Only when data is kept clean, efficient operation with the filter is ensured. It is important that employees are trained in the correct handling of the filter tool as well as when creating the records. Workshops -show the best success rate in this context. If you require further information, contact us under +show the best success rate in this context. If you require further information, contact Netwrix under mail to: sales@passwordsafe.de. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md index 341779a1f7..f38392f845 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md @@ -6,16 +6,16 @@ sidebar_position: 30 # List view -## What is the list view? +## List view overview The list view is located centrally in the Netwrix Password Secure client, and is a key element of -daily work. There are also list views in Windows operating systems. If you click on a folder in +daily work. There are also list views in Windows operating systems. If you click a folder in Windows Explorer, the contents of the folder are displayed in a list view. The same is true in Netwrix Password Secure version 9. -However, instead of folders, the content of the list view is defined by the currently applied +However, instead of folders, the content of the list view is defined by the applied filter. \* This always means that the list view is the result of a filtered filter \*. For the -currently marked record in list view, all existing form fields are output to the reading pane. With + marked record in list view, all existing form fields are output to the reading pane. With the two tabs “All” and “Favourites, the filter results can be further restricted. ![List view](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) @@ -23,10 +23,12 @@ the two tabs “All” and “Favourites, the filter results can be further rest At the bottom of the list view, the number of loaded records and the time required for this are shown. -NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is +:::note +For more than 100 list elements, only the first 100 records are displayed by default. This is to prevent excessive database queries where the results are unmanageable. In this case, it makes sense to further refine the filter criteria. By pressing the “All” button in the header of the list view, you can still manually switch to the complete list. +::: ## Searching in list view @@ -47,12 +49,12 @@ the detailed list view, similar to the procedure in Microsoft Outlook. All form ## Favourites -Regularly used records can be marked as favourites. This process is carried out directly in the +Regularly used records can be marked as favourites. This process is performed directly in the [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. ![Favourite](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) -You can filter for favourites directly in the list view. For this purpose, simply switch to the +You can filter for favourites directly in the list view. For this purpose, switch to the “Favourites” tab ![installation_with_parameters_30](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) @@ -65,15 +67,17 @@ more precise details. ![installation_with_parameters_31](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) -NOTE: The information visible underneath the password name is taken from the info field for the +:::note +The information visible underneath the password name is taken from the info field for the associated form and will be explained separately +::: ## Workingwith records All records that correspond to the filter criteria are now displayed in list view. These can now be opened, edited, or deleted via the ribbon. Many functions are also available directly from the context menu. You can do this by right-clicking the record. Multiple selection is also possible. To -do this, simply highlight the desired objects by holding down the Ctrl key. +do this, highlight the desired objects by holding down the Ctrl key. ![installation_with_parameters_32](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) @@ -85,7 +89,8 @@ separate tab, the list view is completely hidden ![editing dataset](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) -NOTE: Working with data records depends of course on the type of the data record. Whether passwords, -documents or organisational structures: The handling is partly very different. For more information, -please refer to the respective sections on the individual +:::note +Working with data records depends of course on the type of the data record. Whether passwords, +documents, or organisational structures: The handling is partly very different. See the respective sections in the [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md) +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md index 507921edcd..ce48ce9cd1 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -34,7 +34,7 @@ operating concept ensures efficient work and a minimum of training time. ## TABs Tabs offer yet another option within the to present related information in a separate area. This tab -navigation enables you to display, quickly access and switch between relevant information. The +navigation lets you display, quickly access and switch between relevant information. The results for a filter with specific criteria can thus be retained without the original result being overwritten @@ -46,7 +46,7 @@ to your individual requirements. #### Standard tab -Depending on the active module, the All passwords tab will be renamed to the corresponding module by +Depending on the active module, the All passwords tab is renamed to the corresponding module by default. (All documents, all forms, etc.) ![Standard tab](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/standard-tab-en.webp) @@ -78,7 +78,7 @@ information. ## Orientation -It is possible to change the alignment of the following objects: +You can change the alignment of the following objects: - [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - [Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md index ea4814196c..e6e07a8d89 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md @@ -6,11 +6,11 @@ sidebar_position: 70 # Print -#### What can the print function do? +#### Print function capabilities It is often necessary to print out data stored in Netwrix Password Secure for documentation purposes. The Print function is available in numerous areas of Netwrix Password Secure for this -purpose. It is possible to print out records such as e.g. passwords or also information about +purpose. you can print out records such as e.g. passwords or also information about organisational units and much more. #### Relevantrights @@ -37,20 +37,22 @@ The print function is available in the following modules: #### Using the print function -The print function can be called up via the ribbon. +The print function can be opened via the ribbon. ![installation_with_parameters_44](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_44.webp) -Firstly, it is necessary to select whether you want to print a table or a detailed view. The amount +Firstly, you must select whether you want to print a table or a detailed view. The amount of data can also be defined. The individual menu items are described in detail further down in this section. After making your selection, the data is firstly prepared for printing. Depending on the amount of data, this may take a few minutes. The print preview is then opened. ![print password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_45-en.webp) -NOTE: The print preview accesses the functions of the printer driver. Depending on the printer or +:::note +The print preview accesses the functions of the printer driver. Depending on the printer or driver being used, the appearance and functions offered by the print preview may vary. The individual functions will thus not be described in detail here. +::: The printing process is ultimately started via the **print preview**. It is also possible to save the view or adjust the layout before printing. @@ -63,7 +65,7 @@ passwords. ###### Table view (current selection) -All **selected** records will be printed out. In the following example, **Adobe** and **Anibis.ch** +All **selected** records are printed out. In the following example, **Adobe** and **Anibis.ch** are thus printed out. ![selected data](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_46-en.webp) @@ -74,23 +76,25 @@ The data is printed here in table form. #### Tableview (current filter) -All currently **filtered** records will be printed out here. In this example, all seven records are +All **filtered** records are printed out here. In this example, all seven records are thus printed out. ![filtered password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_48-en.webp) -They are printed out – as described above – in table form. +They are printed out in table form. #### Detailed view (current selection) -This option also prints out the currently selected records. However, a detailed view is printed out +This option also prints out the selected records. However, a detailed view is printed out in this case. ![print filtered passwords](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_49-en.webp) #### Detailed view (current filter) -This function can be used to print out all filtered records in detailed view as described above. +Use this function to print out all filtered records in detailed view. -NOTE: It should be noted that the amount of data generated via this function can quickly become very +:::note +The amount of data generated via this function can quickly become very large. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md index d9c546f3f2..ee28e23fc8 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Reading pane -## What is the reading pane? +## Reading pane overview The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you @@ -32,18 +32,20 @@ well as the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) are displayed. -**CAUTION:** It should be noted that the details area cannot be used for editing records! Although +:::warning +The details area can't be used for editing records. Although it displays all of the data, editing is only possible if the record has been opened. +::: 2. Footer area -In the footer area of the reading pane, it is possible to display various information for the -currently selected record. The button can be activated via the button provided. It is hidden by +In the footer area of the reading pane, you can display various information for the + selected record. The button can be activated via the button provided. It is hidden by default. ![Footer area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_36-en.webp) -The logbook, linked documents, history, notifications and password resets can be accessed separately +The logbook, linked documents, history, notifications, and password resets can be accessed separately here via the tabs. The individual elements can be viewed with a double-click, as well as by using the quick view (space bar). Double clicking always opens a separate tab, the quick view merely opens a modal window diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md index 9eae4ce17f..dfcb5664ac 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Ribbon -## What is the ribbon? +## Ribbon overview The ribbon is the central control element of Netwrix Password Secure version 9. It is available in all modules. Netwrix Password Secure is almost always operated via the ribbon in the header area of @@ -14,14 +14,14 @@ the PSR client. ![Ribbon](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_5-en.webp) -The features available within the ribbon are dynamic, and are based on the currently available +The features available within the ribbon are dynamic, and are based on the available actions. Various actions can be performed, depending on which object is selected. The module selected also affects the features that are available in the ribbon. Of course, the most important actions can also be controlled via the context menu (right mouse button). ![Ribbon - Item](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon-1-en.webp) -This mainly affects the very often used features such as opening, deleting or assigning tags. +This mainly affects the very often used features such as opening, deleting, or assigning tags. However, a complete listing of the possible actions is always only possible directly in the ribbon. This ensures that the context menu can be kept lean. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md index 1e5e47d033..26fb4a11f3 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md @@ -6,27 +6,29 @@ sidebar_position: 60 # Search -## What is search? +## Search overview -With the help of the search, it is possible to find data stored in the database efficiently +With the help of the search, you can find data stored in the database efficiently according to selected criteria. Basically, there are 2 search modes: 1. Quick search In the upper right section of the ribbon, there is a search field, which scans the module that is -currently open. This is a full-text search that scans all fields and tags except the password field. + open. This is a full-text search that scans all fields and tags except the password field. ![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) The fast search is closely linked to the [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also separate search terms using -spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, +spaces, for example, **Cook Daniel**. This search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. The sequence is irrelevant. If the ordering needs to be taken into account, the search term must be -enclosed in quotation marks: **“Cook Daniel”**. The search is not case sensitive. No distinction is +enclosed in quotation marks: **“Cook Daniel”**. The search isn't case sensitive. No distinction is made between upper and lower case. -NOTE: You can access quick search directly via \* Ctrl + Q\*! +:::note +You can access quick search directly via \* Ctrl + Q\*. +::: Negations in the quick search @@ -40,7 +42,7 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis With the list search in the header of the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every list. Scans only -the currently filtered results. Password fields are not searched. The search is live, so the result +the filtered results. Password fields aren't searched. The search is live, so the result is further refined with every additional character that is entered. Automatic “highlighting” takes place in yellow colour. @@ -49,4 +51,6 @@ place in yellow colour. A direct database query is performed when the filter is executed. The list search only searches within the query already made. -NOTE: The list search is hidden by default and can be activated with “Ctrl + F” +:::note +The list search is hidden by default and can be activated with “Ctrl + F” +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md index e5f9aa2813..b13a3c14ae 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md @@ -6,15 +6,17 @@ sidebar_position: 50 # Tags -## What are tags? +## Tags overview -The tag system is ubiquitous in Netwrix Password Secure. It can be used to classify and describe +The tag system is ubiquitous in Netwrix Password Secure. It lets you classify and describe almost every object. An object can have several such tags. These are always displayed in the header area of the data record. Optionally, tags can be provided with colours or a description. They determine the aesthetics of Netwrix Password Secure, and are optically a great help, in order not to loose the overview even in case of large amounts of data. -NOTE: Tags have no permissions. Any user can use any tag! +:::note +Tags have no permissions. Any user can use any tag. +::: ## Relevant rights diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md index 094f7faf90..c88206e003 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -15,7 +15,7 @@ Netwrix Password Secure generally differentiates between multiple methods for se 3. Using predefined rights - In the manual setting of permissions, the desired permissions are directly configured for each - record. Automatic processes and inheritance are **not** used in this case. + record. This approach doesn't use automatic processes or inheritance. - Both the use of predefined rights and also the inheritance from organisational structures are based on the **automated reuse** of already granted permissions according to previously defined rules. @@ -25,6 +25,8 @@ permissions?** ![manual vs automated settings](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated-setting-of-permissions-1-en.webp) -NOTE: Inheritance from organisational structures is defined by default in the system. This can be +:::note +Inheritance from organisational structures is defined by default in the system. This can be configured in the settings. The relevant setting is “Inherit permissions for new objects (without permission template)”. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 7d79a74def..bbb23d18d7 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -25,8 +25,10 @@ organisational unit. Whether this form of inheritance should be applied is defined via the settings in the ribbon. It can be configured in more detail using two settings. -**CAUTION:** If a predefined rights exists, this will always overwrite inherited permissions from +:::warning +If a predefined rights exists, this will always overwrite inherited permissions from organisational structures +::: Inherit permissions for new objects (without rights template) This setting is relevant for newly created records. @@ -35,7 +37,7 @@ created records. The following values can be configured: -Off: Permissions from OUs are not inherited organisational unit: When creating new objects, +Off: Permissions from OUs aren't inherited organisational unit: When creating new objects, permissions are set in accordance with the defined rights for the target organisational unit. This setting is active by default. organisational unit and user: As well as inheriting permissions for organization units, the configured permissions for the user are now also inherited when creating @@ -56,15 +58,15 @@ Increase or reduce permissions: The permissions for the passwords are retained a increased or reduced by the change. Overwrite permissions: The permissions for the passwords are completely overwritten. This means that all permissions for a password are firstly removed and then the new permissions for the organisational unit are inherited. Cancel inheritance: The permissions -are not inherited but are only changed in the organisational unit. \*The permissions are only -inherited by existing passwords within the organisational unit. Therefore, the permissions are not +aren't inherited but are only changed in the organisational unit. \*The permissions are only +inherited by existing passwords within the organisational unit. Therefore, the permissions aren't inherited downwards throughout the entire structure. Example case This example shows the creation of a new record in the organisational structure “marketing”. It is defined in the settings for the stated organisational structure that permissions should be inherited by new objects in accordance with the organisational structure. -The permissions for the organisational unit “marketing” are shown below: +The permissions for the organisational unit “marketing” are shown in the following screenshot: ![example of permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-4-en.webp) @@ -79,7 +81,7 @@ record just created are now shown. ## Conclusion -The permissions for the “storage location” are simply used when creating new objects. Two conditions +The permissions for the “storage location” are used when creating new objects. Two conditions apply here: The value “organisational unit” must be selected in the settings for the inheritance of permissions diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index b08296717b..160c9ce88f 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -6,14 +6,13 @@ sidebar_position: 10 # Manual setting of permissions -## What is the manual setting of permissions for records? +## Manual setting of permissions for records In contrast to the [Automated setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the -manual approach does not utilize any automatic processes. This method of setting permissions is thus -carried out separately for every record – this process is not as recommended for newly created data. -If you want to work effectively in the long term, the automatic setting of permissions should be -used. However, the manual setting of permissions is generally used when editing already existing +manual approach doesn't use any automatic processes. This method of setting permissions is thus +performed separately for every record – this process isn't as recommended for newly created data. +To work effectively in the long term, use the automatic setting of permissions. However, the manual setting of permissions is generally used when editing already existing records. ## Adding additional users with permissions @@ -29,15 +28,17 @@ the permissions in the list view: ![different ways to access the permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-1-en.webp) -NOTE: The icon on the right of the reading pane shows the information whether the record is personal +:::note +The icon on the right of the reading pane shows the information whether the record is personal or public. In case of personal data records, the user that is logged on is the only one who has -permissions! +permissions. +::: The author is created with all permissions for the record. As described in the [Permission concept and protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now add roles and users. 'Right click - Add' inside the userlist or use the ribbon "User and roles" to add a user. The filter helps you to quickly find those users who should be granted permissions for -the record in just a few steps. +the record. ![add user and role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-2-en.webp) @@ -53,7 +54,7 @@ Ctrl/Shift + left mouse button. By default, all added users or roles receive only the “Read” permission on the record. The “Read” permission at the beginning is sufficient to view the fields of the data record and to use the -password. "Write" permission allows you to edit a data record. **The permission “Authorize” is +password. "Write" permission lets you edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for the[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). @@ -61,7 +62,7 @@ the[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconcept ## Transferring permissions -A simple right-click on a user can be used to copy and transfer permission configurations of users +A simple right-click a user lets you copy and transfer permission configurations of users or roles to others in the context menu. In this context, the use of permission templates is also very practical. In the “Template” area of ​​the ribbon, you can save configured permissions, including all users, and reuse them for other records. @@ -69,7 +70,7 @@ including all users, and reuse them for other records. ![preset menu](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-5-en.webp) The transfer of permissions and their reuse can be an important building block to create and -maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize +maintain entitlement integrity. This method can't rule out misconfigurations, but it minimizes the risk significantly. Of course, the correct configuration of these templates is a prerequisite. ## The add permission @@ -90,5 +91,7 @@ itself, as well as by users with the permission “Is database administrator”. The owner permission prevents other users who have the “Authorize” permission from removing someone with the owner permission from the record. -**CAUTION:** The owner permission does not protect a record from being deleted. Any user who has -deletion permission can delete the record! +:::warning +The owner permission doesn't protect a record from being deleted. Any user who has +deletion permission can delete the record. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index 2d019fd069..f3925d57a9 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -6,12 +6,12 @@ sidebar_position: 20 # Multiple editing of permissions -## How to edit multiple permissions? +## Edit multiple permissions As part of the manual modification of permissions, it is also possible to edit multiple records at -the same time. Various mechanisms can be used to select the records to be edited. You are able to +the same time. Various mechanisms lets you select the records to be edited. You can select the records in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) or you can use -the filter as part of the multiple editing function. Both scenarios are described below. +the filter as part of the multiple editing function. Both scenarios are described in the following sections. ### User permissions for batch processing @@ -22,11 +22,11 @@ This mode is inactive by default and needs to be activated in the user rights. ## Multiple editing via list view Individual permissions can be added or remove via **Multiple editing within list view**. The -existing permissions will **not be overwritten**. +existing permissions are **not overwritten**. ## Selecting the records -In list view, Shift or Ctrl + mouse click can be used to select multiple records. Permissions can +In list view, Shift, or Ctrl + mouse click lets you select multiple records. Permissions can also be granted for these records via the selection. The marked records are displayed in a different color. 6 records are marked in the following image. @@ -34,31 +34,35 @@ color. 6 records are marked in the following image. ## Dialogue for configuring the permissions -A new tab will be opened in the ribbon above the "Permissions" button in which the permissions can -be configured. The tab will display the number of records that will be affected by the defined +A new tab opens in the ribbon above the "Permissions" button in which the permissions can +be configured. The tab displays the number of records that are affected by the defined changes. ![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-2-en.webp) -NOTE: As the already granted permissions for the selected records may differ, it is not possible to +:::note +As the already granted permissions for the selected records may differ, it isn't possible to display the permissions here. +::: ## Adding permissions To add a permission, a user or role is selected first in the ribbon under **Search and add** or **Search**. The permissions are then selected as usual in the ribbon. The -:material-plus-circle-outline: symbol indicates that permissions will be added. In the following +:material-plus-circle-outline: symbol indicates that permissions are being added. In the following example, Mr. Steiner receives read permission to all selected records. In contrast, Mr. Brewery receives all permissions. ## Reducing permissions / removing users and roles from the permissions -If you want to remove permissions, it is also necessary to add the user or the desired role to be -edited. Clicking on **Reduce permissions** now means that permissions will be removed. This is -indicated by the :material-minus-circle-outline: symbol. The selected permissions will be removed. +To remove permissions, add the user or the desired role to be +edited. Clicking on **Reduce permissions** now means that permissions are removed. This is +indicated by the :material-minus-circle-outline: symbol. The selected permissions are removed. -NOTE: If the **read** permission is to be removed for a user or role, the user will be completely +:::note +If the **read** permission is to be removed for a user or role, the user is completely removed from the permissions. +::: ## Examples @@ -67,36 +71,38 @@ contrast, Mr. Brewery receives all permissions: ![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-3-en.webp) -The read permission will be removed for Mr. Steiner. As removing the read permissions means that no +The read permission is removed for Mr. Steiner. As removing the read permissions means that no other permissions exist for the record, Mr. Steiner is completely removed from the permissions. The -authorize, move, export and print permissions are being removed from Mr. Brewery. Assuming that he -previously had all permissions, he will then have read, write and delete permissions remaining: +authorize, move, export, and print permissions are being removed from Mr. Brewery. Assuming that he +previously had all permissions, he then has read, write, and delete permissions remaining: ![edit rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-4-en.webp) ## Batch processing using a filter -In some cases it is necessary to edit the permissions for a very large number of records. On the one +In some cases you must edit the permissions for a very large number of records. On the one hand, a maximum limit of 1000 records exists and on the other hand, handling a very large number of -records via list view is not always the best solution. The **Batch processing using a filter** mode +records via list view isn't always the best solution. The **Batch processing using a filter** mode has been developed for this purpose. This is directly initiated via the ribbon. ![Batch processing using a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-5-en.webp) -In the subsequent dialogue, you define whether you want to expand, reduce or completely overwrite +In the subsequent dialogue, you define whether you want to expand, reduce, or completely overwrite existing permissions. If you select **expand or reduce** at this stage, the same logic as for -**editing via list view** is used. No permissions will thus be overwritten. +**editing via list view** is used. No permissions are overwritten. In the option **overwrite permissions**, the existing permissions are removed and then replaced by the newly defined permissions. -**CAUTION:** It is important to proceed with great caution when overwriting permissions because this +:::warning +Proceed with great caution when overwriting permissions because this function can quickly lead to a large number of records becoming unusable. +::: ![permissions adapted on a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-6-en.webp) -The filter itself defines the selection criteria for the records to be edited. The currently -configured filter will be used as default. The records that will be affected by the changes are also +The filter itself defines the selection criteria for the records to be edited. The +configured filter is used as default. The records that are affected by the changes are also not displayed in this view. Only the number of records is displayed. In the following example, 9 passwords are being edited to add the read permission the role "Sales". @@ -104,20 +110,24 @@ passwords are being edited to add the read permission the role "Sales". ## Seals and password masking -Sealed or masked records cannot be edited using batch processing. If these types of passwords are -selected, a dialogue will be displayed when carrying out batch processing to inquire how these +Sealed or masked records can't be edited using batch processing. If these types of passwords are +selected, a dialogue is displayed when carrying out batch processing to inquire how these records should be handled. ![security warning because of sealed or masked passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-8-en.webp) -It is possible to select whether the affected records are skipped or whether the seal or password +You can select whether the affected records are skipped or whether the seal or password masking should be removed. If the **remove** option is selected, the process needs to be confirmed again by entering a PIN. ![security warning](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-9-en.webp) -**CAUTION:** The removal of seals and password masking cannot be reversed! +:::warning +The removal of seals and password masking can't be reversed. +::: -NOTE: Depending on the number of records, editing records may take a long time. This process is -carried out in the background for this reason. A hint will indicate that the permissions process has +:::note +Depending on the number of records, editing records may take a long time. This process is +performed in the background for this reason. A hint indicates that the permissions process has been completed. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md index 8e12f145c5..d2e2662ef3 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -12,8 +12,10 @@ Once they have been configured, permissions can be constantly reused. The functi permissions as a template** in the ribbon is used for this purpose. The templates are globally available and can also be used for other records. -NOTE: When saving templates, always select a name that will also allow it to be safely +:::note +When saving templates, always select a name that will also allow it to be safely differentiated from other templates if you have a large number of right templates. +::: Nevertheless, the use of right templates merely reduces the amount of work and still envisages the manual setting of permissions. Automatic process for the issuing of permissions also exist in diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index ad2e840a53..4f676395b0 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -6,11 +6,11 @@ sidebar_position: 40 # Permission concept and protective mechanisms -## What is the permission concept? +## Permission concept overview -With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands +With Netwrix Password Secure version 9 Netwrix providesthe right solution to all conceivable demands placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) are a -great way to efficiently manage multiple users without losing the overview. We've created multiple +great way to efficiently manage multiple users without losing the overview. The following sections include multiple methods to manually or automatically manage your permissions. More information can be seen in the chapter [Multiple editing of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) @@ -22,11 +22,15 @@ The interrelationships between all of these elements are illustrated in the foll ![Authorisation concept](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_1-en.webp) -NOTE: Applying some form of permissions is **obligatory**. Applying a protective mechanism is +:::note +Applying some form of permissions is **obligatory**. Applying a protective mechanism is **optional**. +::: -NOTE: The configuration of visibility is a technical part of the permissions process. However, this +:::note +The configuration of visibility is a technical part of the permissions process. However, this mechanism has a “protective character” and is thus listed under protective mechanisms. +::: ## Basic mechanics of the permission concept @@ -51,7 +55,7 @@ is, of course, a good idea to manage these roles in accordance with your company role “Administrators” can therefore be provided with more extensive authorizations than, for example, the role “Sales Assistance”. This role-based inheritance allows the organization to maintain the overview in a larger corporate structure as well as a simple procedure when adding new -employees. Instead of having to entitle him individually, this is simply added to his role. +employees. Instead of having to entitle them individually, they are added to their role. ![Permission only for users or roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_2-en.webp) @@ -60,11 +64,12 @@ only to grant rights individually to employees in exceptional cases. The unplann personnel must also be taken into account in such concepts. Working with roles defuses such risks significantly. -NOTE: +:::note +::: ``` -Permissions are always granted to only one user or role! +Permissions are always granted to only one user or role. ``` @@ -76,7 +81,8 @@ been authorized for the role. ![Membership in roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_3-en.webp) -NOTE: +:::note +::: ``` @@ -95,21 +101,22 @@ illustrates this with an example of two users. - **User 1** is a member of the role, and is therefore authorized for all records that are assigned to the role. However, it has only “read rights” for the role itself. This means, it can see the - role, but cannot “Edit, move, or delete” it. + role, but can't “Edit, move, or delete” it. - **User 2** has all rights for the role. It can add additional users to the role by means of - “authorize”. The crucial point, however, is that it is not a member of the role. It cannot, + “authorize”. The crucial point, however, is that it isn't a member of the role. It can't, therefore, see any records for which the role is authorized. In practice, the first user would be a classic user that is assigned, for example, to the Sales role by the administrators, and can view the records accordingly. The second user could be one of those administrators. This user has extensive rights for the role. It can edit it, and add users to it. -However, it cannot see any data that is assigned to sales. It lacks membership in the role. +However, it can't see any data that is assigned to sales. It lacks membership in the role. -NOTE: +:::note +::: ``` -As a member of a role, it must have at least the “read” right for the role! +As a member of a role, it must have at least the “read” right for the role. ``` @@ -124,15 +131,15 @@ configuration of a role will be illustrated using two users. The configuration i - The user “Holste” is a member of the role and can, therefore, access those records for which the role has permissions. He has the obligatory read right for the role, which is the basic - requirement in order to be a member of the role. Which exact rights it has to the data record is - not defined within the role! This is set out in the following section. -- The user “Administrator” has all rights to the role, but is not a member! Thus, it cannot see any + requirement to be a member of the role. Which exact rights it has to the data record is + not defined within the role. This is set out in the following section. +- The user “Administrator” has all rights to the role, but isn't a member. Thus, it can't see any records that are authorized for the role. However, it has all rights to the role and can therefore print, assign other users to the role, and delete them. ![explanation of the authorization through a role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_6-en.webp) This example clearly shows the advantages of the concept. The complete separation of administrative -users from regular users brings significant advantages. Of course, one does not necessarily exclude -the other. An administrator can, of course, have full access to the role and also be a member in it! +users from regular users brings significant advantages. Of course, one doesn't necessarily exclude +the other. An administrator can, of course, have full access to the role and also be a member in it. The boundaries between the two often overlap, and can be freely defined in Netwrix Password Secure. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index bbbd269e2b..4c9ad74f59 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -6,16 +6,16 @@ sidebar_position: 30 # Predefining rights -## What are predefined rights? +## Predefined rights overview [Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) -can be carried out separately for every record. Although this method enables you to very closely -control every intended permission structure, it is not really efficient. On the one hand, there is +can be performed separately for every record. Although this method lets you very closely +control every intended permission structure, it isn't really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who -should also receive permissions to access data are forgotten. In addition, many users should not +should also receive permissions to access data are forgotten. In addition, many users shouldn't even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration -of predefined rights, please also refer to the sections +of predefined rights, also refer to the sections [Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their [Scope of validity for predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). @@ -38,12 +38,12 @@ following example specifically focuses on an IT department. The following 3 hier In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the O[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -module, we now select those OUs (departments) for which rights should be predefined and select +module, select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. ![button of predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-1-en.webp) -- **Creating the first template group:** A new window will appear after clicking on the icon for +- **Creating the first template group:** A new window appears after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered. @@ -67,14 +67,14 @@ and **Firewall** have also been defined below. ![Standard template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-4-en.webp) -A **default template group** can be defined directly next to the drop-down menu for selecting the +A **default template group** can be defined directly next to the dropdown menu for selecting the template group (green arrow). This is always pre-configured when you select “IT” as the OU to save records. ## Issuing tags for predefining rights In the same way that permissions are defined within right templates, it is also possible to -automatically set **tags**. Their configuration is carried out in the same way as issuing +automatically set **tags**. Their configuration is performed in the same way as issuing [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) for records. ![tags for predefining rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md index b9616e4527..71492306ff 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## User rights for predefined rights The user rights section provides all of the basic information required for handling user rights . -Nevertheless, the four user rights related to “predefining rights” are explained below. +Nevertheless, the four user rights related to “predefining rights” are explained in the following sections. ![global user rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights_1-en.webp) @@ -25,7 +25,7 @@ Nevertheless, the four user rights related to “predefining rights” are expla selection function is displayed or not when creating new records. If this right has not been granted, the user is thus not able to see for which roles and users the user rights are being defined. -- **Can remove members from rights templates:** Roles defined within the rights templates cannot be +- **Can remove members from rights templates:** Roles defined within the rights templates can't be removed without this right. If this right has not been granted, the roles defined in the templates are always authorized for records in this organisational structure. If the user right is activated: The user can remove the roles via the “x” icon: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md index a9788ab0e2..584d543601 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -8,7 +8,7 @@ sidebar_position: 30 In general, all of the predefined rights for an organisational structure are applied to all underlying objects. These objects could be passwords, forms, form fields documents, users, -applications or also other nested organisational structures in the hierarchy. In the following +applications, or also other nested organisational structures in the hierarchy. In the following example, the rights template **IT general** has been defined for the organisational unit **IT**. ![rights template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_1-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index 42eb68168d..b112b69351 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -44,7 +44,7 @@ associated permissions: | Red | Authorize | Other rights also exist that are, however, not separately indicated by a color. The overview in the -ribbon can be used to see whether the “move”, “export” and “print” rights are set or not. The +ribbon lets you see whether the “move”, “export” and “print” rights are set or not. The permissions for the selected role/user are always displayed – in this case for the role “IT management”. @@ -56,13 +56,15 @@ The [Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advan the configuration of rights for both existing and also new records. The option of [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every record, a “preset” is defined once for each -organisational structure. Once this has been done, it is sufficient in future to merely select the +organisational structure. After this has been done, it is sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This -process is particularly advantageous for those users who should not set their permissions +process is particularly advantageous for those users who shouldn't set their permissions themselves. ![predefined rights diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_4-en.webp) -**CAUTION:** The configuration of permissions can be carried out manually or automatically as -described. If you want to change previously set permissions later, this has to be done manually. -Retrospectively defining rights is not possible. +:::warning +The configuration of permissions can be performed manually or automatically as +described. To change previously set permissions later, do so manually. +Retrospectively defining rights isn't possible. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 18cc6d0dfa..ebe976cd25 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Password masking -## What is password masking? +## Password masking overview -The safest passwords are those that you do not know. Password masking follows this approach. It +The safest passwords are those that you don't know. Password masking follows this approach. It prevents the password from being shown, while allowing the use of the automatic sign-on. You can apply it via the button of the same name in the ribbon. @@ -29,7 +29,9 @@ for the record is required to apply or remove the masking. Users who have the ** permission** for a record can continue to use the record without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. -NOTE: Password masking can only be applied to records with an existing password! +:::note +Password masking can only be applied to records with an existing password. +::: ## Applying password masking @@ -47,21 +49,27 @@ button in the ribbon for that purpose. Ensure that the password field is highlig ![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_2-en.webp) The special feature when setting or editing masking via the form field permissions is that you can -individually select users to whom masking will be applied. In the following example, masking has -been specified only for the role of “trainees”, although the “IT” role does not have the **authorize +individually select users to whom masking is applied. In the following example, masking has +been specified only for the role of “trainees”, although the “IT” role doesn't have the **authorize permission** either. In addition to the name of the role or the user, the icon symbolizes the fact that visa protection applies to trainees. ![example password masking](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_3-en.webp) -NOTE: Use the icon in the ribbon to apply password masking to all users who have read permission on -the record, but not the **authorize permission**. If you wish to specify more precisely for which -users the password masking should be applied, this is also possible via the form field permissions. +:::note +Use the icon in the ribbon to apply password masking to all users who have read permission on +the record, but not the **authorize permission**. To specify more precisely for which +users the password masking applies, use the form field permissions. +::: -NOTE: It is important to note that the login mask for records with password masking will be "sent +:::note +The login mask for records with password masking is "sent automatically", even if the setting **Browser Extensions: Automatically send login masks** has been deactivated. +::: -**CAUTION:** The password masking only applies to those users who are authorized at the time of +:::warning +The password masking only applies to those users who are authorized at the time of attachment to the record. If a record has the password masking and a user get´s authorized the record is **not protected** for this user. The password masking should then be removed and reset. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index 908b0a48c9..28e9d18cae 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -6,16 +6,16 @@ sidebar_position: 40 # Protective mechanisms -## What are protective mechanisms? +## Protective mechanisms overview The primary goal of Netwrix Password Secure is to ensure data security at all times. The -authorization concept is naturally the most important component when it comes to granting users the +authorization concept is the most important component when it comes to granting users the intended level of permissions for accessing data. Specifically, this makes it possible to make certain information only available to selected employees. Nevertheless, it is still necessary to -have protective mechanisms above and beyond the authorization concept in order to handle complex +have protective mechanisms above and beyond the authorization concept to handle complex requirements. -- [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly +- [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) isn't separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. @@ -23,7 +23,7 @@ requirements. possible to grant users or roles temporary access to data. - [Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. -- To link the release of highly sensitive access data to a double-check principle, it is possible to +- To link the release of highly sensitive access data to a double-check principle, you can use [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a granular level and is always adaptable to individual requirements. @@ -43,20 +43,24 @@ in more detail below. It should always be noted that **visibility** is always a basic requirement for applying further protective mechanisms. A record that is completely hidden from a user (= no read permission) can -naturally not be given any further protective mechanisms. +not be given any further protective mechanisms. -NOTE: The visibility of a record is always the basic requirement for applying further protective +:::note +The visibility of a record is always the basic requirement for applying further protective mechanisms +::: ## Combining multiple protective mechanisms -In principle, there are a diverse range of possibilities for combining the above-mentioned +In principle, there are a diverse range of possibilities for combining the listed protective mechanisms. Temporary access to a “masked” record is possible just as having a “masked” record which is additionally secured by a double-check principle is also possible. **Nevertheless, -it should be noted that temporary permissions in combination with seals always pose a risk.** If +Temporary permissions in combination with seals always pose a risk.** If releasing a seal requires approval from a person who only possesses or possessed temporary -permissions or will only possess them in future, this could naturally conflict with the configured +permissions or will only possess them in future, this could conflict with the configured release criteria. -**CAUTION:** The combination of seals and temporary permissions is not recommended if the user with +:::warning +The combination of seals and temporary permissions isn't recommended if the user with permissions to issue a release has only been given temporary permissions. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index c8a3dbcf17..b9bf47d9bb 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Release mechanism -## What is the release mechanism? +## Release mechanism overview -A sealed password will not be released until the number of approvals required in the seal has been +A sealed password is not released until the number of approvals required in the seal has been granted. Releases can be granted by anyone who has been defined as having the required permissions to issue the release in the seal. The mechanism describes the complete process from the first release request to the final grant of the release and the breaking of the seal. @@ -16,30 +16,33 @@ release request to the final grant of the release and the breaking of the seal. ## Users and roles in the release mechanism As noted in the previous sections, seals always restrict the right of a user to view a specific -password. Even if the configuration is usually done at the level of the role, each user is naturally -responsible for his own request when carrying out the release. Even if a seal is defined for a role, +password. Even if the configuration is usually done at the level of the role, each user is responsible for his own request when carrying out the release. Even if a seal is defined for a role, technically separate seals are created for each individual member of the role. -NOTE: Requests or releases are only valid for the respective user! +:::note +Requests or releases are only valid for the respective user. +::: -**CAUTION:** If a user is a member of several roles of a seal, the "stronger" right is always +:::warning +If a user is a member of several roles of a seal, the "stronger" right is always applied. Release rights have a priority over read rights +::: ## 1. Requesting a release -In order to release a seal for sealed passwords, this must be requested from the user with the +To release a seal for sealed passwords, this must be requested from the user with the required permissions to issue the release. Within the Netwrix Password Secure client, this can be done via the buttons **Reveal** and **Seal** in the ribbon, as well as via the **Icon in the password field** of the data record in the reading pane. ![seal protection](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_1-en.webp) -A modal window opens, which can be used to request the seal. The reason for the entry will be +A modal window opens, which lets you request the seal. The reason for the entry is displayed to the users with the required permissions to issue the release. ![start seal process](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_2-en.webp) -All user with the required permissions to issue the release will be notified that the user has +All users with the required permissions to issue the release are notified that the user has requested the seal. This can be viewed via the module [Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), as well as in the Seal overview. @@ -53,15 +56,15 @@ overview. The reason given in the release is also evident. ![seal overview](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_3-en.webp) -If the release is granted, the Inquirer Im **Module Notifications** will be informed. You can also +If the release is granted, the Inquirer in **Module Notifications** is informed. You can also open the seal directly from the ribbon and see the now released state. ![notification seal status](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_4-en.webp) ## 3. Breaking the seal -As soon as the requesting user has received the number of the required releases, he will be informed -via the notifications as usual. The seal can now be broken. From this point on, the user will be -able to see the password. +As soon as the requesting user has received the number of the required releases, he is informed +via the notifications as usual. The seal can now be broken. From this point on, the user can +see the password. ![broken seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_5-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md index 88f6a6cf3d..9f99564a3d 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Seal overview -## What is the seal overview? +## Seal overview Users with the required permissions to issue the releases receive access to the current state of the existing seals at any time via the seal overview. The overview is accessible via the ribbon as well @@ -52,6 +52,8 @@ breaking the seal after a security query. Viewing the password is irrelevant. On be manually reset by the icon to the right of the broken seal column. The state “Sealed” is restored. -**CAUTION:** It makes no sense to re-seal already visible passwords. The user was able to view the -password. Therefore, it is not monitorable whether the password has been saved, for example, by -screenshot. In such cases, a new password is the only way to guarantee 100% password security! +:::warning +It makes no sense to re-seal already visible passwords. The user could view the +password. Therefore, it isn't monitorable whether the password has been saved, for example, by +screenshot. In such cases, a new password is the only way to guarantee 100% password security. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index 8e9f6f2cf9..9ddf67af79 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Seals -## What are seals? +## Seals overview Passwords are selectively made available to the different user groups by means of the [Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). Nevertheless, there are many scenarios in which the ability to view and use a record should be linked to a release issued in advance. In this context, the seal is an effective protective mechanism. This multi-eye principle protects passwords by securing them with granular release -mechanisms. If you want to see a password, this must be requested and released. The release can also +mechanisms. To see a password, a request must be submitted and released. The release can also be temporary. ## Relevant rights @@ -26,22 +26,26 @@ The following option is required to add a seal. ## Required permissions -Firstly, the user must have the **authorize permission** for the record in order to create seals. +Firstly, the user must have the **authorize permission** for the record to create seals. The read permission to all users and roles that are contained in the seal is also required. The exact configuration of password masking and permissions for records is described in detail in the Authorization concept section. -## What exactly is sealed? +## Sealed content -Technically speaking, the password itself is not sealed. It is the permission to see a password +Technically speaking, the password itself isn't sealed. It is the permission to see a password field that is protected by a seal. This allows for the most sensitive configurations, in which one group can use the password without restrictions, but the same password is sealed for other users. The wizard assists users in applying seals, as well as in future maintenance. -**CAUTION:** The complete data set is never sealed! Only the permission to view a password is +:::warning +The complete data set is never sealed. Only the permission to view a password is protected by a seal. +::: -**CAUTION:** Be Aware" Only records that are protected with a password can be sealed! +:::warning +Be Aware" Only records that are protected with a password can be sealed. +::: ## Seal wizard @@ -71,10 +75,12 @@ release are displayed in blue. ![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_3-en.webp) -NOTE: All users and roles for which the data set is not sealed and which are not authorized for +:::note +All users and roles for which the data set isn't sealed and which aren't authorized for release are displayed in green. These can use the data record independently of the seal. +::: -To avoid having to perform any configuration manually, roles and users are copied directly from the +To avoid having to perform any configuration manually, roles, and users are copied directly from the authorizations of the data record. Compare with the "permissions" for the record (can be viewed via the ribbon). @@ -83,9 +89,11 @@ the ribbon). Supervisors should issue the releases for their employees. Therefore, the checkbox also follows the existing authorizations. The following **scheme** is used: -NOTE: All users and roles that have the **authorize permission** to the record are "authorized to -issue a release" for the seal by default. All users and roles that do not have the **authorize +:::note +All users and roles that have the **authorize permission** to the record are "authorized to +issue a release" for the seal by default. All users and roles that don't have the **authorize permissions** to the record are copied directly into the "Sealed for" column. +::: Here is a closer look at the permissions of the role **Administrators** on the record: @@ -96,33 +104,39 @@ Here is a closer look at the permissions of the role **Administrators** on the r Although standard authorizations are used as a basis for the sealing concept, these can be adapted. The number of releases generally required is as configurable as the required number of releases from a role. In the following example, the seal has been extended so that a total of three release -authorizations are required in order to release the seal **(Multi-eye principle)**. The role of the +authorizations are required to release the seal **(Multi-eye principle)**. The role of the administrators has been marked in the mandatory column. This means that it must grant at least one release. In summary: A total of three releases must be made, whereby the group of administrators must grant at least one release. ![edit seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_6-en.webp) -In order to be not only dependent on existing authorizations on the data set, other users can also -be added to the seal. The role accounting under "sealed for" has been added below. +To be not only dependent on existing authorizations on the data set, other users can also +be added to the seal. The role accounting under "sealed for" has been added in the following screenshot. ![define permission for the seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_7-en.webp) -NOTE: When a role or a user is added to a seal, these users also receive permissions on the record +:::note +When a role or a user is added to a seal, these users also receive permissions on the record according to the authorization granted in the seal. A role that is added under "Sealed for" receives -the **Read permission** on the record. When you add authorization permissions, these will include +the **Read permission** on the record. When you add authorization permissions, these include the **Read**, **Write**, **Delete**, and **Authorize** permission. +::: -**CAUTION:** All the roles that were once added to the seal can no longer be removed via the seal -logic. This is only possible directly via the authorizations of the data record! +:::warning +All the roles that were once added to the seal can no longer be removed via the seal +logic. This is only possible directly via the authorizations of the data record. +::: -NOTE: It is possible to seal records for a user who is also authorized to issue a release. In this -constellation, it is important to ensure that at least one other user is authorized to issue a +:::note +You can seal records for a user who is also authorized to issue a release. In this +constellation, ensure that at least one other user is authorized to issue a release. In principle, you should never be able to issue a release for yourself. +::: #### 3. Advanced settings -Advanced seal settings allow you to adjust the multi-eye principle. Both the time validity of a +Advanced seal settings let you adjust the multi-eye principle. Both the time validity of a release request as well as a granted release can be configured. Multiple break defines whether after the breaking of a seal by a user, other users may still break it. @@ -130,9 +144,9 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal -Before closing the wizard, it is possible to save the configuration for later use in the form of a +Before closing the wizard, you can save the configuration for later use in the form of a template. [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be -optionally provided with a description for the purpose of overview. +optionally provided with a description to overview. ![save seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index b5dac7e936..a470cddba6 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Temporary permissions -## What are temporary permissions? +## Temporary permissions overview -So far, we have covered permissions that were valid for an unlimited period. However, a permission +So far, this guide has covered permissions that were valid for an unlimited period. However, a permission can also be granted in advance with a time restriction. Examples are users who stay in the company for a limited time, such as interns or trainees. @@ -33,8 +33,10 @@ permissions: - **Green:** The temporary permission is active. - **Red:** The time period for the temporary permissions has already expired. -NOTE: Temporary permissions can also be assigned to multiple roles and users at the same time. You -can select multiple users and roles as usual with Ctrl/Shift + left mouse button! +:::note +Temporary permissions can also be assigned to multiple roles and users at the same time. You +can select multiple users and roles as usual with Ctrl/Shift + left mouse button. +::: ## Special features of the authorization system @@ -43,5 +45,7 @@ configurations. Conceivable constellations include a situation when the only use only has temporary permissions. When these permissions expire, there is no longer any user with full permissions. To prevent this happening, users with temporary permissions are handled differently. -**CAUTION:** There must always be one user who has the “authorize” right to a record, who does not +:::warning +There must always be one user who has the “authorize” right to a record, who doesn't only have temporary permissions. +::: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index c2263fb00e..6d3b41ec05 100644 --- a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -10,24 +10,24 @@ sidebar_position: 10 The use of a [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility of the records is closely -interwoven with the existing permissions structure. Naturally, a user can always only see those +interwoven with the existing permissions structure. a user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into -consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) are not +consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) aren't subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record -as personal – yet each user will naturally only be able to find their own personal records. +as personal – yet each user will only be able to find their own personal records. ## Creating independently working environments The possibility of separately defining the visibility of individual objects is one of the special features within the Netwrix Password Secure authorization concept. Irrespective of whether handling -records, documents, organisational structures, roles or forms: it is always possible to define +records, documents, organisational structures, roles, or forms: it is always possible to define whether a user or a role possesses a read permission to the object or not. The permissions for each of these objects can be defined separately via the ribbon in the permissions dialogue. This approach enables the creation of independently existing departments within a database. The permissions structure for the SAP form can be seen below. It shows that only the sales manager and the -administrators are currently permitted to create new records of type SAP. +administrators are permitted to create new records of type SAP. ![example permissions on a form](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility-en.webp) @@ -35,6 +35,8 @@ In general, each department can independently use forms, create passwords and ma this way. Especially in very sensitive areas of a company, this type of compartmentalization is often required and also desired. -NOTE: An alternative also supported by Netwrix Password Secure is for each department to set up +:::note +An alternative also supported by Netwrix Password Secure is for each department to set up their own MSSQL database. However, this physical separation requires considerably more -administration work than the above-mentioned separation of data based on permissions and visibility. +administration work than the permission-based and visibility-based separation of data based on permissions and visibility. +::: diff --git a/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md index 2d54efaa6d..f326ab1b4a 100644 --- a/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md +++ b/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md @@ -1,34 +1,36 @@ --- -title: "Autofill Add-on" -description: "Autofill Add-on" -sidebar_position: 60 +Title: "Autofill Add-on" +Description: "Autofill Add-on" +Sidebar_position: 60 --- # Autofill Add-on -## What is the Autofill Add-on? +## Autofill Add-on overview The Autofill Add-on is responsible for the automatic entry of login data in applications. This -enables logins without knowledge of the password, which can be a particularly valuable tool in -combination with +Enables logins without knowledge of the password, which can be a particularly valuable tool in +Combination with [Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). The [Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md) -is used to define which users should receive access. +Is used to define which users should receive access. However, the password remains hidden because it is entered by Netwrix Password Secure. #### Requirements The Autofill Add-on is installed together with the Netwrix Password Secure client and can then be -used by users (assuming they have sufficient permissions). A separate installation is thus not -necessary. A desktop link is created for both the client and also for the Autofill Add-on. +Used by users (assuming they have sufficient permissions). A separate installation is thus not +Necessary. A desktop link is created for both the client and also for the Autofill Add-on. User rights The right **Can create web applications** is required for creating new web applications\* -NOTE: The agent can control multiple databases at the same time +:::note +The agent can control multiple databases at the same time +::: #### Functionality @@ -37,29 +39,31 @@ The functionality of the Autofill Add-on is illustrated in the following diagram ![Automatic entries diagram](/images/passwordsecure/9.2/configuration/autofill_add-on/installation_with_parameters_125-en.webp) RDP and SSH -sessions(![1](/images/passwordsecure/9.2/configuration/autofill_add-on/1.webp) -) are not automatically started via the Autofill Add-on. Applications are created for this purpose -in the Netwrix Password Secure client. The creation and use of these connections is explained in -detail in the corresponding section. +Sessions(![1](/images/passwordsecure/9.2/configuration/autofill_add-on/1.webp) +) aren't automatically started via the Autofill Add-on. Applications are created for this purpose +In the Netwrix Password Secure client. The creation and use of these connections is explained in +Detail in the corresponding section. Automatically starting all other types of connection is the task of the **Autofill Add-on**. The -following types of connections exist: +Following types of connections exist: -- Entering login data in Windows applications: Alongside the above-mentioned RDP and SSH sessions, +- Entering login data in Windows applications: Alongside the RDP and SSH sessions listed earlier, other Windows applications can also be automated (![2](/images/passwordsecure/9.2/configuration/autofill_add-on/2.webp)). - A major difference is that the two above-mentioned connections are set up and “embedded” in a - separate tab. Other applications, such as e.g. VMware, are directly started as usual. In these - cases, the Autofill Add-on takes over the communication between the application server and the + A major difference is that the two previously listed connections are set up and “embedded” in a + Separate tab. Other applications, such as e.g. VMware, are directly started as usual. In these + Cases, the Autofill Add-on takes over the communication between the application server and the Windows applications. -NOTE: For entering data on websites, the record must contain at least the following fields: User -name, password, URL. +:::note +For entering data on websites, the record must contain at least the following fields: User +Name, password, URL. +::: #### Conclusion As the Autofill Add-on is directly connected to the application server, login data can also be -entered without the main client. Exceptions are the RDP and SSH connections. These are forced to -remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the -client with the two limitations mentioned. Naturally, all of the steps completed are still entered -in the logbook and are always traceable. +Entered without the main client. Exceptions are the RDP and SSH connections. These are forced to +Remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the +Client with the two limitations mentioned. All of the steps completed are still entered +In the logbook and are always traceable. diff --git a/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md b/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md index f41c588795..242ac18987 100644 --- a/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md +++ b/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md @@ -18,19 +18,21 @@ makes all of the databases configured on the client available. It is also possib profiles as usual so that the connection data for certain databases can be used efficiently in the future. -NOTE: The agent accesses the same configuration file as the client. All changes to profiles will +:::note +The agent accesses the same configuration file as the client. All changes to profiles will thus also affect the client. New profiles can thus also be created via the Autofill. +::: #### Context menu functionality -After successfully logging in, the Autofill Add-on firstly runs in the background. Right click on +After successfully logging in, the Autofill Add-on firstly runs in the background. Right click the icon in the system tray to open the context menu. ![icon options](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_130-en.webp) - **Disconnect**: Connect to database/disconnect from database. (All connections are shown for multiple databases) -- **Login** enables you to log into another database +- **Login** lets you log into another database - **Disable/Enable agent** allows you the option of temporarily disabling automatic login - A diverse range of variables can be defined via the **Settings** - **Reload all Data** diff --git a/docs/passwordsecure/9.2/configuration/basicview/basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/basic_view.md index c116cadd9f..39bbaad7e0 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/basic_view.md @@ -8,7 +8,7 @@ sidebar_position: 30 ![light-client-en](/images/passwordsecure/9.2/configuration/basic_view/light-client-en.webp) -## What is the Basic view about? +## Basic view overview The Basic view is a lean tool for every end user. It guarantees quick and easy access to the daily needed passwords. Although the Basic view has a limited range of functions, it can be operated @@ -21,7 +21,7 @@ ideal tool for the daily handling of passwords. ## Requirements & required rights You don’t need any special permission to use the Basic view. However, the handling of the Basic -views can be set via rights and settings. Read more in chapter +views can be set via rights and settings. See [To do for Administration](/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md). #### Installation diff --git a/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md index 0f58657d3a..a37b22afd0 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md @@ -18,8 +18,8 @@ URL** 2. Set display of the Basic view or Advanced view -The setting **Display passwords in Basic view & display passwords in Advanced view** allows you to -configure the display of both clients. The passwords can be displayed with an icon, logo or in text +The setting **Display passwords in Basic view & display passwords in Advanced view** lets you +configure the display of both clients. The passwords can be displayed with an icon, logo, or in text form. 3. Are users in the right organisational unit? diff --git a/docs/passwordsecure/9.2/configuration/basicview/password_management.md b/docs/passwordsecure/9.2/configuration/basicview/password_management.md index fc468a0f2c..5fa097da5d 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/password_management.md +++ b/docs/passwordsecure/9.2/configuration/basicview/password_management.md @@ -9,20 +9,24 @@ sidebar_position: 60 ## Creating passwords This chapter deals with the main functionality of Basic view, namely the secure storage and -management of passwords. It should be noted that a password can be stored in different ways. +management of passwords. a password can be stored in different ways. -NOTE: The required settings and rights are given by the in-house administration. Further information +:::note +The required settings and rights are given by the in-house administration. Further information can be found here: To do for the administration +::: #### Create with application -**Prerequisite:** An existing application is available. It does not matter whether this is an SSO, +**Prerequisite:** An existing application is available. It doesn't matter whether this is an SSO, web, RDP, or SSH application. ![create password](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-password-en.webp) -NOTE: Managing and creating the corresponding applications is the responsibility of the in-house +:::note +Managing and creating the corresponding applications is the responsibility of the in-house administration. How to create an application can be read here and in the following chapters. +::: Clicking on the existing application opens a window that asks for the user name and password. @@ -60,9 +64,9 @@ Then the whole process is completed by clicking the "Finish" button. ## Changing and deleting passwords -In order to change or delete passwords you should stay on the corresponding tile with the mouse -cursor. The control button will appear. +To change or delete passwords you should stay on the corresponding tile with the mouse +cursor. The control button appears. -When you click the button, you will be offered the "Edit" and "Delete" options, among others. +When you click the button, you are offered the "Edit" and "Delete" options, among others. ![options record light client](/images/passwordsecure/9.2/configuration/basic_view/password_management/options-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md index 0879e953db..23c68866e6 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md @@ -30,7 +30,9 @@ There are 2 possibilities here: ![image4](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/image4.webp) -**CAUTION:** Please ask your administrator if you are not sure which login details apply to you! +:::warning +Ask your administrator if you aren't sure which login details apply to you. +::: #### Change to the web view of the Basic view @@ -41,12 +43,12 @@ As soon as the login was successful, you are now either: or - in the Web Application. To switch from the Web Application to the Basic view web view, you have to - click on your profile name. There you will be offered the option **"Switch to the Basic view"**. + click your profile name. There you are offered the option **"Switch to the Basic view"**. ![switch to lightclient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/switch-to-lc-wc-en.webp) The Basic view web view is in no way inferior to the Basic view. The same functions are given except -for the download of the favicons (icon, symbol or logo used by web browsers to mark a website in a +for the download of the favicons (icon, symbol, or logo used by web browsers to mark a website in a recognizable way). ![LightClient in WebClient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/wc-lc-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/basicview/tab_system.md b/docs/passwordsecure/9.2/configuration/basicview/tab_system.md index 142059e7fd..f9ea413ae1 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/tab_system.md +++ b/docs/passwordsecure/9.2/configuration/basicview/tab_system.md @@ -6,9 +6,9 @@ sidebar_position: 50 # Tab system -## What is the tab system? +## Tab system overview -The tab system helps to structure the passwords in order to manage and find them more easily. For +The tab system helps to structure the passwords to manage and find them. For this purpose, several tabs can be created and switched between them with a click. ![tabs LightClient](/images/passwordsecure/9.2/configuration/basic_view/tab_system/tabs-lc-en.webp) @@ -34,7 +34,7 @@ The public tabs can be shown and hidden as needed. The X closes the current tab. ![close tab](/images/passwordsecure/9.2/configuration/basic_view/tab_system/close-tab-en.webp) -A public tab can be displayed again with a simple click on the +. +A public tab can be displayed again with a simple click the +. ![select organisational unit](/images/passwordsecure/9.2/configuration/basic_view/tab_system/select-ou-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md index ddbeb82e9d..83f43cd307 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md +++ b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -42,10 +42,10 @@ required: Text, user name, password, URL. DefaultFormImpossiblePlausibility -When creating a password for an application, there is a field which is not displayed. Therefore, the +When creating a password for an application, there is a field which isn't displayed. Therefore, the plausibility in fields should be checked. NoValidOrganisation Is only relevant for the web view of the Basic view. It is activated if you want to create a -password using the add-on and the user does not have an OU in which to create it. +password using the add-on and the user doesn't have an OU in which to create it. diff --git a/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md index 37e8a2929a..43c6704990 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md +++ b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -8,12 +8,14 @@ sidebar_position: 10 ## Conditions for using the Basic view -The Basic view allows end users to easily manage their passwords in Netwrix Password Secure without -any training or prior knowledge. In order to ensure proper operation, the administration has to make +The Basic view allows end users to manage their passwords in Netwrix Password Secure without +any training or prior knowledge. To ensure proper operation, the administration has to make a few preparations first. This will be further discussed in the following. -NOTE: To make the Basic view transition as easy and smooth as possible for the user, the +:::note +To make the Basic view transition as easy and smooth as possible for the user, the administration can orient towards this checklist. +::: #### Relevant rights and settings @@ -43,14 +45,14 @@ There are several ways to provide/create passwords in the Basic view. #### Predefined passwords Predefined passwords have already been created on the FullClient. Basic view users must at least -obtain the right to read a record in order to use the password. +obtain the right to read a record to use the password. ![installation_with_parameters_154](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_154.webp) #### Creating passwords via applications -In order to use applications on the Basic view, the administration must first create them on the -FullClient. By clicking on the application, the end user can easily generate secure passwords. To be +To use applications on the Basic view, the administration must first create them on the +FullClient. By clicking on the application, the end user can generate secure passwords. To be able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter @@ -60,7 +62,7 @@ Further information on this topic can be found in the chapter #### Creating passwords via applications without applications -Please consider the following rights and settings so that Basic view users can create new passwords. +Consider the following rights and settings so that Basic view users can create new passwords. User rights: diff --git a/docs/passwordsecure/9.2/configuration/basicview/view.md b/docs/passwordsecure/9.2/configuration/basicview/view.md index 767a5adf8d..32ec4d2933 100644 --- a/docs/passwordsecure/9.2/configuration/basicview/view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/view.md @@ -10,7 +10,7 @@ sidebar_position: 40 The Basic view interface is arranged in tiles. If a logo/icon has been stored for a password in the image management, this can optionally be displayed with the associated data record. If the logo of -the password is not available, a reduced Outlook view is displayed. +the password isn't available, a reduced Outlook view is displayed. 1. view of a Basic view button with stored logo @@ -24,7 +24,7 @@ the password is not available, a reduced Outlook view is displayed. ![sql-server-log](/images/passwordsecure/9.2/configuration/basic_view/view/sql-server-log.webp) -Click on the tile to open the application. +Click the tile to open the application. ![SSO LightClient](/images/passwordsecure/9.2/configuration/basic_view/view/sso-lc-en.webp) @@ -45,20 +45,22 @@ When you click the button, the following options become visible: - -Edit (The selected record can be edited.) - Move (The selected record can be moved to another organisational unit) - Move to bin (the selected record can be deleted.) -- -Copy username (the username of the selected record will be copied to the clipboard). -- -Copy password (the password of the selected record will be copied to the clipboard). -- Typing assistance (Use this view to easily type out passwords) -- -Refresh (The record will be updated.) +- -Copy username (the username of the selected record is copied to the clipboard). +- -Copy password (the password of the selected record is copied to the clipboard). +- Typing assistance (Use this view to type out passwords) +- -Refresh (The record is updated.) -You can only perform the above operations if you are sufficiently authorized. Please point this out -to your in-house administrator if this is not the case for you. +You can only perform the above operations if you are sufficiently authorized. Point this out +to your in-house administrator if this isn't the case for you. -**CAUTION:** You can only execute the mentioned operations if you are sufficiently authorized. -Please point this out to your in-house administrator if this is not the case for you. +:::warning +You can only execute the mentioned operations if you are sufficiently authorized. +Point this out to your in-house administrator if this isn't the case for you. +::: ## Image management Usually, the setup of logos/icons in the i**mage management** is done by the in-house -administration. You can learn more about this in the FullClient +administration. See the FullClient [Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md index 3a25c23cf1..e034ae4242 100644 --- a/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md @@ -1,63 +1,65 @@ --- -title: "Applications" -description: "Applications" -sidebar_position: 10 +Title: "Applications" +Description: "Applications" +Sidebar_position: 10 --- # Applications -## What are applications? +## Applications overview Data can be entered on many websites without further configuration. The website is scanned in order -to find data entry fields in which the user name and password can then be entered. No further steps -are thus necessary. For websites where data cannot be entered directly, it is necessary to create an -application manually. These applications correspond to working guidelines that precisely define -which information should be entered into which target field. The full script that describes the -assignment is called an “**application**”. +To find data entry fields in which the user name and password can then be entered. No further steps +Are thus necessary. For websites where data can't be entered directly, you must create an +Application manually. These applications correspond to working guidelines that precisely define +Which information should be entered into which target field. The full script that describes the +Assignment is called an “**application**”. ![registration with and without application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_142-en.webp) The diagram starts with the user navigating to a website. The application server is then checked to -see whether a record has been saved for this website for which the currently registered user also -has the required permissions. If this is the case, the information required for the login is sent to -the Browser Extension in encrypted form. The password is only decrypted in the add- on shortly -before it is entered. There are two ways in which the information is entered: **Data entry without -application** and **Data entry with application**. +See whether a record has been saved for this website for which the registered user also +Has the required permissions. If this is the case, the information required for the login is sent to +The Browser Extension in encrypted form. The password is only decrypted in the add- on shortly +Before it is entered. There are two ways in which the information is entered: **Data entry without +Application** and **Data entry with application**. Data entry without application The data entry without application process is sufficient for most websites because the fields can be -directly assigned (mapping). The system checks in the background whether a login mask has been found -for any websites visited. The URL is now used to check if there are any records in the linked -websites that would fit the page. It is only necessary for the hostname including the domain suffix, -such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted -to the first user name field that can be found on the page. The password is also entered into the -first password field found on the page. If automatic login has been activated in the settings, this -is also carried out by clicking the login button. +Directly assigned (mapping). The system checks in the background whether a login mask has been found +For any websites visited. The URL is now used to check if there are any records in the linked +Websites that would fit the page. It is only necessary for the hostname including the domain suffix, +Such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted +To the first user name field that can be found on the page. The password is also entered into the +First password field found on the page. If automatic login has been activated in the settings, this +Is also performed by clicking the login button. #### Data entry with application -It is not possible to automatically recognise the fields that must be filled on some websites. An -application needs to be created in these cases. If more than two fields need to be transferred, it -is also necessary to create an application. In this context, “application” means instructions that -are used to enter information into the fields. It thus assigns fields in the record to the -associated fields on the website. This mapping process only needs to be configured once. The -applications is responsible for entering data in the fields on the website from then on. In the -following example, the data entry process is carried out from the client. Naturally, this is also -possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. +It isn't possible to automatically recognise the fields that must be filled on some websites. An +Application needs to be created in these cases. If more than two fields need to be transferred, it +Is also necessary to create an application. In this context, “application” means instructions that +Are used to enter information into the fields. It thus assigns fields in the record to the +Associated fields on the website. This mapping process only needs to be configured once. The +Applications is responsible for entering data in the fields on the website from then on. In the +Following example, the data entry process is performed from the client. This is also +Possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) The URL is checked to see whether the record matches the web page. It is only necessary for the -hostname including the domain suffix (“.de” or “.com”) to match. +Hostname including the domain suffix (“.de” or “.com”) to match. ## Creating applications -**CAUTION:** The user right Can add new web applications is required in order to create applications +:::warning +The user right Can add new web applications is required to create applications +::: -If the login mask on a website cannot be automatically completed, it is necessary to manually create -an application. To create an application, the desired website is first called up. The add-on is then -started via the relevant icon. The menu item “Create application\* can be found here +If the login mask on a website can't be automatically completed, you must manually create +An application. To create an application, the desired website is first opened. The add-on is then +Started via the relevant icon. The menu item “Create application\* can be found here ![create application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_144-en.webp) @@ -67,22 +69,22 @@ A modal window now opens. The actual application is now created here. The following options are available: -- **Advanced options** allows you to define a delay separately for each field when entering the - data. This is sensible when the process of entering the data would otherwise not run smoothly on - sluggish websites. -- The **Move** setting can be used to change the position of the modal window if it covers the login - window +- **Advanced options** lets you define a delay separately for each field when entering the + Data. This is sensible when the process of entering the data would otherwise not run smoothly on + Sluggish websites. +- The **Move** setting lets you change the position of the modal window if it covers the login + Window -To capture, click on the first field to be filled on the website. It will be directly added to the -list in the modal window. For better identification, fields that belong together are marked in -colour. +To capture, click the first field to be filled on the website. It will be directly added to the +List in the modal window. For better identification, fields that belong together are marked in +Colour. ![choosed application field](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_146-en.webp) The field type (e.g. INPUT) and the field label are displayed in the field itself. In addition, an -action is proposed which fits the field type, such as e.g. entering the user name. The action can -naturally be adjusted if required. Once all fields have been captured, the system checks whether the -actions are correct. Finally, the application can be saved. +Action is proposed which fits the field type, such as e.g. entering the user name. The action can +Be adjusted if required. Once all fields have been captured, the system checks whether the +Actions are correct. Finally, the application can be saved. ![example for a application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_147-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md b/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md index 933e5b0da3..7c298be392 100644 --- a/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md @@ -10,10 +10,10 @@ Passwords can also be used in the browser using the browser add-on. You can sear the add-on, transfer them to the clipboard or enter them in the input mask of the website automatically. The automatic login may require applications. -In order to provide the data, the add-on needs a connection to the database. This can be set up +To provide the data, the add-on needs a connection to the database. This can be set up directly in server mode. -Currently, add-ons are available for the following browsers: +, add-ons are available for the following browsers: - Microsoft Edge - Google Chrome @@ -24,13 +24,13 @@ Currently, add-ons are available for the following browsers: ## Installation -Please find more information about the installation on: Installation Browser Add-ons +Find more information about the installation on: Installation Browser Add-ons ## Connection via server mode -If the installation of the browser extension has been carried out, the user can now open the desired +If the installation of the browser extension has been performed, the user can now open the desired browser. A window appears in which the security of the connection is confirmed. Pairing is performed -with a simple click. A new icon will also be displayed in the desired browser from this point +with a simple click. A new icon is also displayed in the desired browser from this point onwards: ![Icon Add-on](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-icon-en.webp) @@ -43,7 +43,7 @@ The server mode must know which database profile it is connected to. There are t up a database profile: First, the database profile can be created manually. Therefore, he following information is -required: IP address, Web Application URL and database name. Please note that /api is appended to +required: IP address, Web Application URL and database name. /api is appended to the end of the IP address. ![database profil](/images/passwordsecure/9.2/configuration/browseradd-ons/manual-database-profile-en.webp) @@ -61,8 +61,10 @@ The server mode offers the following advantages: - No terminal service is required in terminal server operation -**CAUTION:** Please note that SSO applications only work via Autofill Add-on. If you are in server -mode and the Autofill Add-on has not been started, SSO applications do not work! +:::warning +SSO applications only work via Autofill Add-on. If you are in server +mode and the Autofill Add-on has not been started, SSO applications don't work. +::: After successful connection, the number of data records available for the current Internet page is displayed on the icon. @@ -72,7 +74,7 @@ displayed on the icon. ## Settings All settings that relate to the add-on are made centrally on the client. The user settings system -can be used to enter them globally per organisational unit or per user. The following options have a +lets you enter them globally per organisational unit or per user. The following options have a direct impact on the add-ons and can be found in the SSO category: - Browser add-ons: Automatically send login masks ensures that the login is automatically completed @@ -84,13 +86,17 @@ direct impact on the add-ons and can be found in the SSO category: The default browser option also has an impact on the add-ons. This setting defines the browser in which the websites are opened from the client. -NOTE: It is important to note that the login mask for records with password masking will be ”sent +:::note +The login mask for records with password masking is “sent automatically\*, even if the setting Browser add-ons: Automatically send login masks has been deactivated. +::: ## Working with add-ons -NOTE: A record can only be used for entering data if it has a form field of type "URL". +:::note +A record can only be used for entering data if it has a form field of type "URL". +::: The subscript number mentioned in the previous section is only available with active logins and therefore already says a lot about the “Number of possible entries”. For example, if the number “2” @@ -104,21 +110,21 @@ Secure – as described in the following section. ## Search and navigation -It is currently assumed that the user has to navigate manually to the website on which they want to -automatically enter login data. This way of working is possible but is not convenient enough. The -add-on can be used in a similar way to bookmarks. The search field can be used to search for the +It is assumed that the user has to navigate manually to the website on which they want to +automatically enter login data. This way of working is possible but isn't convenient enough. The +add-on can be used in a similar way to bookmarks. The search field lets you search for the record in the database. The prerequisite is again that the record contains a URL. ![Record usage](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-records-usage-en.webp) The screenshot shows that the URL and the name of the record (Wikipedia) are searched. The results for the search are displayed and can be selected using the arrow buttons or the mouse. The selected -website will be opened in a separate tab. +website opens in a separate tab. ## Several passwords for one website If a user opens a page and multiple passwords with the autofill function are possible for this -website, no entries will be made unlike in older versions. Instead, the following message appears in +website, no entries are made unlike in older versions. Instead, the following message appears in a pop-up: ![Multiple entries](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-multiple-passwords-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md b/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md index 076a3fcd74..a1fdf19d7c 100644 --- a/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md @@ -8,7 +8,9 @@ sidebar_position: 20 This chapter describes how to store passwords via add-on. -**CAUTION:** You can only save passwords in server mode! +:::warning +You can only save passwords in server mode. +::: ## New access data @@ -18,7 +20,7 @@ automatically asked whether they should be created. ![new password detected](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/addon-create-password-en.webp) -By confirming, you will be directly forwarded to the Web Application and registered there. If there +By confirming, you are directly forwarded to the Web Application and registered there. If there are less fields in the deposited or selected form than in the login mask, the missing fields are automatically created as web form fields by default. @@ -33,9 +35,9 @@ already known dataset. ![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_151-en.webp) -- **Save password**: The password will be exchanged without opening the Web Application. +- **Save password**: The password is exchanged without opening the Web Application. - **check changes**: The Web Application is opened and you are logged in. The previous password has - been replaced by the new one. However, the storage must be carried out manually. + been replaced by the new one. However, the storage must be performed manually. ![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_152-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md index 1bc304c41e..8aa0072a3a 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md @@ -17,7 +17,7 @@ Netwrix Password Secure App must be enabled. #### Autofill The login data is entered as soon as the app finds a corresponding mask on a web page or in an app. -In some masks the process starts automatically, in others it is necessary to type in the first +In some masks the process starts automatically, in others you must type in the first field. There are two possible scenarios. @@ -29,19 +29,21 @@ There are two possible scenarios. No password found -If no password is found that matches the app or the website called up, the desired password must +If no password is found that matches the app or the website opened, the desired password must first be selected. Exactly one password found -If there is a data set that contains exactly the URL that is called up, the corresponding password -can be suggested. A simple click on the password is then sufficient to pass the data to the website +If there is a data set that contains exactly the URL that is opened, the corresponding password +can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Multiple passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate on the app before +:::note +Depending on the current state, it may be necessary to authenticate on the app before selecting or confirming the password to be entered. The database then has to be unlocked via the password or Touch ID first. +::: diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md index bf098c6a41..141b511da1 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -12,8 +12,8 @@ screens. This works both with websites in the browser and with other apps. #### Requirements -In order to ensure automatic registration, a few prerequisites must be met. First of all, the -automatic registration must be set up in the settings. If the **iOS keychain** is not needed, it +To ensure automatic registration, a few prerequisites must be met. First of all, the +automatic registration must be set up in the settings. If the **iOS keychain** isn't needed, it should be deactivated. This makes handling a bit easier. Finally, a database connection must exist and access to passwords must be possible. @@ -29,11 +29,11 @@ Dialog Depending on the configuration and scenario, the dialog for entry can have different characteristics: -- First, one or more passwords are displayed that match the current page or app. These can be +- First, one, or more passwords are displayed that match the current page or app. These can be selected and entered with a click. - It is also possible to open the dialog for selecting a password. If no password is found, this dialog is displayed directly. -- Finally, the iOS keychain can also be opened. If this function is not needed, it can be +- Finally, the iOS keychain can also be opened. If this function isn't needed, it can be deactivated. The corresponding option will then no longer be offered. No password found @@ -43,14 +43,16 @@ selected. Exact password found -If there is a data record that contains exactly the URL that is called up, the corresponding -password can be suggested. A simple click on the password is then sufficient to pass the data to the +If there is a data record that contains exactly the URL that is opened, the corresponding +password can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Several passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate to the app before +:::note +Depending on the current state, it may be necessary to authenticate to the app before selecting or confirming of the password to be entered. The database then has to be unlocked via the password, Touch ID or Face ID. +::: diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md index 3f7642b534..40cec74784 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md @@ -6,22 +6,22 @@ sidebar_position: 70 # Mobile devices -## The new Netwrix Password Secure Mobile App – mobile and simple! +## The Netwrix Password Secure Mobile App -With version 8.10 we have created the perfect complement to the client: **The Netwrix Password -Secure Mobile App!** +With version 8.10, Netwrix introduced the Netwrix Password Secure Mobile App as a complement to the client. -With its **convenient** interface, the Netwrix Password Secure Mobile App offers the perfect -prerequisite for every user to find their way around **quickly** and **easily**. +The Netwrix Password Secure Mobile App provides a streamlined interface for managing passwords on mobile devices. For detailed documentation of the **Netwrix Password Secure Mobile App** -NOTE: Please note that as of version 8.10.0, the previous version 7 App is no longer compatible. +:::note +As of version 8.10.0, the previous version 7 App is no longer compatible. +::: -#### Security is our ambition +#### Security is the ambition No matter whether you work with a smartphone or a tablet, you benefit from the highest possible -security on all iOS and Android devices. All passwords are not only available on the mobile device, +security on all iOS and Android devices. All passwords aren't only available on the mobile device, but can also be automatically transferred to websites. So you can use highly complex and therefore secure passwords and don’t have to remember them anymore. The Netwrix Password Secure Mobile App thus combines security and convenience. In addition, the use of a local database ensures that @@ -34,7 +34,7 @@ more extensive and detailed in the specially created **documentation**. ### Password management -The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can not only be +The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can't only be stored securely but also structured conveniently. ### SSO diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md b/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md index 05bafbdea5..238e831fc3 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md @@ -17,7 +17,7 @@ usually used by more than one user. Prerequisites -The following prerequisites must be met in order to create new global passwords: +The following prerequisites must be met to create new global passwords: - User right **Can create new passwords** - **Add right** to the corresponding organizational unit @@ -37,8 +37,8 @@ The following user rights are required to create personal passwords: #### Create passwords -When creating a new record, it is necessary to know whether it is a personal or a global password. -Because according to this criterion you should select the appropriate tab and click on the + located +When creating a new record, you must know whether it is a personal or a global password. +Because according to this criterion you should select the appropriate tab and click the + located in the upper right corner. ![create new password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/create-new-password-ma-en.webp) @@ -47,18 +47,18 @@ After that, select the required **form**. ![select form](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/select-form-ma-en.webp) -Then, once you have filled in all the relevant information of the selected form, one click on +Then, after you have filled in all the relevant information of the selected form, one click **Save** is enough to create the password. ![new entry MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-en.webp) #### Editing passwords -To edit a password, click on the corresponding password and select the pencil icon. +To edit a password, click the corresponding password and select the pencil icon. ![editing password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-2-en.webp) -As soon as you click on the pencil icon again in the new window, in the so-called read-only view, +As soon as you click the pencil icon again in the new window, in the so-called read-only view, you can edit all existing fields. ![edit passwordfield MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-passwordfield-ma-en.webp) @@ -67,7 +67,7 @@ you can edit all existing fields. #### Delete -Passwords can currently only be deleted via the Full- or Web Application. +Passwords can only be deleted via the Full- or Web Application. #### Tags @@ -77,7 +77,7 @@ Tags can be added or removed both when creating and editing a password. It is also possible to create a completely new tag. -This is possible by searching in the tag selection in the search field for a tag that does not +This is possible by searching in the tag selection in the search field for a tag that doesn't already exist. You will then be offered the option of creating this previously non-existent tag. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md b/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md index 2267b13359..02df5170b4 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Security -#### Your security is our ambition +#### Your security is the ambition Security is a top priority for Netwrix Password Secure - right from the conception stage, it sets the course for all further developments. Of course, security was also taken into account during the development of the Netwrix Password Secure app and the latest technologies were used. The following -encryption techniques and algorithms are currently used: +encryption techniques and algorithms are used: Global @@ -20,7 +20,7 @@ Global - End to end encrypted (like all Netwrix Password Secure App Clients) - No direct connection to Netwrix Password Secure Server required. Connection is via web server. - MDM (Mobile Device Management) support -- Passwords can be used offline when server access is not available +- Passwords can be used offline when server access isn't available - Fast incremental data synchronization - Easy connection between Netwrix Password Secure Mobile Apps and the server via QR code - Easy navigation between private and shared passwords @@ -32,7 +32,7 @@ Global iOS -- Full support of FaceID and TouchID for passwordless login to the Netwrix Password Secure Mobile +- Full support of FaceID and TouchID for passwordless log in to the Netwrix Password Secure Mobile app. - Password AutoFill support. Passwords are automatically entered in other apps and Safari. (No copy/paste or typing) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md index 3434337653..84e211a71f 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md @@ -16,7 +16,7 @@ via the three dots at the very top left of the screen. These will be briefly exp Hide personal tab -In some use cases personal passwords are not needed on the mobile device. If this is the case you +In some use cases personal passwords aren't needed on the mobile device. If this is the case you can hide the tab with the personal passwords. Show all passwords in search tab @@ -44,13 +44,15 @@ How to synchronize with the main database is configured here. The following opti - **Any type of connection:** as long as there is a connection, synchronization will take place. No matter if it is a WLAN connection or a connection via the mobile network. - **Only for WLAN connection:** Synchronization only takes place if there is a connection via WLAN. -- **Disabled:** It is not synchronized +- **Disabled:** It isn't synchronized -NOTE: Costs may be incurred for synchronization via the mobile network! +:::note +Costs may be incurred for synchronization via the mobile network. +::: Synchronize now -Starts the synchronization. This can also be started outside the settings at any time by simply +Starts the synchronization. You can also start this outside the settings at any time by swiping down. More information can also be found in the chapter [Synchronization](/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md). diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md index ec2263d832..dacd2cdef1 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Linking the database -First, an existing database must be linked to the Netwrix Password Secure app in order to finally +First, an existing database must be linked to the Netwrix Password Secure app to finally synchronize the data. During linking, an encrypted database is created on the mobile device, which provides the data even without a network connection. @@ -14,9 +14,9 @@ There are two ways to create a link. #### Manual linking -If the database is to be linked manually, the dialog for creating the link is first called up via +If the database is to be linked manually, the dialog for creating the link is first opened via the + in the top right-hand corner. Here the address of the Web Application is entered and confirmed -with a click on Connect. +with a click Connect. ![Create link](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/create-link-ma-en.webp) @@ -39,8 +39,7 @@ find the corresponding QR code in the Backstage under Account: ![QR-code](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/link-via-qr-code-en.webp) -Then click on the button for the QR code in the app. In the following dialog, the QR code is simply -photographed from the monitor. The mobile database is now created directly in the background and +Then click the button for the QR code in the app. In the following dialog, photograph the QR code from the monitor. The mobile database is now created directly in the background and linked to the database on the server. In the next step, you can give the database profile a meaningful name and log in directly: @@ -48,10 +47,10 @@ meaningful name and log in directly: LightUser -Using the Light view, the user must click on their user account and click on the **Account** option +Using the Light view, the user must click their user account and click the **Account** option ![Account LightClient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-2-en.webp) -This will open a window where you can use the QR code to scan the database. +This opens a window where you can use the QR code to scan the database. ![QR code lightclient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-3-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md index 58f2a534f1..80cc32251e 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Setting up autofill -The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. +The most important comfort feature of the Netwrix Password Secure App is the autofill, i.e. the possibility to enter access data directly into the input mask. The autofill must first be set up or configured. @@ -16,7 +16,7 @@ In the settings, first select the item Passwords & Accounts and then Automatical as Auto-fill is activated, all options for filling in login windows are offered. Here one then selects Netwrix Password Secure. -RECOMMENDED: We recommend deactivating the **keychain (iOS)** as well as any other apps offered to +RECOMMENDED: Netwrix recommendsdeactivating the **keychain (iOS)** as well as any other apps offered to prevent misunderstandings in usage. ![password options](/images/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/password-options-en.webp) @@ -29,5 +29,5 @@ app is activated. In addition, you must define in the settings under Show via other apps that Netwrix Password Secure may be shown via other apps. -RECOMMENDED: We recommend to use only Netwrix Password Secure for automatic registration and to +RECOMMENDED: Netwrix recommendsto use only Netwrix Password Secure for automatic registration and to deactivate all other apps here. This prevents possible misunderstandings in the operation. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md index 4fd773198b..a34e3d261b 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md @@ -12,13 +12,13 @@ automatically synchronized in the background. Synchronization logic -First of all, it is important to note how the synchronization has been configured in the +First of all, note how the synchronization has been configured in the [Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This is done via https port 443, which must be enabled on -the server side. Once the prerequisites have been met, there are the following triggers for +the server side. After the prerequisites have been met, there are the following triggers for synchronization: -- A login to the app takes place +- A log in to the app takes place - Swipe down in the app - The synchronization is started in the settings of the app. - A data record is changed in one of the two databases diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md b/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md index c805f54acd..14f70109bd 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Tabs -Once you have successfully logged in, you will find yourself in the view where all the user's +After you have successfully logged in, you will find yourself in the view where all the user's passwords are located. ![all passwords in mobile app](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/all-passwords-ma-en.webp) @@ -15,7 +15,7 @@ Here you have the following options: Action menu -With a click on +With a click ![three-points-en](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/three-points-en.webp) the action menu is opened. diff --git a/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md index 2651eb7b73..7f09700c94 100644 --- a/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md @@ -1,57 +1,57 @@ --- -title: "Offline Add-on" -description: "Offline Add-on" -sidebar_position: 90 +Title: "Offline Add-on" +Description: "Offline Add-on" +Sidebar_position: 90 --- # Offline Add-on -## What is the Offline Add-on? +## Offline Add-on overview -The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure -server. If the corresponding setting has been configured +The Offline Add-on lets you work without an active connection to the Netwrix Password Secure +Server. If the corresponding setting has been configured ([Setup and sync](/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be -automatically synchronized according to freely definable cycles. This ensures that you can always -use a (relatively) up-to-date version of the database offline. +Automatically synchronized according to freely definable cycles. This ensures that you can always +Use a (relatively) up-to-date version of the database offline. Facts - “Microsoft SqlServer Compact 4.0.8876.1” is used for creating offline databases - The database is encrypted using AES-128 or SHA-256. A so-called “platform default” is used for - this purpose + This purpose - In addition, RSA encryption processes are used -- More on this subject…::https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx +- For more details, see the [Microsoft SQL Server Compact documentation](https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx) #### Installation The Offline Add-on is automatically installed together with the main client. No database profiles -need to be created – this task is performed by the client during the initial synchronization, -together with the creation of the offline database. +Need to be created – this task is performed by the client during the initial synchronization, +Together with the creation of the offline database. #### Operation Operation of the Offline Add-on is generally based on the [Operation and setup](/docs/passwordsecure/9.2/configuration/servermanager/operation_and_setup_admin_client.md). Since the Offline Add-on only has a limited range of functions, the following must be taken into -account with regards to its operation: +Account with regards to its operation: - There is no dashboard - Only the password module is available -- The filter is not available. Records are found using the +- The filter isn't available. Records are found using the [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on ![Offline Client](/images/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) -#### What data is synchronised? +#### Synchronised data [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) -enhance the security concept in Netwrix Password Secure to include a double-check principle that can -be defined in fine detail. This means that releases for protected information are linked to the -positive authentication of one or more users. Naturally, it is not possible to issue these releases -when the server is not connected. For this reason, sealed records are not synchronized and thus do -not form part of offline databases. +Enhance the security concept in Netwrix Password Secure to include a double-check principle that can +Be defined in fine detail. This means that releases for protected information are linked to the +Positive authentication of one or more users. It isn't possible to issue these releases +When the server isn't connected. For this reason, sealed records aren't synchronized and thus do +Not form part of offline databases. Otherwise, all records for which the user has the **export right** are synchronised. diff --git a/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md index 33ec963f61..8f7207d8e6 100644 --- a/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md +++ b/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md @@ -8,15 +8,15 @@ sidebar_position: 10 ## Setting up the offline database -It is important to ensure that the right requirements have been met before setting up the Offline +Ensure that the right requirements have been met before setting up the Offline Add-on. The following configurations need to be defined in both the Server Manager and also the user rights/user settings. Requirements To set up offline databases, this option must be activated in the Server Manager first. This process -is carried out separately for each database in the database view in the Server Manager in the -“General settings” (right click on the database). This is also possible to do when the database is +is performed separately for each database in the database view in the Server Manager in the +“General settings” (right click the database). This is also possible to do when the database is initially created. ![Properties](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) @@ -34,21 +34,23 @@ server connection can be defined in the user rights. Creating an offline database -The synchronization with the offline database can generally be carried out automatically. However, -**the first synchronization must be carried out manually**. The synchronization is started via the +The synchronization with the offline database can generally run automatically. However, +**the first synchronization must be performed manually**. The synchronization is started via the Main menu/Account. ![account-en](/images/passwordsecure/9.2/configuration/offlineclient/setup/account-en.webp) -NOTE: The offline databases are stored locally under the following path: %appdata%\MATESO\Password +:::note +The offline databases are stored locally under the following path: %appdata%\MATESO\Password Safe and Repository Client\OfflineDB +::: An offline database must be created per user and client for each online database. This makes it possible to use several offline databases with an Offline Add-on. #### Synchronization -In order to keep the data always consistent, the offline database must be synchronized regularly. +To keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is @@ -74,13 +76,13 @@ As soon as the synchronization is completed, this is indicated by a hint. Offline mode can be configured and personalized using the four settings mentioned: - **Offline synchronization after saving a record**: The synchronization of the offline database is - completed directly after saving a record. It is important to note that this only applies to those - records that are saved by the user who is logged in. Changes made by another user do not trigger - any synchronization! + completed directly after saving a record. This only applies to those + records that are saved by the user who is logged in. Changes made by another user don't trigger + any synchronization. - **Offline synchronization after login:** If this option is active, the offline database is synchronized after each restart of the client. - **Automatic synchronization after an interval**: This setting is used to define the interval at - which a synchronization of the offline database will be periodically carried out. The default + which a synchronization of the offline database will periodically run. The default value is 30 minutes. - **Path where the offline database should be saved**: If this field is left empty, the system default is used. Otherwise, the storage location for the offline database can be entered directly. diff --git a/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md b/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md index cb4280abb6..e1d3da9497 100644 --- a/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md +++ b/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md @@ -10,9 +10,11 @@ Overview: The login authentication process was enhanced to offer a more dynamic experience. This update introduces a new method of authentication, effective for servers from version 8.12 onward. -**CAUTION:** Important Update: Starting from server version 9.0, the previous login method will no +:::warning +Important Update: Starting from server version 9.0, the previous login method will no longer be functional. Users must adopt the new authentication approach provided in the API to continue accessing the services. +::: #### Why the change was done @@ -39,11 +41,13 @@ Transition details: older than 8.12 are no longer operational with the API. If you're using such an old version, use the old API. -**CAUTION:** Action Required: Ensure that your server version is 8.12 or later to implement the new +:::warning +Action Required: Ensure that your server version is 8.12 or later to implement the new authentication method and access the services. Update your integration with the API to incorporate the revised login interface and maintain uninterrupted service access. +::: -Below are code examples for the previous and updated authentication methods. +The following code examples show the previous and updated authentication methods. #### C# diff --git a/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md b/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md index a95dcf50cc..e6793482b2 100644 --- a/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md +++ b/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md @@ -6,8 +6,8 @@ sidebar_position: 80 # SDK / API -API: This interface can be used to "address Netwrix Password Secure externally" in order to, for -example, read data for other programs. The API can only be accessed via our wrappers (SDK) using C# +API: This interface lets you "address Netwrix Password Secure externally" to, for +example, read data for other programs. The API can only be accessed via the wrappers (SDK) using C# and JavaScript. In the JavaScript version of the API, all enums can be found under the global object "PsrApiEnums". @@ -26,9 +26,9 @@ Server, i.e. `app-server01:11016`, must be used directly. ## Login -If you do not log in to the system in advance, it is not possible to use the API. The first +If you don't log in to the system in advance, it isn't possible to use the API. The first parameter for the login method is the desired database, followed by the user name and password. It -is important to note that all methods for running the API that initiate a server call are +is important to all methods for running the API that initiate a server call are implemented asynchronously. “Task” objects are returned in C# and “Promise” objects are returned in JavaScript. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md b/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md index 7b9ed245bc..509a2a98b6 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Basic configuration -## What is basic configuration? +## Basic configuration overview Within the basic configuration, the connection to the SQL server or to the databases is defined. The -basic configuration appears the first time the Server Manager is started and can be called up at any +basic configuration appears the first time the Server Manager is started and can be opened at any time in the basic configuration. ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_188-en.webp) @@ -22,10 +22,10 @@ A special wizard is available to carry out the configuration: #### Service address -The service address of the SQL server can be selected via the drop-down menu. It is mandatory to +The service address of the SQL server can be selected via the dropdown menu. It is mandatory to select the adapter via which the Server Manager can also access the SQL server. -The loopback address 127.0.0.1 should not be used here. +The loopback address 127.0.0.1 shouldn't be used here. #### Service user @@ -33,8 +33,10 @@ Service user This setting is used to define the service user, which is needed to service as well as the backup service. The “Use local system” setting starts the services with the local system account. -**CAUTION:** The defined service user **needs local administrator** rights to properly configure the +:::warning +The defined service user **needs local administrator** rights to properly configure the server and create databases. +::: #### SQL configuration instance @@ -43,12 +45,14 @@ simplicity, you can copy the server name from the login window of the SQL server ![installation_with_parameters_190](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_190.webp) -If the option “Service user” is selected, enter the user that logs on to the SQL Server. Please note +If the option “Service user” is selected, enter the user that logs on to the SQL Server. that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are sufficient if the database is created manually on the SQL server and is only accessed here. Enter the name of the configuration database under “Database”. -NOTE: Refer to the system requirements for server section for more information about the users. +:::note +Refer to the system requirements for server section for details on required user permissions. +::: #### Expert mode @@ -68,8 +72,10 @@ The SSL connection certificate can also be configured under this item to protect connection. By default, a certificate is generated by the Server Manager. However, you can also choose your own. Further information can be found directly in the section provided for this purpose. -**CAUTION:** Exchanging or overwriting an existing certificate may cause warnings to the clients if -the certificate is not trusted by each client. +:::warning +Exchanging or overwriting an existing certificate may cause warnings to the clients if +the certificate isn't trusted by each client. +::: Allow host mode @@ -84,5 +90,7 @@ the database on the SQL server here. The following is cached: - The structure of the organisational units - All settings -NOTE: If this option is changed, the server needs to be restarted so that the change can take +:::note +If this option is changed, the server needs to be restarted so that the change can take effect. +::: diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md index 24ca42dde1..bdb0907b1c 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md @@ -10,7 +10,7 @@ Various different certificates are used to guarantee the security of Netwrix Pas certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important that they are carefully backed up. -## What certificates are used? +## Certificates in use The individual certificates are described in the following sections: @@ -20,7 +20,7 @@ The individual certificates are described in the following sections: - [Discovery service certificates](/docs/passwordsecure/9.2/configuration/servermanager/certificates/discovery_service_certificates.md)s - [Password Reset certificates](/docs/passwordsecure/9.2/configuration/servermanager/certificates/password_reset_certificates.md) -## Calling up the certificate manager +## Opening the certificate manager There are two ways to open the certificate manager. The certificates for each specific database can be managed via the ribbon: @@ -32,27 +32,29 @@ In the **Main menu**, it is also possible to start the certificate manager for a ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) -NOTE: Operation of the certificate manager is always the same. The only difference is whether the +:::note +Operation of the certificate manager is always the same. The only difference is whether the certificates are displayed for each database or for all databases. +::: #### Checking existing certificates -After opening the certificate manager, all certificates specific to Netwrix Password Secure will be -displayed. Clicking on the certificate will display further information. +After opening the certificate manager, all certificates specific to Netwrix Password Secure are +displayed. Clicking on the certificate displays further information. ![installation_with_parameters_198](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_198.webp) -Double clicking on a certificate will open the Windows Certificate Manager to provide more detailed +Double clicking on a certificate opens the Windows Certificate Manager to provide more detailed information. ![installation_with_parameters_199_423x396](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_199_423x396.webp) #### Required certificates / deleting no longer required certificates -The overview will initially only display those certificates that are being used and are thus -required. Clicking on **All** will also display the no longer required certificates. For example, it +The overview initially displays only those certificates that are being used and are thus +required. Clicking on **All** also displays the no longer required certificates. For example, it is possible that outdated certificates exist on the machine due to a test installation. These -certificates can be easily deleted via the corresponding button in the ribbon. +certificates can be deleted via the corresponding button in the ribbon. ![certificates-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) @@ -63,22 +65,24 @@ This merely requires you to enter the desired .pfx file and its password. #### Exporting certificates -The relevant certificates will be backed up by clicking on export. A password firstly needs to be +The relevant certificates are backed up by clicking on export. A password firstly needs to be issued here. If a storage location has not yet been entered via the settings, you are firstly asked to enter it. -NOTE: SSL connection certificates are not included in this process and are also not backed up. These +:::note +SSL connection certificates aren't included in this process and are also not backed up. These certificates can be recreated if necessary. +::: #### Settings You can define whether every certificate should be saved to its own file in the **settings**. If -this option has not been activated, all relevant certificates will be backed up in one file. In +this option has not been activated, all relevant certificates are backed up in one file. In addition, the storage location is defined in the settings. ![installation_with_parameters_201_826x310](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_201_826x310.webp) #### Backing up certificates -If you want to automatically back up the certificates on a cyclical basis, this can be done via the +To automatically back up the certificates on a cyclical basis, use the backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/database_certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/database_certificates.md index a223534fb3..ca045528ad 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/database_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/database_certificates.md @@ -6,26 +6,32 @@ sidebar_position: 20 # Database certificates -## What is a database certificate? +## Database certificate overview A unique certificate is created for each database. This has the name **psrDatabaseKey**: ![installation_with_parameters_207](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_207.webp) -The database certificate **does not encrypt the database.** Rather, it is used for the encrypted +The database certificate **doesn't encrypt the database.** Rather, it is used for the encrypted transfer of passwords from the client to the server in the following cases: - Creation of a WebViewer via a task - Creation of an AD profile protected by a master key - Login of users imported from AD in Master Key mode -NOTE: The database certificate cannot be replaced by your own certificate. +:::note +The database certificate can't be replaced by your own certificate. +::: -NOTE: The expiry date for the database certificate is not checked. The certificate thus does not +:::note +The expiry date for the database certificate isn't checked. The certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that the certificate -is also transferred! +:::warning +If the database is being moved to another server, it is essential that the certificate +is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/discovery_service_certificates.md index 9feca83084..2a0dbc9dee 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/discovery_service_certificates.md @@ -6,19 +6,25 @@ sidebar_position: 40 # Discovery service certificates -## What is a discovery service certificate? +## Discovery service certificate overview If a discovery service is created, a corresponding certificate is also created: ![installation_with_parameters_202](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_202.webp) -NOTE: The discovery service certificate cannot be replaced by your own certificate. +:::note +The discovery service certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the discovery service have an expiry date. However, this is not checked. -The certificate thus does not need to be renewed. +:::note +The certificates for the discovery service have an expiry date. However, this isn't checked. +The certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is **essential that the discovery -service certificate is also transferred!** +:::warning +If the database is being moved to another server, it is **essential that the discovery +service certificate is also transferred.** +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/master_key_certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/master_key_certificates.md index 60718982c5..005c408244 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/master_key_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/master_key_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Master Key certificates -#### What is a Master Key certificate? +#### Master Key certificate overview If Active Directory is accessed via [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), @@ -16,13 +16,19 @@ Active Directory: Domain: ![installation_with_parameters_208](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_208.webp) -NOTE: The Master Key certificate cannot be replaced by your own certificate. +:::note +The Master Key certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for Master Key mode have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for Master Key mode have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that the Master Key -certificate is also transferred! +:::warning +If the database is being moved to another server, it is essential that the Master Key +certificate is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/nps_server_encryption_certificate.md index b9957af890..a244db7772 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/nps_server_encryption_certificate.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/nps_server_encryption_certificate.md @@ -14,4 +14,4 @@ be added automatically. This certificate is important if you will activate an offline license. In future there will be more features for which this certificate is relevant. -RECOMMENDED: **Please export this certificate separately!!!** +RECOMMENDED: **export this certificate separately.** diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/password_reset_certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/password_reset_certificates.md index a997ed8db0..d87e8db29c 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/password_reset_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Password Reset certificates -## What is a Netwrix Password Secure certificate? +## Netwrix Password Secure certificate overview If a [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, a corresponding certificate is created. This ensures that the passwords are transferred in encrypted @@ -14,13 +14,19 @@ form. ![password-reset](/images/passwordsecure/9.2/configuration/server_manager/certificates/password-reset.webp) -NOTE: The Password Reset certificate cannot be replaced by your own certificate. +:::note +The Password Reset certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the Password Reset have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for the Password Reset have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that all Password -Reset certificate is also transferred! +:::warning +If the database is being moved to another server, it is essential that all Password +Reset certificate is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.2/configuration/servermanager/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.2/configuration/servermanager/certificates/ssl_connection_certificates.md index b3b7cce087..5f031be5f6 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/certificates/ssl_connection_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 10 # SSL connection certificates -## What is an SSL connection certificate? +## SSL connection certificate overview The connection between clients and the server is secured via an SSL certificate. The **latest encryption standard TLS 1.2** is used here. It is also possible to create a certificate via the @@ -15,18 +15,22 @@ installed must trust the certificate. Otherwise, the following message will appear when the client is started: -**This connection is not trusted!** +**This connection isn't trusted!** -The connection to the server is not considered secure. +The connection to the server isn't considered secure. ![not_trusted_certificates](/images/passwordsecure/9.2/configuration/server_manager/certificates/not_trusted_certificates.webp) -NOTE: Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, +:::note +Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, and has been extended to include TLS 1.2 +::: -**CAUTION:** The service user creates the databases. A separate certificate is also generated for +:::warning +The service user creates the databases. A separate certificate is also generated for each database. Therefore, the service user must be a local administrator or a domain administrator, as otherwise they would have no rights to save data in the certificate store. +::: #### Structure of certificates @@ -40,7 +44,9 @@ certificate with the alternative applicant. Therefore, the Netwrix Password Secu stores all IP addresses for the server, as well as the hostname. When creating your own certificate, this information should also be saved under the alternative applicant. -NOTE: All information (including the IP address) are stored as DNS name. +:::note +All information (including the IP address) are stored as DNS name. +::: #### Using the Netwrix Password Secure certificate @@ -50,8 +56,10 @@ certificate is saved locally under: Local computer -> own certificates -> certificates -NOTE: The certificate is valid from its creation up to the year 9999 – and is thus valid almost -indefinitely. For this reason, it is not necessary to note any expiry date. +:::note +The certificate is valid from its creation up to the year 9999 – and is thus valid almost +indefinitely. For this reason, it isn't necessary to note any expiry date. +::: Distributing the Netwrix Password Secure certificate @@ -64,7 +72,7 @@ The certificate can be both rolled out and distributed using group guidelines. Manually importing the Netwrix Password Secure certificate -If the Netwrix Password Secure certificate is not rolled out, it is also possible to manually import +If the Netwrix Password Secure certificate isn't rolled out, it is also possible to manually import the certificate. To do this, firstly open the certificate information. In the warning notification, the Show server certificate button is available for this purpose. In the following dialogue, select the option Install certificate… @@ -82,18 +90,22 @@ selected. Finally, the installation needs to be confirmed once again. -NOTE: The user logged in to the operating system requires rights to create certificates +:::note +The user logged in to the operating system requires rights to create certificates +::: #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the -[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md). Please note that a server +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md). A server certificate for SSL encryption is used here. The CA must be configured so that all clients trust the -certificate. It is necessary to adhere to the certification path. +certificate. you must adhere to the certification path. -**CAUTION:** When configuring, you must ensure that the clients can access the CA lock lists +:::warning +When configuring, you must ensure that the clients can access the CA lock lists +::: Wildcard certificates -Wildcard certificates are not supported. In theory, it should be possible to use them but we cannot +Wildcard certificates aren't supported. In theory, it should be possible to use them but Netwrix can't help with the configuration. You can use wildcard certificates at your own responsibility. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/creating_databases.md b/docs/passwordsecure/9.2/configuration/servermanager/creating_databases.md index 6ba623e945..025d29c748 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/creating_databases.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/creating_databases.md @@ -1,7 +1,7 @@ --- -title: "Creating databases" -description: "Creating databases" -sidebar_position: 40 +Title: "Creating databases" +Description: "Creating databases" +Sidebar_position: 40 --- # Creating databases @@ -10,49 +10,49 @@ sidebar_position: 40 [https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0)[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0) -## What are databases? +## Databases overview Databases contain all information on users, records, documents, etc. The changes to objects in -Netwrix Password Secure will also become part of the MSSQL database. Naturally, the regular creation -of backups to secure this data should always have the highest priority. The **MSSQL** relational -database management system is used in Netwrix Password Secure version 9. +Netwrix Password Secure will also become part of the MSSQL database. The regular creation +Of backups to secure this data should always have the highest priority. The **MSSQL** relational +Database management system is used in Netwrix Password Secure version 9. ## Creating databases The creation of databases is supported by the database wizard, which is started directly from the -ribbon. The individual tabs of the wizard are explained below: +Ribbon. The individual tabs of the wizard are explained in the following sections: ![database wizard](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_217-en.webp) Database server -The first tab can be used to manually select the database server. By default, the value defined in -the Advanced settings is preset. A user can also be entered or the service user can be selected -instead. +The first tab lets you manually select the database server. By default, the value defined in +The Advanced settings is preset. A user can also be entered or the service user can be selected +Instead. Name Enter the name of the new database here. Alternatively, you may select an existing database. A -meaningful name makes it easier to differentiate between databases, especially when using multiple -databases. +Meaningful name makes it easier to differentiate between databases, especially when using multiple +Databases. Data -This setting can be used to define whether a template should be used. The template will provide the -database with ready-made forms and dashboard settings that make it easier to get started. The user -can select from English and German templates. However, it is also possible to proceed without a -template – you will then start with a completely empty database. If you have a backup from Password +Use this setting to define whether a template should be used. The template provides the +Database with ready-made forms and dashboard settings that make it easier to get started. The user +Can select from English and German templates. However, it is also possible to proceed without a +Template – you will then start with a completely empty database. If you have a backup from Password Safe version 7, this can be migrated. User This setting is used to define the first user to be created – normally this is the administrator. If -a migration is active, the user can be deleted after migration. +A migration is active, the user can be deleted after migration. #### Finishing the database wizard Once a database has been created successfully, , provided it has been selected. If no data migration -has been selected, the new database is created directly, and will be displayed in the database -overview. +Has been selected, the new database is created directly, and is displayed in the database +Overview. ![created new database](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_218-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_firewall.md b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_firewall.md index 8aaed30693..f20462e49f 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_firewall.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_firewall.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Database firewall -## What is the database firewall? +## Database firewall overview -The database firewall enables you to regulate access to the database. A whitelist policy is used for +The database firewall lets you regulate access to the database. A whitelist policy is used for this process. Firewall rules are used to allow access to the database in individual cases. #### Activating the firewall @@ -27,7 +27,7 @@ The rules already set are displayed in the section on the right. The icons ![+](/images/passwordsecure/9.2/configuration/server_manager/database_properties/+.webp) and ![-](/images/passwordsecure/9.2/configuration/server_manager/database_properties/-.webp) -can be used to add or also delete rules. Rules can be edited by double clicking on them. +lets you add or also delete rules. Rules can be edited by double clicking on them. ![firewall rule](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_230-en.webp) @@ -41,10 +41,12 @@ The following possibilities exist: - The setting Grant access defines whether access is allowed or blocked. This is symbolised by a corresponding icon. -Naturally, the rules can also be combined. It is thus possible e.g that only one defined user can +The rules can also be combined. It is thus possible e.g that only one defined user can access one database from a certain IP address. -NOTE: The conditions are always combined using AND operators +:::note +The conditions are always combined using AND operators +::: If two or more rules overlap, the rule with the least rights will always be applied. For example, if a rule allows access from a range of IP addresses but another rule blocks a specific computer within @@ -52,7 +54,7 @@ this range then the rule blocking the computer is applied. ## Examples -The functionality of the firewall will be explained in more detail using the following rules: +The functionality of the firewall is explained in more detail using the following rules: ![defined firewall rules](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_231-en.webp) @@ -68,8 +70,8 @@ is blocked using this rule. Blocking an individual user (Rule 3) -If you want to block a particular user (perhaps because they have left the company) then this is -also possible. +To block a particular user (for example, because they have left the company), create a rule that +denies their access. Computer-independent access for a user (Rule 4) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_properties.md b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_properties.md index 0bf570aef7..efd7cea52a 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_properties.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_properties.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Database properties -The properties of a database can be opened by double-clicking on the database. No login to the +The properties of a database can be opened by double-clicking on the database. No log in to the database is required. ![installation_with_parameters_225](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_225.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/general_settings_admin_client.md b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/general_settings_admin_client.md index cf18266eb4..4749d4aef1 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/general_settings_admin_client.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/general_settings_admin_client.md @@ -6,7 +6,7 @@ sidebar_position: 10 # General settings -## What are general settings? +## General settings overview Within the general settings, surface settings regarding the colour scheme as well as the language used are configured. The password for logging in to the Server Manager can also be changed here. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/syslog.md b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/syslog.md index 38d474602d..e41442cc14 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/syslog.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/syslog.md @@ -8,10 +8,10 @@ sidebar_position: 20 If desired, the server logs and also the **[Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog -server. Double clicking on a database allows you to access its settings. The corresponding menu +server. Double clicking on a database lets you access its settings. The corresponding menu items can be found there. ![installation_with_parameters_232](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) -After activating the Syslog interface via the corresponding option, it is possible to configure the +After activating the Syslog interface via the corresponding option, you can configure the Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/advanced_settings.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/advanced_settings.md index 418044d227..ddfb736cd9 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/advanced_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/advanced_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Advanced settings -## What are advanced settings? +## Advanced settings overview Global standard default values are specified in the advanced settings. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md index 0defce7bf3..948313a97c 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -6,15 +6,17 @@ sidebar_position: 20 # Automatic backup cleanup -It is possible to delete backups automatically after a certain period of time. This can be useful if +You can delete backups automatically after a certain period of time. This can be useful if you append date and time to the backups and thus generate new files daily. ![automatic cleanup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-en.webp) ###### Requirement -**CAUTION:** It must be ensured that the user who sets up the automated deletion has sysadmin +:::warning +It must be ensured that the user who sets up the automated deletion has sysadmin privileges on the SQL server. +::: ###### Furnishing diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md index 998603c6fa..fb58283ae8 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md @@ -8,20 +8,20 @@ sidebar_position: 10 #### Introduction -Regular backups of the data should always be part of every security concept. If you wish to create -backups directly on the SQL server, you should also include the Netwrix Password Secure databases. -If no central backups are carried out at the SQL level, you can create backup profiles using the -Server Manager. The backups themselves will then be generated on the SQL Server. +Regular backups of the data should always be part of every security concept. To create +backups directly on the SQL server, also include the Netwrix Password Secure databases. +If no central backups are performed at the SQL level, you can create backup profiles using the +Server Manager. The backups are then generated on the SQL Server. #### Difference between an incremental and full backup A complete backup always saves all data in a database. An incremental backup also creates a complete image of the database as the first step. In future, only the changes since the backup created at the -beginning will be saved. This saves both time and memory capacity. +beginning are saved. This saves both time and memory capacity. #### Backup concept -It is recommended that an incremental backup is run every hour. In addition, a full backup should be +Netwrix recommends that an incremental backup is run every hour. In addition, a full backup should be created once a week. #### Managing the backup schedule @@ -29,24 +29,26 @@ created once a week. Creating a backup schedule You can create a new schedule via the ribbon. This is facilitated by a wizard. All the information -entered under [Backup settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) will be used by default. +entered under [Backup settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) is used by default. A profile name is entered first. The desired databases are also selected. You also need to specify the directory for the backups. ![new backup profile - base settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_257-en.webp) -NOTE: It must be a directory on the SQL server. +:::note +It must be a directory on the SQL server. +::: -Now set the time interval for creating the backups. A preview on the right will show when the -backups will be created in future. An end date can be optionally entered. +Now set the time interval for creating the backups. A preview on the right shows when the +backups are created. An end date can be optionally entered. ![new backup profile - interval](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_258-en.webp) In the advanced settings, you can configure whether the backup should be activated directly. It is also possible to specify whether to create incremental backups. If the date and time are added to -the file name, a new backup is created with each run. If this is not done, the last backup is always -overwritten. The service user can be used to create the backup or a service user can be specified +the file name, a new backup is created with each run. If this isn't done, the last backup is always +overwritten. The service user lets you create the backup or a service user can be specified with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup @@ -59,13 +61,13 @@ Backup run The backups are executed by the SQL server in the background. If an error occurs, this is indicated in “orange” in the backup list. Information about any errors issued by the SQL server is displayed -under all backups. A backup will be automatically deactivated if it does not run 5x in a row. This -will be marked in the list in red. The schedule cannot be reactivated directly. You will need to +under all backups. A backup is automatically deactivated if it doesn't run 5x in a row. This +is marked in the list in red. The schedule can't be reactivated directly. You need to open it and amend it. Other backup actions -A selected schedule can be deleted via the ribbon. The wizard for a schedule can be called up by +A selected schedule can be deleted via the ribbon. The wizard for a schedule can be opened by double-clicking on it to make any changes. In addition, a backup can be started directly via the ribbon at any time. The backup service must be running for this purpose. You can also display this in the history. @@ -79,7 +81,7 @@ existing databases. Firstly, select the required database. You can now select In If necessary, firstly enter login data for the user that logs in to the SQL server – although the service user is generally used here. Now select the backup file. All the backups contained in the -file will then be displayed. Now simply click on Restore to restore the backup to the existing +file are then displayed. Click **Restore** to restore the backup to the existing database. ![Database restore](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_261-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md index 6bc2bd279f..7a0ffc56ec 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Backup settings -## What are backup settings? +## Backup settings overview Within the backup settings the default values for the execution of backups can be defined. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md index 03cb802808..cba4bb6428 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -6,33 +6,33 @@ sidebar_position: 30 # Disaster recovery scenarios -#### Finding a quick solution in the event of a disaster +#### Finding a quick solution during a disaster -In our experience, Netwrix Password Secure is usually installed in IT in a central location. If the +In the experience, Netwrix Password Secure is usually installed in IT in a central location. If the system fails, it must be possible to gain access to the passwords again as quickly as possible. This -section is designed to help you quickly find a solution in the event of a problem. +section is designed to help you quickly find a solution if a problem occurs. #### Prevention It is extremely important to create a sensible recovery plan and to make corresponding preparations. -Unfortunately, it is not possible to supply a finished recovery plan because it always needs to be +Unfortunately, it isn't possible to supply a finished recovery plan because it always needs to be created individually. The following points should be taken into account in this process: Creating backups -It is of course essential in the event of a disaster that you can access a backup that is as -up-to-date as possible. Therefore, it is necessary to regularly create +It is of course essential during a disaster that you can access a backup that is as +up-to-date as possible. Therefore, you must regularly create [Backup management](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -Who is responsible in the event of a disaster? +Who is responsible during a disaster? -The first thing to decide is who should take action in the event of a disaster. Corresponding +The first thing to decide is who should take action during a disaster. Corresponding deputies should also be defined. The responsible employee should have the corresponding rights within Netwrix Password Secure. Providing the required passwords -What passwords do those people responsible need in order to restore Netwrix Password Secure? +What passwords do those people responsible need to restore Netwrix Password Secure? - Domain password to log into the specific computer - Password for the Server Manager @@ -75,7 +75,7 @@ Solution: Install the database server on new hardware. If the server name changes as a result, the licence needs to be reactivated. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. If the SQL instance name changes, the connection to the -database server needs to be reconfigured on the application server. This is carried out via the +database server needs to be reconfigured on the application server. This is performed via the basic configuration. Any existing offline databases will continue to function properly. @@ -93,7 +93,7 @@ it may be that the licence can only be released again by Netwrix. The basic conf completed to restore the connection to the database server. If the server name changes, the database profile on the client needs to be amended. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 4 @@ -108,7 +108,7 @@ Restore the database from the backup. The basic configuration must be completed connection to the database server. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 5 @@ -119,5 +119,5 @@ As for Scenario 4 but the Active Directory is also not available. Solution: As described for scenario 4. If the user was imported in end-to-end mode, you can also log in -without an AD connection. Users imported in Masterkey mode cannot log in. Therefore, it is +without an AD connection. Users imported in Masterkey mode can't log in. Therefore, it is recommended that you create special, local emergency users for such cases. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md index da50be8937..3215dbbd04 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # License settings -## What are license settings? +## License settings overview Licenses for the Netwrix Password Secure are managed within the license settings. In addition, all current license details are displayed in the window provided for this purpose. @@ -15,8 +15,10 @@ current license details are displayed in the window provided for this purpose. ## Licenses -**CAUTION:** Version 7 licenses cannot be used for Netwrix Password Secure version 9. “Please -contact us”: http: //www.passwordsafe.de to obtain a version 9 license. +:::warning +Version 7 licenses can't be used for Netwrix Password Secure version 9. Contact +http: //www.passwordsafe.de to obtain a version 9 license. +::: Licenses are linked via the Netwrix license server. Here are the details: @@ -27,7 +29,7 @@ Licenses are linked via the Netwrix license server. Here are the details: Ensure that this server is accessible. You may also use Proxy servers. The license is retrieved from the server and stored in the server configuration. The license will be checked every hour, and updated as required. The retention time is 30 days. If there is no internet connection, you can -continue to work for 30 days. If this period should cause problems, please contact us. +continue to work for 30 days. If this period should cause problems, contact Netwrix #### Integrating and managing licenses @@ -36,15 +38,19 @@ After purchase, you will receive the required license information in the form of Activate button to establish a connection to the license server. You can select the acquired licenses from a list. The license can be now used. -NOTE: Optionally, you may specify a proxy. By default, the proxy stored in the operating system is +:::note +Optionally, you may specify a proxy. By default, the proxy stored in the operating system is used. +::: -**CAUTION:** The licence is called up in the context of the service user. If you experience +:::warning +The licence is opened in the context of the service user. If you experience connection problems, the firewall and, if relevant, the proxy should be checked. +::: #### How to activate the license via license file -1. Transition the file attached to this email to the Netwrix Password Secure Server(s). +1. Transition the file attached to this email to the Netwrix Password Secure Servers. 2. Open the Netwrix Password Secure Server Manager. 3. Open the main menu and select the License settings area. 4. Open the License file tab. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/main_menu.md b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/main_menu.md index e94363bac5..96dad4c8f6 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/main_menu.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/main_menu.md @@ -6,11 +6,11 @@ sidebar_position: 90 # Main menu -## What is the main menu? +## Main menu overview The operation and structure of the Main menu/Backstage menu is the same for the [Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used -independently of the currently selected module. +independently of the selected module. - [General settings](/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/general_settings_admin_client.md) - [Backup settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/database_settings.md index e4c6c2df95..3978cfe189 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/database_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/database_settings.md @@ -6,8 +6,8 @@ sidebar_position: 10 # Database settings -To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively -you can open the context menu with the right mouse button and click on "Properties". In the next +To open the settings of a database, select it and click "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click "Properties". In the next step you will be asked to enter your admin password. After that a window with the settings will open. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md index ffe601dbd5..41b71dfb71 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md @@ -6,22 +6,24 @@ sidebar_position: 30 # HSM connection via PKCS # 11 -## What is the HSM connection? +## HSM connection overview The HSM connection ensures that the certificates can be outsourced to the HSM. This ultimately leads -to an increased protection because the certificates are not directly in the server’s access. The +to an increased protection because the certificates aren't directly in the server’s access. The connection is effected via PKCS # 11. #### Requirements -In order to be able to connect an HSM, the following conditions have to be met: +To be able to connect an HSM, the following conditions have to be met: - An executable HSM has to be available. - The PKCS # 11 drivers have to be installed on the application server. - The device is set up via the Administrator database on the Server Manager. -**CAUTION:** Please note, if an HSM is to be used, the database also has to be set up thoroughly. It -is currently not possible to transfer an existing database to an HSM. +:::warning +If an HSM is to be used, the database also has to be set up thoroughly. It +isn't possible to transfer an existing database to an HSM. +::: #### Hardware compatibility @@ -44,6 +46,6 @@ The installation is set up on the Server Manager via the database settings. As soon as the HSM is connected, all server keys are transferred to the HSM. This is the database certificate. If the AD has been connected in Masterkey mode, the masterkey will also be transferred to the HSM. Then the certificates are no longer stored in the certificate store of the application -server, but centrally managed by the HSM. All other keys are not stored on the HSM, but derived from +server, but centrally managed by the HSM. All other keys aren't stored on the HSM, but derived from the masterkeys. Therefore, Netwrix Password Secure rarely accesses the HSM, for example, at server startup or at the AD Sync. As a result, the load on the HSM can be kept low. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md index 311f022a43..0a0c6f962e 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Multifactor Authentication -## What is multifactor authentication? +## Multifactor authentication overview Multifactor authentication is used to secure the logon to the by an additional factor. The actual setup takes place in the client. The configured en can then be used by any user @@ -19,5 +19,7 @@ In the Databases module, select a database and open its settings via the ribbon. In the settings you define which second factors can be used. -NOTE: If you want to use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the +:::note +To use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the corresponding checkbox. +::: diff --git a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md index 8d92779b48..fa2fb8bcf3 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Session timeout Here you can set individually for each client when an inactive connection to the application server -is automatically terminated. Select the desired time period in the drop-down menu and save the +is automatically terminated. Select the desired time period in the dropdown menu and save the setting by clicking on **"Save"**. ![session timeout](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session-timeout-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/managing_databases.md b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/managing_databases.md index 499971cc8c..47aa367b47 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/managing_databases.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/managing_databases.md @@ -15,16 +15,16 @@ button or also via the ribbon. ## Database settings -All database settings are saved in the database. It is necessary to log in to the database before -editing the settings. Any user that exists in the database can be used for this purpose. You can +All database settings are saved in the database. you must log in to the database before +editing the settings. Any user that exists in the database can log in for this purpose. You can always restore Global settings via the ribbon. Multifactor authentication -This area can be used to configure which services will be used for multi-factor authentication. The +Use this area to configure which services are used for multi-factor authentication. The available services are: RSA Secure ID, SafeNet, YubiKey NEO, and YubiKey Nano. After selecting the required service, specify the respective access data. You must also configure various services. In -this case, you can specify on the client which methods will be used by the individual users. +this case, you can specify on the client which methods are used by the individual users. Further information on this subject can be found in the section[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). @@ -40,28 +40,30 @@ If desired, the logbook, **notifications, session recordings** and also the **hi can be automatically cleaned up here. You merely have to enter how old the data needs to be before it is deleted. Logbook entries can be exported before the deletion process. -**CAUTION:** It is important to note that the logbook is also used for the filter functions. If the -logbook is regularly cleaned up, it is possible that the full functions of the filter will no longer -be available. +:::warning +The logbook is also used for the filter functions. If the +logbook is regularly cleaned up, it is possible that the full functions of the filter are no longer +available. +::: #### Database actions Show connection locks In the ribbon, all connection locks can be displayed. To do this, you must first log in to the -database. All locked users will be displayed in a list. The following is displayed: +database. All locked users are displayed in a list. The following is displayed: - User name (if known) - Reason for lock - Number of login attempts - Expiry of the lock. The user can be unlocked by right-clicking on an entry. -A user can be locked manually using the corresponding button. It is necessary to select the user, +A user can be locked manually using the corresponding button. you must select the user, configure the expiration of the lock and specify a reason. Show / disconnect sessions -You can use the corresponding button to display all currently connected clients. After selecting a +You can use the corresponding button to display all connected clients. After selecting a session, the connection can be disconnected. Migration @@ -69,10 +71,12 @@ Migration Once a database has been selected, the can be started via the ribbon. This also allows multiple version 7 databases to be merged into one. -**CAUTION:** When the migration is started, the database is set to migration mode. For the duration -of the migration, it is not possible to log in to the database – users who are already logged in -will be sent a corresponding message. The sessions will, however, remain open so that users can +:::warning +When the migration is started, the database is set to migration mode. For the duration +of the migration, it isn't possible to log in to the database – users who are already logged in +are sent a corresponding message. The sessions, however, remain open so that users can continue working as soon as the migration is complete. +::: Certificates @@ -80,8 +84,8 @@ Management of the certificates is very important. This is described in the secti Display database users -This button can be used to call up statistics about the users in the respective databases. It shows -you which users are active in which database. Naturally, this list can also be exported. +Use this button to open statistics about the users in the respective databases. It shows +you which users are active in which database. This list can also be exported. #### Data backup diff --git a/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md b/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md index 50ab4adf26..71e7730692 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -18,8 +18,10 @@ In the new MSP version these have been replaced by the modules Customers (1) and In the MSP version, you will find the individual customer databases under the Customers module. -NOTE: The Backup module has been removed, because Netwrix Password Secure's own backup is not +:::note +The Backup module has been removed, because Netwrix Password Secure's own backup isn't suitable for environments with multiple customer databases. As a Managed Service Provider, you must back up your customer databases yourself using appropriate measures. +::: The Status and Web Application modules are identical in both versions. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/customers_module.md b/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/customers_module.md index 064b96752d..a9f43ebf9d 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/customers_module.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/msp/changesintheadminclient/customers_module.md @@ -8,7 +8,7 @@ sidebar_position: 10 #### Creating a new customer -Creating a new customer is done via the Customers module (1). Here, click on New (2) in the upper +Creating a new customer is done via the Customers module (1). Here, click New (2) in the upper left corner. This applies both to customers in a test phase and to customers who are to be billed immediately. @@ -16,8 +16,8 @@ immediately. When creating a new customer, the customer name is specified under **General** (1). -If (2) is not checked, a test customer is created without billing. This is then a customer in the -test phase. If (2) is checked, a customer will be created who will be charged by Netwrix from the +If (2) isn't checked, a test customer is created without billing. This is then a customer in the +test phase. If (2) is checked, a customer is created who is charged by Netwrix from the current month. At (3) a date is automatically entered that is four weeks in the future. This date can be changed by @@ -36,7 +36,7 @@ to the on-prem version. ![License settings new customer](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/licence-new-customer-msp-en_1013x675.webp) After saving, the test customers are displayed under Test (1) and the customers to be billed under -Billed (2). When you click on a (test) customer, you will see the associated +Billed (2). When you click a (test) customer, you see the associated information and activated options. By clicking the button Edit (3 + 4) you can make @@ -64,15 +64,15 @@ Since no costs are incurred for test customers, no information is displayed here Here you can also edit the contract details and activate or deactivate options. Additionally you can see the user history (4) of the last months, the forecast for the current month (5) including the -expected costs for the users and options, as well as the total amount. Furthermore, you will find +expected costs for the users and options, as well as the total amount. Furthermore, you find the statements of the last months (6) and a graphical representation of the cost history (7). ![billed-customer-msp-en_1032x752](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/billed-customer-msp-en_1032x752.webp) #### Deactivating and reactivating a customer -Both test customers and customers to be billed can be deactivated, e.g. if a test customer cannot -continue testing until later or if a customer to be billed does not pay his invoice. When +Both test customers and customers to be billed can be deactivated, e.g. if a test customer can't +continue testing until later or if a customer to be billed doesn't pay his invoice. When deactivating, all data is retained and the customer can be completely restored. To deactivate a customer, select the database (1) and then Deactivate (2). diff --git a/docs/passwordsecure/9.2/configuration/servermanager/msp/msp.md b/docs/passwordsecure/9.2/configuration/servermanager/msp/msp.md index 62296b76f3..fb17f8aad3 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/msp/msp.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/msp/msp.md @@ -10,6 +10,6 @@ Whether you are a partner or an end user of Netwrix Password Secure - this help getting started with MSP and guide you safely through the configuration and operation of the software. -We are pleased that you have chosen Netwrix Password Secure for your password protection needs. +Thank you for choosing Netwrix Password Secure for your password protection needs. -We hope you enjoy discovering your new password manager! +Enjoy discovering your new password manager. diff --git a/docs/passwordsecure/9.2/configuration/servermanager/operation_and_setup_admin_client.md b/docs/passwordsecure/9.2/configuration/servermanager/operation_and_setup_admin_client.md index 8e37b45aba..0ac1686e5f 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/operation_and_setup_admin_client.md @@ -13,8 +13,10 @@ The control elements such as the ribbon and the info and detail areas can be der section dealing with the client([Operation and Setup](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md)). -NOTE: An initial password is required for the first login on Server Manager. The password is +:::note +An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. +::: #### Status module @@ -58,7 +60,7 @@ column headings. The period shown can be limited using . # Databases module Databases are managed in a dedicated module. All relevant information on the existing databases can -also be called up – completely without accessing the SQL server. +also be opened – completely without accessing the SQL server. ![Databases Admin Client](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/installation_with_parameters_252-en.webp) @@ -67,12 +69,12 @@ also be called up – completely without accessing the SQL server. 2. Database overview In the database overview, all databases listed alphabetically. This section can be minimised using -the arrow symbol on the top, left edge. Right-click on one of the databases to display a context +the arrow symbol on the top, left edge. Right-click one of the databases to display a context menu with all available functions. 3. Notification area -The Info area displays all the information about the database currently selected in the database +The Info area displays all the information about the database selected in the database overview. This information is ivided into the three subsections “Database summary, Data sets and Database tables”. @@ -84,7 +86,7 @@ List of recent backups. Can be sorted by date The database log is used to monitor and control the specific databases. All relevant actions for the selected database are displayed in a comprehensible manner in one list. The categorisation is -carried out in the same way as the server log according to the colours applied. +performed in the same way as the server log according to the colours applied. #### Backups module diff --git a/docs/passwordsecure/9.2/configuration/servermanager/server_manager.md b/docs/passwordsecure/9.2/configuration/servermanager/server_manager.md index 5e109a9826..1df958b4d0 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/server_manager.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/server_manager.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Server Manager -## What is the Server Manager? +## Server Manager overview The Server Manager takes care of the central administration of the databases as well as the configuration of the backup profiles. In addition, it provides the very important interface to the diff --git a/docs/passwordsecure/9.2/configuration/servermanager/settlement_right_key.md b/docs/passwordsecure/9.2/configuration/servermanager/settlement_right_key.md index 3f7d391a2a..961793c415 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/settlement_right_key.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/settlement_right_key.md @@ -8,8 +8,8 @@ sidebar_position: 50 #### Problem Description -In the version 8.3.0.13378 passwords which cannot be decrypted for other users could be created. In -this case, individual users or even all users do not have the necessary legal key. If a user wants +In the version 8.3.0.13378 passwords which can't be decrypted for other users could be created. In +this case, individual users or even all users don't have the necessary legal key. If a user wants to reveal an affected password, the following message is displayed: ![installation_with_parameters_219_706x98](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_219_706x98.webp) @@ -63,7 +63,7 @@ should be adjusted. ###### Irreparable records (not repairable) -Irreparable passwords cannot be corrected automatically. Nevertheless, it may happen that passwords +Irreparable passwords can't be corrected automatically. Nevertheless, it may happen that passwords marked as irreparably can be corrected manually. First case @@ -80,7 +80,7 @@ current database again. Second case In the second case, there are users / roles who have the right key but not the right to claim. As -far as the number of irreparable passwords is limited, these can be used to check the form field +far as the number of irreparable passwords is limited, these lets you check the form field permissions manually. ![installation_with_parameters_224_762x90](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_224_762x90.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanager/setup_wizard.md b/docs/passwordsecure/9.2/configuration/servermanager/setup_wizard.md index 56acc86dd1..c753695c42 100644 --- a/docs/passwordsecure/9.2/configuration/servermanager/setup_wizard.md +++ b/docs/passwordsecure/9.2/configuration/servermanager/setup_wizard.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Setup wizard -## What is the setup wizard? +## Setup wizard overview The setup wizard contains all relevant settings for setting up Netwrix Password Secure. The individual points can also be changed later on. Separate sections are available for each. @@ -20,12 +20,14 @@ and properly documented. It can be subsequently changed in the ![setup-wizard-ac-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) -NOTE: The initial password is “admin”. +:::note +The initial password is “admin”. +::: #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md) +This step can also be performed later “in the [License settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -48,7 +50,7 @@ can copy the server name from the login window of the SQL server. The user that will be used to create the database on the SQL Server is also specified. The user therefore needs **dbCreator** rights. Alternatively, you can use the service user for this purpose. -The “Advanced” button allows you to specify a **Connection String.** +The “Advanced” button lets you specify a **Connection String.** #### SMTP server @@ -58,7 +60,7 @@ later on. ![setup-wizard-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) -Once the data has been entered and successfully tested, the wizard can be completed by clicking on +After the data has been entered and successfully tested, the wizard can be completed by clicking on “Finish”. Security notes @@ -68,7 +70,9 @@ As soon as the setup wizard has been completed, two security notes will be displ module that need to be confirmed. -**CAUTION:** It is recommended that you only confirm the security notes when the corresponding point -has actually been carried out. It is absolutely essential to ensure that regular +:::warning +Netwrix recommends that you only confirm the security notes when the corresponding point +has actually been performed. It is absolutely essential to ensure that regular [Backup management](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md) are created and the [Certificates](/docs/passwordsecure/9.2/configuration/servermanager/certificates/certificates.md) are backed up. +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md index a2f807a1b2..cc438e03a8 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Application -The following functions are currently available in the **Application module**: +The following functions are available in the **Application module**: Web & SAML applications: @@ -14,8 +14,10 @@ Web & SAML applications: - Manage - Delete -NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of +:::note +A detailed explanation of how to configure SAML can be found in the chapter “Configuration of SAML” +::: General functions: @@ -26,5 +28,7 @@ General functions: - Quick view - Connect password -NOTE: The Web Application module Applications is based on the client module of the same name +:::note +The Web Application module Applications is based on the client module of the same name “Applications”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md index 8a87958f40..8e74ce03b7 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Documents -The following functions are currently available in the **Document module:** +The following functions are available in the **Document module:** - New New document can be added in the following ways: @@ -26,5 +26,7 @@ The following functions are currently available in the **Document module:** - Print - History -NOTE: The Web Application module **Documents** is based on the client module of the same name +:::note +The Web Application module **Documents** is based on the client module of the same name “Documents”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md index bbcc9fad6f..610483c1cf 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Forms module -The following functions are currently available in the **forms module**: +The following functions are available in the **forms module**: - Add - Open @@ -19,5 +19,7 @@ The following functions are currently available in the **forms module**: - Print - Export -NOTE: The Web Application module **forms** is based on the client module of the same name. Both +:::note +The Web Application module **forms** is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md index 3308e1b963..47e604f3f5 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md @@ -11,12 +11,14 @@ The **logbook module** exists of the following features: - Filter function - Quick view -NOTE: The Web Application module logbook is based on the same called client module logbook. Both +:::note +The Web Application module logbook is based on the same called client module logbook. Both modules differ in range and design. However, the handling is almost the same. +::: Differences to the logbook on the Client: -The following options are not available yet in the **Web Application**. If needed, you can use them +The following options aren't available yet in the **Web Application**. If needed, you can use them on the Client. - Documents diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md index 3315b66a78..63ac014347 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Organisational structure module -The following functions are currently available in the **organisational structure module**: +The following functions are available in the **organisational structure module**: - Adding/editing/deleting/authorizing users / organisational structures - Notifications @@ -18,8 +18,10 @@ The following functions are currently available in the **organisational structur - Changing passwords - Print -NOTE: The Web Application module organisational structure is based on the client module of the same +:::note +The Web Application module organisational structure is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## AD connection in the Web Application @@ -55,7 +57,7 @@ be predefined. Then choose **Predefine rights** in the menu bar. ![installation_with_parameters_162](/images/passwordsecure/9.2/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_162.webp) -**Creating the first template group:** A modal window will appear after clicking on the icon for +**Creating the first template group:** A modal window appears after clicking on the icon for adding a new template group (green arrow) in which a meaningful name for the template group should be entered. @@ -68,6 +70,6 @@ Now you can add the appropriate roles and users. You can add users and roles in different ways: - Add the appropriate roles and users at the toolbar under **Search and add**. -- Click on the loupe to see all the users and roles. +- Click the loupe to see all the users and roles. ![installation_with_parameters_165](/images/passwordsecure/9.2/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md index 5fb3565408..c9572a6b3e 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -6,11 +6,11 @@ sidebar_position: 10 # User management -## How are the users managed in the Web Application? +## User management in the Web Application The user management strongly depends on whether the Active Directory has been connected or not. In Master Key mode, the Active Directory remains the leading system. In all other modes, the user -administration is carried out via the organisational structure module. +administration is performed via the organisational structure module. #### Creating local users diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md index f2b835195d..fd2e7a73d5 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password module -The **Password Module** currently provides the following functions: +The **Password Module** provides the following functions: - Create - Delete @@ -50,6 +50,8 @@ The **Password Module** currently provides the following functions: - Export - WebViewer Export -NOTE: The Web Application module Password module is based on the module of the same name that is +:::note +The Web Application module Password module is based on the module of the same name that is located in the client. Both modules differ in scope and design, but are nevertheless almost identical in terms of operation. +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md index 55a5e66583..e70420247a 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Roles module -The following functions are currently available in the **roles module:** +The following functions are available in the **roles module:** - Add - Delete diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md index 8facda3781..43b1e69401 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Tag system -The tag system currently offers the following functions: +The tag system offers the following functions: - Add - Delete diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md index 208791edc8..e9013305a8 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Filter or structure area -As is also the case on the client, it is possible to select between filter and structure. For this +As is also the case on the client, you can select between filter and structure. For this purpose, the following buttons are available on the navigation bar ![installation_with_parameters_169](/images/passwordsecure/9.2/configuration/web_application/operation/filter_or_structure/installation_with_parameters_169.webp) @@ -20,7 +20,7 @@ characteristics specific to the Web Application will be described here. Using the filter Operation of the “Web Application filter” barely differs from the operation of the client filter. It -is only necessary to note that the Clear filter and Apply filter buttons can be found above the +is only necessary to the Clear filter and Apply filter buttons can be found above the filter. The configuration settings can also be found directly above the Web Application filter. Configuring the filter diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md index 55ca383fb0..040f79460b 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Footer -The footer displays various different information about the currently selected record in multiple +The footer displays various different information about the selected record in multiple tabs. It can be activated or deactivated using the small arrow on the far right. The footer is hidden by default. @@ -27,7 +27,7 @@ The history can also be displayed via a corresponding tab. 4. Documents -The documents tab can be used to access all linked documents. +The documents tab lets you access all linked documents. 5. Notifications diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md index f78edb5d9d..f00ae25cc9 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md @@ -20,7 +20,7 @@ As is also the case on the client, the filter or structure area can be displayed 3. Modules -As is also the case on the client, modules like passwords, organisational structures, roles and +As is also the case on the client, modules like passwords, organisational structures, roles, and forms can be managed here. 4. Quick search @@ -30,15 +30,15 @@ fields of the complete database except the password field. The tags are still se 5. Quick search -Upcoming tasks like export, import, print and so on are displayed here. +Upcoming tasks like export, import, print, and so on are displayed here. 6. Notifications -here you will be informed about incoming notifications. The notification can also be called up by +here you will be informed about incoming notifications. The notification can also be opened by clicking on it. 7. Account -The user who is currently logged in can be seen under account. You can log out by clicking on the -account. It is also possible to call up the settings in +The user who is logged in can be seen under account. You can log out by clicking on the +account. It is also possible to open the settings in [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md index 032ad7bf4b..31d51df9f5 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md @@ -6,11 +6,11 @@ sidebar_position: 50 # List view -## What is list view? +## List view overview The central element of the navigation in the Web Application is list view, which clearly presents the filtered elements. As list view in the Web Application provides the same functions as list view -in the client, we refer you at this point to the +in the client, refer to the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) section. ![installation_with_parameters_176](/images/passwordsecure/9.2/configuration/web_application/operation/list_view/installation_with_parameters_176.webp) @@ -19,5 +19,5 @@ in the client, we refer you at this point to the The list view differs from that on the client in the following areas: -- List view cannot be individually configured +- List view can't be individually configured - There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md index 872fb60353..bcb7c4f750 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Menu -## What is the menu? +## Menu overview The ribbon on the client has been replaced by a menu on the Web Application. The menu thus represents the central operating element on the Web Application. The functions available within the -menu are dynamic and are based on the currently available actions. Different actions are possible -depending on which view is currently being used. +menu are dynamic and are based on the available actions. Different actions are possible +depending on which view is being used. #### Menu bar @@ -26,7 +26,7 @@ The size of the menu can be maximised using this button. 2. New -This option can be selected to call up the wizard for adding a new record. +This option can be selected to open the wizard for adding a new record. 3. Open @@ -46,13 +46,13 @@ Copies the password to the clipboard. ###### Advanced menu -If the menu – as described above – is maximised, **all functions** are then available. The functions +If the menu – is maximised, **all functions** are then available. The functions on the menu bar are repeated here. The menu is divided into a number of sections. These correspond 1 to 1 to the sections of the ribbon on the client. ![Menu](/images/passwordsecure/9.2/configuration/web_application/operation/menu_bar/installation_with_parameters_175-en.webp) -In our example, the menu looks like this: +In this example, the menu looks like this: 1. New Item @@ -65,19 +65,21 @@ The actions can be used, for example, to mark the password as a Favourite or als 3. Permissions -This section does not offer any additional functions than simply opening the permissions. +This section doesn't offer any additional functions than opening the permissions. 4. Clipboard -This section can be used to copy all available fields to the clipboard. +Use this section to copy all available fields to the clipboard. 5. Start -A website can be called up here. +A website can be opened here. -NOTE: As already described, the menu is dynamic and thus appears in a variety of different forms. +:::note +As already described, the menu is dynamic and thus appears in a variety of different forms. However, the basic function is always the same: The menu bar contains the basis functions, while the advanced menu contains all functions. +::: 6. Extras diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md index 441ad58af3..bcaab143ba 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -12,7 +12,7 @@ The navigation bar provides the following functions. 1. Filter -This function can be used to switch the view to the filter in the left section. You also have the +Use this function to switch the view to the filter in the left section. You also have the possibility to switch from filter to structure. 2. Tabs diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md index 7d1ec4b0bb..b16fbd9e7a 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -6,13 +6,13 @@ sidebar_position: 20 # Settings -The settings are called up via the [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are +The settings are opened via the [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language -You can select German or English here by simply clicking on them. The change is made immediately and -does not require you to restart the browser. +You can select German or English here by clicking on them. The change is made immediately and +doesn't require you to restart the browser. #### Extras @@ -22,11 +22,11 @@ Here you have the possibility to manage templates for seals. Tag management -The tag management allows you to manage the tags. +The tag management lets you manage the tags. Image management -With the image management, you can manage your icons and logos easily and quickly. +With the image management, you can manage your icons and logos. ![image management](/images/passwordsecure/9.2/configuration/web_application/operation/navigation_bar/settings/installation_with_parameters_179-en.webp) @@ -58,7 +58,7 @@ The management of these settings is based on the client. Further information can global [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) and [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) -The following settings are not available on the Web Application: +The following settings aren't available on the Web Application: - Customizable window caption - Permitted document extensions @@ -67,4 +67,4 @@ The following settings are not available on the Web Application: Account -Here it is possible to change the password of the logged in user. +Here you can change the password of the logged in user. diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md index ae78273a68..ac4ba8e58b 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -6,7 +6,7 @@ sidebar_position: 10 # User menu -The user menu can be found in the upper right corner of the Web Application. A right click on the +The user menu can be found in the upper right corner of the Web Application. A right click the logged in user opens it. #### Options in the user menu @@ -23,15 +23,15 @@ In the bin you can manage your deleted passwords. Help -A click on help takes you directly to the Netwrix Password Secure documentation page. +A click help takes you directly to the Netwrix Password Secure documentation page. Switch to Basic view -What the Basic view is able to do in the web view can be inspected here. +What the Basic view can do in the web view can be inspected here. Lock -This locks the user who is currently logged in and only needs to enter his password to use the web +This locks the user who is logged in and only needs to enter his password to use the web client again. Log out diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md index 30565f8db3..24b7d6b93d 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md @@ -10,8 +10,10 @@ Operation of the Web Application has been based as far as possible on the operat Password Secure client. Nevertheless, there are some differences that need to be noted and they are described here. -NOTE: There is also a Basic view in the Web Application. Everything worth knowing can be found at +:::note +There is also a Basic view in the Web Application. Everything worth knowing can be found at the following link: web view Basic view +::: #### Login @@ -37,21 +39,23 @@ parameters are used here: - **database** for transferring the database nam - **username** for transferring the user name -The parameters are simply attached to the URL for the Web Application and separated from one another +The parameters are attached to the URL for the Web Application and separated from one another with a **&**. Example -You want to call up the Web Application under **https://psr_Web Application.firma.com.** In the +You want to open the Web Application under **https://psr_Web Application.firma.com.** In the process, you want the login mask to be directly filled with the database **Passwords** and the user name **Anderson**. The following URL is then used: **https://psr_Web Application.firma.com/authentication/ login?database=Passwords&username=Anderson** -NOTE: It is possible to only transfer the database. The user name is not absolutely necessary. +:::note +You can only transfer the database. The user name isn't absolutely necessary. +::: #### Structure -The Web Application is split into a number of sections that are described below. +The Web Application is split into a number of sections that are described in the following sections. ![Operation](/images/passwordsecure/9.2/configuration/web_application/operation/installation_with_parameters_168-en.webp) @@ -61,11 +65,11 @@ The header provides access to some essential functions. 2. [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md) -It is possible to switch between module and filter view on the navigation bar. +You can switch between module and filter view on the navigation bar. 3. [Filter or structure area](/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md) -As is also the case on the client, it is possible to select between filter and structure. +As is also the case on the client, you can select between filter and structure. 4. [Menu](/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md) @@ -73,7 +77,7 @@ The ribbon on the client has been replaced by a menu bar on the Web Application. 5. [List view](/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md) -The records currently selected using the filter can be viewed in list view. +The records selected using the filter can be viewed in list view. 6. [Reading pane](/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md) diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md index 69b419e6d8..1a45c79290 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md @@ -6,10 +6,10 @@ sidebar_position: 60 # Reading pane -## What is the reading pane? +## Reading pane overview As with the list view, the reading pane on the Web Application is almost identical to that on the -client. Therefore, we also refer you here to the corresponding +client. Therefore, refer to the corresponding [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) section. ![reading_pane](/images/passwordsecure/9.2/configuration/web_application/operation/reading_pane/reading_pane.webp) @@ -18,4 +18,6 @@ Various information is displayed on the header – as is the case with the clien tags for the records or information on whether the record is public or private. Password masking is also symbolised here. -NOTE: There are – as is usual in a browser – no context menus +:::note +There are – as is usual in a browser – no context menus +::: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md b/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md index 1e865a1aa2..b5f21c27e8 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md @@ -23,5 +23,5 @@ Port 11016 TCP must be released on the application server. CORS not configured -Make sure that the CORS configuration has been implemented. Further information can be found in +Ensure that the CORS configuration has been implemented. Further information can be found in chapter Installation Web Application diff --git a/docs/passwordsecure/9.2/configuration/webapplication/web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/web_application.md index 9d9d99f771..a75604687a 100644 --- a/docs/passwordsecure/9.2/configuration/webapplication/web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/web_application.md @@ -12,13 +12,13 @@ The previous WebAccess function has been replaced by the **Web Application” in Secure version** **8.3.0. The completely newly developed \*Web Application** will act as the basis for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be -constantly enhanced. All of the currently available functions can be viewed in the +constantly enhanced. All of the available functions can be viewed in the [Functional scope](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/images/passwordsecure/9.2/configuration/web_application/installation_with_parameters_159.webp) **Netwrix Password Secure Web Application** enables platform-independent access to the database via -a browser. It is irrelevant whether you are using Microsoft Windows, macOS or Linux, it is only +a browser. It is irrelevant whether you are using Microsoft Windows, macOS, or Linux, it is only necessary for javascript to be supported. As the **Netwrix Password Secure Web Application** has a responsive design, it can also be used on all mobile devices such as tablets and smartphones. diff --git a/docs/passwordsecure/9.2/enduser/advancedview.md b/docs/passwordsecure/9.2/enduser/advancedview.md index 4a2f16458c..0332372f96 100644 --- a/docs/passwordsecure/9.2/enduser/advancedview.md +++ b/docs/passwordsecure/9.2/enduser/advancedview.md @@ -6,15 +6,12 @@ sidebar_position: 50 # Outlook: Advanced View -Curious about how you can manage your team in Netwrix Password Secure? +The Advanced view provides additional capabilities for managing team passwords in Netwrix Password Secure: -Learn more about how to … - -- Share passwords masked / only for a limited time (i.e. with working students or interns) +- Share passwords masked or for a limited time (i.e., with working students or interns) - Separately authorize the disclosure of passwords - View the password quality and monitor all actions in your team - View the reasons given by your team members for revealing passwords in plain text -- And much more! -Simply contact your IT department for further information on the advanced view of Netwrix Password +Contact your IT department for further information on the advanced view of Netwrix Password Secure. diff --git a/docs/passwordsecure/9.2/enduser/browserextension.md b/docs/passwordsecure/9.2/enduser/browserextension.md index 69c596e1b5..940fd87bc1 100644 --- a/docs/passwordsecure/9.2/enduser/browserextension.md +++ b/docs/passwordsecure/9.2/enduser/browserextension.md @@ -6,44 +6,43 @@ sidebar_position: 10 # Get the Browser Extension -First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this -also means that managing - and logging in with them - is easier and saves time! That's why you need -the browser extension to save yourself the hassle of typing in passwords in future and to be logged -in to all your website accesses with just one click! +The browser extension lets you log in to websites directly from Netwrix Password Secure, so you don't need to type passwords manually. Step 1 – Is your browser extension already installed? You can find out by: - Looking for this icon next to the URL input field in your browser. See the icon in the top bar of - the screenshot below. + the following screenshot. - Opening the Password Secure Web App, logging in and scrolling down: If not installed yet, you can find the download link in the footer. See the Download Edge Extension link in the bottom center of - the screenshot below. + the following screenshot. ![downloadextension](/images/passwordsecure/9.2/enduser/downloadextension.webp) -NOTE: If you need more information about installing the browser extension, please visit the -following topic in our documentation: +:::note +If you need more information about installing the browser extension, visit the +following topic in the documentation: [Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) +::: -Step 2 – After downloading, the browser extension is simply dragged and dropped into the browser. -See the Get button in the upper-right section of the screenshot below. +Step 2 – After downloading, the browser extension is dragged and dropped into the browser. +See the Get button in the upper-right section of the following screenshot. ![getextension](/images/passwordsecure/9.2/enduser/getextension.webp) -Step 3 – After confirming a security question, it is installed, and an icon appears in the menu bar +Step 3 – Confirm the security prompt. An icon appears in the menu bar to "add the extension". ![addextension](/images/passwordsecure/9.2/enduser/addextension.webp) -Step 4 – Please open or reload the web application of Netwrix Password Secure (see link in email +Step 4 – open or reload the web application of Netwrix Password Secure (see link in email from your administrator) to connect your user profile with the extension. See the lock icon in the -screenshot below. +following screenshot. ![extensionadded](/images/passwordsecure/9.2/enduser/extensionadded.webp) -Step 5 – Now click on this icon in your browser to open the browser extension. See the Adopt Select -**Adopt Web Application profile**. Done! +Step 5 – Click this icon in your browser to open the browser extension. Select +**Adopt Web Application profile**. ![nodatabaseprofile](/images/passwordsecure/9.2/enduser/nodatabaseprofile.webp) -RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand! +RECOMMENDED: If not done yet, bookmark this page for quick access. diff --git a/docs/passwordsecure/9.2/enduser/cleanuppasswords.md b/docs/passwordsecure/9.2/enduser/cleanuppasswords.md index f97813b05b..e3e10ebc3d 100644 --- a/docs/passwordsecure/9.2/enduser/cleanuppasswords.md +++ b/docs/passwordsecure/9.2/enduser/cleanuppasswords.md @@ -6,64 +6,59 @@ sidebar_position: 20 # Clean up Your Passwords -For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This +For a clean relocation of passwords, clean up all your passwords beforehand. This means to check which secrets are still up-to-date or if there are any duplicates you can remove -first! +first. ## Transer Data from Your Browser -With Netwrix Password Secure, you now have the right tool to save and manage all your secrets handy -at one place and above all a safe alternative to browser-saved passwords! But how can you now -securely import them to your new solution? +Netwrix Password Secure provides a secure alternative to browser-saved passwords. To import your existing credentials: -Simply do this: - -Step 1 – Every time you login to a website now and your browser wants to autofill, this Password +Step 1 – Every time you log in to a website now and your browser wants to autofill, this Password Secure Pop-up will appear, asking you if you would like to save your secret in Netwrix Password -Secure. Just click **Create new**. See the screenshot below. +Secure. Click **Create new**. See the following screenshot. ![createnew](/images/passwordsecure/9.2/enduser/createnew.webp) -Step 2 – Now the Web Application will open and automatically transfer the recognized login data, +Step 2 – The Web Application opens and automatically transfers the recognized login data, including URL to a new data set. ![createpassword](/images/passwordsecure/9.2/enduser/createpassword.webp) Step 3 – Choose an organizational unit in which you want to save it and give your new data set a meaningful name to find it again quickly. (You now also have the option to add further information -and tags.) Now click **Save**. See the box to the right of Organizational unit in the screenshot -above. +and tags.) Now click **Save**. See the box to the right of Organizational unit in the previous screenshot. ## Check for Weak Passwords -Your passwords do not automatically become secure after they have been transferred to Netwrix +Your passwords don't automatically become secure after they have been transferred to Netwrix Password Secure. No matter how well protected a password is - if it is easy for a hacker to guess, -they don't need access to the password manager to use it. This is why our solution automatically +they don't need access to the password manager to use it. This is why the solution automatically checks the strength of your password and much more. Step 1 – Paste your password in the password field. See the box to the right of the Password field -in the screenshot below. +in the following screenshot. ![passwordfield](/images/passwordsecure/9.2/enduser/passwordfield.webp) -Step 2 – If it is not classified as "strong" (green), we strongly recommend using the integrated -password generator to assign a new, secure password: Therefore, just click on the white password -generator icon to the right of the password field. See the Strong button in the screenshot above. +Step 2 – If it isn't classified as "strong" (green), Netwrix strongly recommends using the integrated +password generator to assign a new, secure password: Click the white password +generator icon to the right of the password field. See the Strong button in the previous screenshot. -Step 3 – The password generator will open. A secure password is created automatically just click -“Apply”. (Learn more about the possibilities of our password manager in the next chapter.) +Step 3 – The password generator opens. A secure password is created automatically. Click +“Apply”. (See the next chapter for password manager capabilities.) ![passwordgenerator](/images/passwordsecure/9.2/enduser/passwordgenerator.webp) Step 4 – Now don't forget to replace your password in the target application as well. -**Great side effect!** The access data stored in your browser is no longer up to date and therefore -no longer a danger! You should also think about deleting these passwords from your browser +**Side effect:** The access data stored in your browser is no longer up to date and therefore +no longer a danger. You should also think about deleting these passwords from your browser permanently. ## Create Strong Passwords -The password generator offers three possibilities to create a secure password. To open it, click on +The password generator offers three possibilities to create a secure password. To open it, click “Create password” and then on the password generator icon right to the password field. Step 1 – Create a user defined password which gives you the most options such as including and @@ -75,10 +70,12 @@ Step 2 – Create a phonetic password that is easier to pronounce, but still com ![phonetic](/images/passwordsecure/9.2/enduser/phonetic.webp) -NOTE: This option is best suited for passwords that must be read and typed in, such as operating +:::note +This option is best suited for passwords that must be read and typed in, such as operating machines without an internet connection. +::: Step 3 – Create a password according to a set password rule in your company: If your IT has already -stored password guidelines for you, you can select them here and simply click on apply. +stored password guidelines for you, you can select them here and click apply. ![rule](/images/passwordsecure/9.2/enduser/rule.webp) diff --git a/docs/passwordsecure/9.2/enduser/createnewentry.md b/docs/passwordsecure/9.2/enduser/createnewentry.md index b1555eb7aa..7e1ec96cf0 100644 --- a/docs/passwordsecure/9.2/enduser/createnewentry.md +++ b/docs/passwordsecure/9.2/enduser/createnewentry.md @@ -1,19 +1,19 @@ --- -title: "Create a New Entry from Scratch" -description: "Create a New Entry from Scratch" +title: "Create a New Entry " +description: "Create a New Entry" sidebar_position: 30 --- -# Create a New Entry from Scratch +# Create a New Entry -Follow the steps to create a new entry from scratch. +To create a new entry: Step 1 – First, click _Create new password_ on the upper left in Netwrix Password Secure. ![createnewpassword](/images/passwordsecure/9.2/enduser/createnewpassword.webp) -Step 2 – A form will open. Now choose the form you need, such as "Website," on the upper right. See -the form drop-down list in the screenshot below. +Step 2 – A form opens. Now choose the form you need, such as "Website," on the upper right. See +the form dropdown list in the following screenshot. ![selectform](/images/passwordsecure/9.2/enduser/selectform.webp) @@ -36,15 +36,19 @@ Step 3 – Let`s fill out the website form in this example. ![username](/images/passwordsecure/9.2/enduser/username.webp) - Enter the password manually or use the password generator by clicking on the button in the middle - (high number). The password generator will open. + (high number). The password generator opens. -NOTE: To learn more about the generating of passwords, see the -[Clean up Your Passwords](/docs/passwordsecure/9.2/enduser/cleanuppasswords.md) topic for additional information. +:::note +For details on generating passwords, see +[Clean up Your Passwords](/docs/passwordsecure/9.2/enduser/cleanuppasswords.md). +::: ![password](/images/passwordsecure/9.2/enduser/password.webp) -NOTE: By clicking on the **lock icon** right to the password generator, you can mask and unmask your +:::note +By clicking on the **lock icon** right to the password generator, you can mask and unmask your password. +::: - Enter the website URL that leads to the login. @@ -54,4 +58,4 @@ password. ![tags](/images/passwordsecure/9.2/enduser/tags.webp) -Step 4 – Click **Save**, and you are done! +Step 4 – Click **Save**, and you are done. diff --git a/docs/passwordsecure/9.2/enduser/organizepasswords.md b/docs/passwordsecure/9.2/enduser/organizepasswords.md index e8efc70ae4..4e0f12b06e 100644 --- a/docs/passwordsecure/9.2/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.2/enduser/organizepasswords.md @@ -11,9 +11,9 @@ sidebar_position: 40 The tab system is used to structure all your passwords: Tabs help you to make them easier to manage and find. You can create several tabs and switch between them within one click. -Follow the steps to add a team tab. +To add a team tab: -Step 1 – Click on the **Plus** sign and a form will open. +Step 1 – Click the **Plus** sign. A form opens. ![newform](/images/passwordsecure/9.2/enduser/newform.webp) @@ -22,7 +22,7 @@ or use the search field to find the unit you need. ![search](/images/passwordsecure/9.2/enduser/search.webp) -Step 3 – Click **OK** to close the form and your new team tab will open automatically. +Step 3 – Click **OK** to close the form. Your new team tab opens automatically. ## Search with Tags @@ -32,40 +32,44 @@ assign any number of tags to your passwords to categorize and find them again qu ![assigntags](/images/passwordsecure/9.2/enduser/assigntags.webp) -To find a password, just use the search field and enter a tag like the department or position you -are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for +To find a password, use the search field and enter a tag like the department or position you +are in (i.e., “Marketing”). Netwrix Password Secure searches for tags and also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). ![searchresults](/images/passwordsecure/9.2/enduser/searchresults.webp) -NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in -which this word does not appear will be displayed (i.e., all social media accounts that are used +:::note +Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in +which this word doesn't appear are displayed (i.e., all social media accounts that are used outside of marketing = "-social media marketing"). +::: ## Choose Your View Netwrix Password Secure offers two different views - the list and tile view. Just **switch the -button** on the upper right to change views! +button** on the upper right to change views. List View -The screenshot below shows the list view. +The following screenshot shows the list view. ![listview](/images/passwordsecure/9.2/enduser/listview.webp) Tile View -The screenshot below shows the title view. +The following screenshot shows the tile view. ![switchbutton](/images/passwordsecure/9.2/enduser/switchbutton.webp) When in **tile view**, you can also drag and drop the buttons on another position. By hovering over -them with the mouse, you will see more information like the username, and you can login with one +them with the mouse, you see additional information like the username, and you can log in with one click. ![titleview](/images/passwordsecure/9.2/enduser/titleview.webp) -NOTE: The **list view** is suitable for many data sets while the tile view is particularly favorable +:::note +The **list view** is suitable for many data sets while the tile view is particularly favorable for the most frequently used secrets. +::: RECOMMENDED: Use the list view for all shared secrets and the tile view for personal accounts. diff --git a/docs/passwordsecure/9.2/enduser/overview.md b/docs/passwordsecure/9.2/enduser/overview.md index 0c153f6537..e8ed4f7475 100644 --- a/docs/passwordsecure/9.2/enduser/overview.md +++ b/docs/passwordsecure/9.2/enduser/overview.md @@ -6,16 +6,11 @@ sidebar_position: 70 # Getting Started for End Users -It is time to set up your new password management solution Netwrix Password Secure! The process -won't take too long, but you should allow yourself a little time to get to know the product. As when -it comes to your IT security, it's important to make sure you get it right. Below is a step-by-step -guide to setting up a password manager and leading you through the first few steps. +This guide walks you through setting up Netwrix Password Secure and your first steps with the product. ## How to Log In -Where can I find my username and password? - -You can find your login data in the email provided by your administrator. This email also contains +Your administrator provides your username and password by email. This email also contains the following information: - Link to the Netwrix Password Secure Web Application diff --git a/docs/passwordsecure/9.2/faq/security/encryption.md b/docs/passwordsecure/9.2/faq/security/encryption.md index 06ec693fb1..5f8c31ef25 100644 --- a/docs/passwordsecure/9.2/faq/security/encryption.md +++ b/docs/passwordsecure/9.2/faq/security/encryption.md @@ -13,19 +13,21 @@ requirements were assessed according to how safe they were. Parallel to the deve theoretical concepts of external security companies were examined in terms of feasibility, as well as compliance with IT security standards. Prototypes have been ultimately developed on the basis of these findings, which form the blueprint for the current Netwrix Password Secure version 9. The -following encryption techniques and algorithms are currently in use: +following encryption techniques and algorithms are in use: - AES-GCM 256 - PBKDF2 with 623,420 SHA256 iterations (client- and server-side) for the creation of user hashes - PBKDF2 with 610,005 SHA256 iterations for the encryption of the user keys - ECC (with the "NIST P-521" curve) for the private-public key procedure -NOTE: All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +:::note +All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +::: ## Applied cryptographic procedures Applied cryptographic procedures The container encryption of the passwords is based on the -aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, +previous algorithms. Each container has its own randomly generated salt. Each password, user, and role has its own key pair. When releases are granted for users and roles, the passwords within the database are hierarchically encrypted. Netwrix Password Secure also uses the following cryptographic methods to achieve maximum security: @@ -38,6 +40,8 @@ own certificate authority (CA) as an option. Latest version of the Secure Socket Passwords are only encrypted and transported to the client when they have been explicitly requested in advance. More… -**CAUTION:** Only secrets are encrypted. Metadata is not encrypted to ensure search speed. Secrets -are usually passwords. However, the customer can decide what kind of data they are. Note that -Secrets cannot be searched for. +:::warning +Only secrets are encrypted. Metadata isn't encrypted to ensure search speed. Secrets +are usually passwords. However, the customer can decide what kind of data they are. +Secrets can't be searched for. +::: diff --git a/docs/passwordsecure/9.2/faq/security/high_availability.md b/docs/passwordsecure/9.2/faq/security/high_availability.md index 1b3ad7ffad..12945f21b4 100644 --- a/docs/passwordsecure/9.2/faq/security/high_availability.md +++ b/docs/passwordsecure/9.2/faq/security/high_availability.md @@ -6,14 +6,16 @@ sidebar_position: 30 # High availability -## What is high availability? +## High availability overview High availability is designed to guarantee the further operation of Netwrix Password Secure in the -event of damage. A series of requirements need to be met in advance in order to use this feature +event of damage. A series of requirements need to be met in advance to use this feature -**CAUTION:** As the configuration of high availability is complex, it is (generally) implemented -during a consultation. If you are interested in this feature, please contact us directly or contact +:::warning +As the configuration of high availability is complex, it is (generally) implemented +during a consultation. If you are interested in this feature, contact Netwrix directly or contact your responsible partner. +::: #### Requirements @@ -21,7 +23,7 @@ The following points should be observed during the configuration. - It is essential that MSSQL Enterprise Version is used for replicating the database (even in the case of a replication across multiple locations) -- To achieve a better level of protection, we recommend operating the Netwrix Password Secure +- To achieve a better level of protection, Netwrix recommendsoperating the Netwrix Password Secure database on its own cluster - A Netwrix Password Secure application server needs to be licensed for each location. Every application server has its own configuration database. @@ -31,7 +33,7 @@ Load balancer - To reduce the load on the server, a load balancer can be installed upstream of the application server - If no load balancer is used, the distribution of the database profiles for the users is generally - carried out via the registry + performed via the registry If a database is set up at ”location A” including an AD profile, the certificate needs to exported there and then imported onto the server at “location B”. The database is replicated using MSSQL @@ -39,5 +41,7 @@ technology and can be integrated as an existing database into Netwrix Password S B”. If the application server at “location A” fails, the server in the registry needs to be replaced (location B) and rolled out again to users using group rules (GPO). -NOTE: Only peer-to-peer transaction replication is tested. If a different type of replication is +:::note +Only peer-to-peer transaction replication is tested. If a different type of replication is used, it should be tested in advance. +::: diff --git a/docs/passwordsecure/9.2/faq/security/penetration_tests.md b/docs/passwordsecure/9.2/faq/security/penetration_tests.md index bc05ed4133..d90f8b065f 100644 --- a/docs/passwordsecure/9.2/faq/security/penetration_tests.md +++ b/docs/passwordsecure/9.2/faq/security/penetration_tests.md @@ -10,14 +10,14 @@ sidebar_position: 20 The high security standards of Netwrix Password Secure are regularly attested by external pentests of different providers. New functions in particular are always subjected to penetration tests in -order to have them thoroughly checked before release. The resulting findings enable us to detect and +order to have them thoroughly checked before release. The resulting findings enable Netwrix to detect and eliminate potential vulnerabilities in advance. -## Why we test regularly? +## Regular testing at Netwrix -In pentesting, external and certified security auditors look specifically for security gaps and +In pentesting, external, and certified security auditors look specifically for security gaps and weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the client side, the source code is checked and the quality of the cryptographic process is assessed. In this way, the security of Netwrix Password Secure and the data stored in it is tested in advance in -order to be able to offer our customers effective protection and minimize the risk of success of an +order to be able to offer the customers effective protection and minimize the risk of success of an attack. diff --git a/docs/passwordsecure/9.2/index.md b/docs/passwordsecure/9.2/index.md index 704dcdb067..2f2e3186b1 100644 --- a/docs/passwordsecure/9.2/index.md +++ b/docs/passwordsecure/9.2/index.md @@ -4,7 +4,7 @@ description: "Why Netwrix Password Secure?" sidebar_position: 1 --- -# Why Netwrix Password Secure? +# Netwrix Password Secure overview Users depend on passwords in their day-to-day business worldwide. Passwords are used constantly and everywhere, and they need to be professionally managed. Passwords should be safe, have at least 12 characters, and include uppercase and lowercase characters as well as special characters. In the best case, a separate access diff --git a/docs/passwordsecure/9.2/installation/installation.md b/docs/passwordsecure/9.2/installation/installation.md index 7250488faa..50b4e5e2b3 100644 --- a/docs/passwordsecure/9.2/installation/installation.md +++ b/docs/passwordsecure/9.2/installation/installation.md @@ -44,12 +44,14 @@ At least three servers are thus recommended: - Application server (Netwrix Password Secure services) - Web server (IIS, NginX, Apache 2) -**CAUTION:** For databases in a production system, we recommend using a fail-safe cluster. Microsoft -SQL Server can replicate the data to a different data centre, e.g via WAN. We also recommend +:::warning +For databases in a production system, Netwrix recommendsusing a fail-safe cluster. Microsoft +SQL Server can replicate the data to a different data centre, e.g via WAN. Netwrix also recommends providing a Windows server for each function. Separating the systems makes it easier to expand and -scale the system landscape at a later point. However, it is not absolutely necessary to separate the +scale the system landscape at a later point. However, it isn't absolutely necessary to separate the systems. Accordingly, all of the components can also be installed on one server in the case of smaller installations or test environments. +::: ### Firewall rules / Ports @@ -61,7 +63,7 @@ smaller installations or test environments. - Port 443 HTTPS for connection to the Netwrix Password Secure license server (outgoing) - Port 11011 TCP for communication with clients or web server IIS (incoming) -- Port 11014 TCP for the backup service (usually does not need to be unlocked) +- Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - Port 1433 TCP for communication with SQL Server (outgoing) diff --git a/docs/passwordsecure/9.2/installation/installation_server_manager.md b/docs/passwordsecure/9.2/installation/installation_server_manager.md index 6b75d3b922..001001ea5f 100644 --- a/docs/passwordsecure/9.2/installation/installation_server_manager.md +++ b/docs/passwordsecure/9.2/installation/installation_server_manager.md @@ -10,7 +10,7 @@ sidebar_position: 20 The MSI installation files and the associated [Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md) can be found in the corresponding -sections. The following step-by-step guide will accompany you through the wizards. +sections. The following step-by-step guide walks you through the wizards. ![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-1-en.webp) @@ -20,9 +20,9 @@ First you are required to read and accept the license terms. These can also be p The next step is to define the location. The suggested location can be retained. -If you want to use Netwrix Password Secure as an identity provider -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) -must be selected. Otherwise, it will not be installed. +To use Netwrix Password Secure as an identity provider, select +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md). +Otherwise, it is not installed. ![Password Secure Server Setup](/images/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-3-en.webp) @@ -40,5 +40,7 @@ After the installation, you can login directly to the Server Manager. ![Server Authentication](/images/passwordsecure/9.2/installation/installation_server_manager/server-auth-en.webp) -NOTE: The initial password for the first login is “admin”. It should be changed directly after the +:::note +The initial password for the first login is “admin”. It should be changed directly after the logon. +::: diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md index 277b83e401..95da8e658d 100644 --- a/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md @@ -13,12 +13,14 @@ it via the following link: [Add-on for Google Chrome](https://chrome.google.com/webstore/detail/netwrix-password-secure/bpjfchmapbmjeklgmlkabfepflgfckip). Alternatively, you can also access the Google Store via the Autofill Add-on. To do this, right-click -the icon to open the context menu. After a further click on Install Browser Extensions the Google -Chrome Add-on can be selected, whereupon you will be redirected directly to the Google Store. +the icon to open the context menu. After a further click Install Browser Extensions the Google +Chrome Add-on can be selected. You are then redirected directly to the Google Store. The installation is started via Add. The add-on is now installed and the icon is added to the browser. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet. +::: diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md index 8b6534686f..26ab262e2c 100644 --- a/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md @@ -14,5 +14,7 @@ downloaded from the following link: ![Add-on Edge](/images/passwordsecure/9.2/installation/browser/addon-edge-en.webp) -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md index f42bc00077..b5fb2eab85 100644 --- a/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md @@ -12,9 +12,11 @@ The installation of the Firefox Add-on is done directly from the official Store. can be downloaded from the following link: [Add-on firefox](https://addons.mozilla.org/en-US/firefox/addon/password-safe-browser-add-on/). -After the download, the add-on is simply dragged and dropped into the browser. +After the download, the add-on is dragged and dropped into the browser. After confirming a security question, it is installed and an icon is created in the menu bar. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md index 2d02073dab..1e846e9618 100644 --- a/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md @@ -11,5 +11,4 @@ sidebar_position: 40 The Safari Add-on can be downloaded from the following link: [Add-on Safari](https://releases.netwrix.com/products/passwordsecure/9.2/passwordsecure-MacApp-9.2.6.33415.dmg). -To install it, simply double-click on the downloaded file. A window will open where you then only -need to drag and drop the Netwrix Password Secure logo onto the applications. +To install it, double-click the downloaded file. A window opens where you drag and drop the Netwrix Password Secure logo onto the applications. diff --git a/docs/passwordsecure/9.2/installation/installationclient/installation_client.md b/docs/passwordsecure/9.2/installation/installationclient/installation_client.md index 97b53020d8..4d4a3814a8 100644 --- a/docs/passwordsecure/9.2/installation/installationclient/installation_client.md +++ b/docs/passwordsecure/9.2/installation/installationclient/installation_client.md @@ -10,7 +10,7 @@ sidebar_position: 30 The MSI installation files and the associated [Client configuration](/docs/passwordsecure/9.2/installation/requirements/client_configuration.md) can be found in the corresponding -sections. The following step-by-step guide will accompany you through the wizards. +sections. The following step-by-step guide walks you through the wizards. ![installation wizard page 1](/images/passwordsecure/9.2/installation/installation_client/installation-client-1-en.webp) @@ -19,8 +19,10 @@ You are required to read and accept the terms of service. These can also be prin The next step is to define the location of the client. The suggested location can be retained.You can also define whether additional components should be installed. -**CAUTION:** Please only install the Terminal Server Service (for Autofill Add-on) if terminal -server operation is intended! +:::warning +Only install the Terminal Server Service (for Autofill Add-on) if terminal +server operation is intended. +::: ![installation wizard page 2](/images/passwordsecure/9.2/installation/installation_client/installation-client-3-en.webp) @@ -53,14 +55,14 @@ The Autofill Add-on is used for SSO applications. For connection to the database, the creation of a database profile is obligatory. The following information is required: -- Profile name: The name of the profile. This will be displayed on the client in the future +- Profile name: The name of the profile. This name is displayed on the client - IP address: The IP address of the Netwrix Password Secure V8 server is stored here - Database name: Specifies the name of the database ## Distributing database profiles via the registry There is also an option to distribute database profiles. The profiles are specified via a -corresponding registry entry. The next time Netwrix Password Secure is started, the profiles will be +corresponding registry entry. The next time Netwrix Password Secure starts, the profiles are saved in the local configuration file. The database connection can be made with the following keys: @@ -95,6 +97,8 @@ HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfile ``` -NOTE: When the corresponding registry entry is set and no related database profile exists, the -profile will be created at the next start-up. Please note that profiles created like this cannot be +:::note +When the corresponding registry entry is set and no related database profile exists, the +profile is created at the next start-up. Profiles created like this can't be edited or deleted in the client. +::: diff --git a/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md index 0e05de97f5..009e9d2cce 100644 --- a/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md +++ b/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Installation with parameters -## What is installation with parameters? +## Installation with parameters overview The installation of the Netwrix Password Secure client can also be optionally run on the command line. This method also requires the transfer of parameters. These can be combined with one another. In this case, the individual parameters are separated from one another by a blank space. The -parameters listed in the following section enable you to adapt the type of client installation. +parameters listed in the following section let you adapt the type of client installation. ## Running on the command line with parameters diff --git a/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md b/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md index 762531e32a..a712089dc7 100644 --- a/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Apache -In order to integrate the Web Application onto an Apache server, it is first necessary to enter all +To integrate the Web Application onto an Apache server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,16 +16,16 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. +You must enter the directory in which the certificate is saved here. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. +Finally, you must enter where the certificate key is located here. ![apache-en](/images/passwordsecure/9.2/installation/installation_web_application/apache-en.webp) Once all of the settings have been entered, the Web Application can be created via the button in the -ribbon. The folder in which the ZIP file is located will then open automatically. The archive is now +ribbon. The folder in which the ZIP file is located then opens automatically. The archive is now unzipped and the contents copied to the document directory on the web server. The configuration for the Apache server has now also been created and can be viewed on the Server @@ -36,8 +36,10 @@ Manager. The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the Apache server. -NOTE: The configuration of the Apache server is always individual. Therefore, it is only possible to +:::note +The configuration of the Apache server is always individual. Therefore, it is only possible to roughly describe the process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md index dde4233f69..998d8e1a17 100644 --- a/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md @@ -6,14 +6,16 @@ sidebar_position: 40 # Installation Web Application -**CAUTION:** This guide focuses on the initial installation of the Web Application and is not +:::warning +This guide focuses on the initial installation of the Web Application and isn't relevant for further updates. +::: ## Preparations for installation ### System requirements -Please ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md)r requirements have been met. +Ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md)r requirements have been met. ### SSL certificate @@ -24,7 +26,7 @@ server and the Netwrix Password Secure server. ### Databases All databases that are to be used on the Web Application must be enabled for this purpose. With a -double click on the corresponding database the option "Access via Web Application" can be activated. +double click the corresponding database the option "Access via Web Application" can be activated. ## Installation @@ -37,14 +39,18 @@ firstly needs to be entered: Name the folder where the ZIP archive with the Web Application should be placed. -**CAUTION:** If t Do not use the Server Manager installation directory +:::warning +If t Don't use the Server Manager installation directory +::: -NOTE: If the web server is created on IIS, execute config.bat to handle integration of the web +:::note +If the web server is created on IIS, execute config.bat to handle integration of the web server. +::: ### Server IP -Please check if the IP address is correct otherwise no connection to the Web Application can be +Check if the IP address is correct otherwise no connection to the Web Application can be established. If the IP address is wrong, you have to change it in the basic configuration of the Server Manager. @@ -62,26 +68,30 @@ each specific web server. ## CORS configuration A button for the so-called CORS configuration can be found on the ribbon. It is essential that this -configuration is carried out before the Web Application can be used. A list of the permitted CORS +configuration is performed before the Web Application can be used. A list of the permitted CORS domains will be saved as a result. Requests received via the Web Application can then be checked -against this list. The request will only be successfully carried out if the origin header for a +against this list. The request will only be successfully performed if the origin header for a request is available in the permitted domains. -In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on +To add a domain, enter it at the bottom of the dialogue. Clicking on :material-plus-circle-outline: will add the entry to the list at the top. ![cors-en-new](/images/passwordsecure/9.2/installation/installation_web_application/cors-en-new.webp) -NOTE: In general, it is sufficient to add the IP address which was also saved as the Web server host +:::note +In general, it is sufficient to add the IP address which was also saved as the Web server host address. +::: -## Calling up the Web Application +## Opening the Web Application -The process for calling up the Web Application is dependent on the configuration of the web server: +The process for opening the Web Application is dependent on the configuration of the web server: - Web Application in root directory -> `https://hostname` - Web Application in a subdirectory -> `https://hostname/path-to-subdirectory` -- Port is not set to 443 -> `https://hostname:port/path-to-subdirectory` +- Port isn't set to 443 -> `https://hostname:port/path-to-subdirectory` -NOTE: In order for the redirect to be used, it is important to ensure on apache and nginx web +:::note +In order for the redirect to be used, ensure on apache and nginx web servers that no other host listens to port 80. +::: diff --git a/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md b/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md index 53771713f1..d525aa9c17 100644 --- a/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md @@ -11,8 +11,8 @@ integrating it into the system: ## Create as its own website -For this option, a website with the name "Web Application" will be directly created on the IIS by -config.bat. The Web Application will be operated here from the standard directory +For this option, a website with the name "Web Application" is directly created on the IIS by +config.bat. The Web Application is operated from the standard directory C:\inetpub\wwwroot. ## Integrate in existing website @@ -32,21 +32,25 @@ create a new directory. ## Config.bat The file config.bat can be found in the newly created Web Application directory and now needs to be -executed when logged on as the administrator. This will integrate the Web Application into the IIS +executed when logged on as the administrator. This integrates the Web Application into the IIS web server. -NOTE: If the system requirements have not been met, you will be informed that the URL Rewrite and/or +:::note +If the system requirements have not been met, you are informed that the URL Rewrite and/or Application Request Routing modules need to be installed. In this case, follow the instructions on -the wizard that will then immediately open. In addition, it is necessary to install the WebSocket +the wizard that then immediately opens. In addition, you must install the WebSocket Protokoll. Afterwards, config.bat needs to be executed again. +::: -If the website has been correctly created, this will be correspondingly indicated by the +If the website has been correctly created, this is correspondingly indicated by the notification IIS page created. ![IIS-creating page](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-4-en.webp) -**CAUTION:** Following a successful installation, it is imperative that config.bat is deleted! The +:::warning +Following a successful installation, it is imperative that config.bat is deleted. The config.bat file should also not be used for an "update" +::: ## Certificate diff --git a/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md b/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md index ab7ec622fb..7a6419bb15 100644 --- a/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md @@ -6,7 +6,7 @@ sidebar_position: 30 # nginx -In order to integrate the Web Application onto an nginx server, it is first necessary to enter all +To integrate the Web Application onto an nginx server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,18 +16,18 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. The standard +You must enter the directory in which the certificate is saved here. The standard path here is /etc/nginx/certs/Web Application.crt. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. The default setting is +Finally, you must enter where the certificate key is located here. The default setting is /etc/nginx/certs/Web Application.key. ![ngnix installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-9-en.webp) Once all of the settings have been entered, the Web Application can be created via the button in the -ribbon. The folder in which the ZIP file is located will then immediately open. The archive is +ribbon. The folder in which the ZIP file is located then immediately opens. The archive is unzipped and its contents are copied to the document directory on the web server. The configuration for the nginx server was also created together with the ZIP file. This can be @@ -38,8 +38,10 @@ directly viewed on the Server Manager. The configuration then still needs to be integrated onto the nginx server. It can be directly copied on the Server Manager for this purpose. -NOTE: Every web server configuration is individual. Therefore, it is only possible to outline the +:::note +Every web server configuration is individual. Therefore, it is only possible to outline the normal process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/9.2/installation/requirements/application_server.md b/docs/passwordsecure/9.2/installation/requirements/application_server.md index bb16428681..3c0f91a29b 100644 --- a/docs/passwordsecure/9.2/installation/requirements/application_server.md +++ b/docs/passwordsecure/9.2/installation/requirements/application_server.md @@ -32,7 +32,7 @@ sidebar_position: 10 - Port 11011 TCP for communication with windows applications or web server IIS (incoming) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - - Port 11014 TCP for the backup service (usually does not need to be unlocked) + - Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11015 TCP for Entra ID communication (incoming; only when using the Entra ID provisioning) - Port 11019 TCP for using Password Secure as Identity Provider (SAML) (incoming) diff --git a/docs/passwordsecure/9.2/installation/requirements/client_configuration.md b/docs/passwordsecure/9.2/installation/requirements/client_configuration.md index a04c4f5141..f69cf0d000 100644 --- a/docs/passwordsecure/9.2/installation/requirements/client_configuration.md +++ b/docs/passwordsecure/9.2/installation/requirements/client_configuration.md @@ -8,7 +8,9 @@ sidebar_position: 30 #### System Components -NOTE: Our Windows Application (Win App) is not available for MSP-customers! +:::note +The Windows Application (Win App) isn't available for MSP-customers. +::: | | | | | --------------------------- | ----------------------------------- | ---------------------- | diff --git a/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md b/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md index 89a0dc7ea5..503b36eee3 100644 --- a/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md +++ b/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md @@ -8,8 +8,10 @@ sidebar_position: 50 #### Required Version -**CAUTION:** Our mobile apps are only supported on devices with the official OS (no jailbreak, not +:::warning +The mobile apps are only supported on devices with the official OS (no jailbreak, not rooted). +::: | | | | | ---------------- | ------- | ----------- | diff --git a/docs/passwordsecure/9.2/installation/requirements/mssql_server.md b/docs/passwordsecure/9.2/installation/requirements/mssql_server.md index 2bbab17206..6df1bf9cb0 100644 --- a/docs/passwordsecure/9.2/installation/requirements/mssql_server.md +++ b/docs/passwordsecure/9.2/installation/requirements/mssql_server.md @@ -9,17 +9,19 @@ sidebar_position: 20 #### Required Version RECOMMENDED: Using MS SQL Server Express can lead to significant performance issues because of the -various limitations. Our recommendation is to use MS SQL Server Standard as a minimum. +various limitations. The recommendation is to use MS SQL Server Standard as a minimum. -Please follow Microsoft recommendations for system requirements for SQL Server. +Follow Microsoft recommendations for system requirements for SQL Server. | | | | | --------------------- | ------- | ----------- | | Attribute | Minimum | Recommended | | MS SQL Server Version | 2019 | 2022 | -**CAUTION:** If you plan to install the MS SQL Server on the machine with the Netwrix Password -Secure application server, please ensure to meet the combined minimum requirements for both systems. +:::warning +If you plan to install the MS SQL Server on the machine with the Netwrix Password +Secure application server, ensure to meet the combined minimum requirements for both systems. +::: #### Required Configuration diff --git a/docs/passwordsecure/9.2/introduction/introduction.md b/docs/passwordsecure/9.2/introduction/introduction.md index 9d5cd3dd79..e00cd67c8f 100644 --- a/docs/passwordsecure/9.2/introduction/introduction.md +++ b/docs/passwordsecure/9.2/introduction/introduction.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Introduction -## Welcome to the official Netwrix Password Secure documentation! +## Welcome to the official Netwrix Password Secure documentation. All Netwrix product announcements have moved to the Netwrix Community. See announcements for Netwrix Password Secure in the diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md index 9b52d3b21f..78bebe437e 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md @@ -26,4 +26,4 @@ sidebar_position: 90 - System tasks are no longer deactivated after each run if they were configured with the interval 'Once' in the past. - HSM accesses are limited to a minimum now. -- A self-defined password can be used for the WebViewer export again +- A self-defined password supports the WebViewer export again diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md index 6cf5f533f7..5600e9f5d1 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md @@ -60,7 +60,7 @@ The following names have been changed: | SAML Service | IdP service | IdP Service | \* This improvement affects all views (basic and advanced view), apps and add-ons (Server Manager, -web and Windows app, autofill and offline add-on) the browser extension, API, and the server as well +web, and Windows app, autofill, and offline add-on) the browser extension, API, and the server as well as MSP. #### Basic view (formerly LightClient)\* diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md index c6b4e456fc..b74c0c6bb5 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md @@ -40,7 +40,7 @@ sidebar_position: 40 - The quick view and history of passwords can be opened again. - Spontaneous errors when changing selected passwords have been fixed. - Web applications with URLs defined as regex are recognized correctly. -- Logging in to the Windows app is possible again if you were last logged in in the standard view. +- Logging in to the Windows app is possible again if you were last logged in to the standard view. #### Web App diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md index 262cc7f39e..9b734e8aa5 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md @@ -28,12 +28,12 @@ sidebar_position: 30 #### Extended view - An external package with a vulnerability classified as weak has been updated. The vulnerability - could not be exploited via Netwrix Password Secure (This also affects the server & Server Manager + couldn't be exploited via Netwrix Password Secure (This also affects the server & Server Manager as well as the autofill & offline add-on.). - The obsolete property “Spaces” has been removed from the password policies (This also affects the offline add-on.). - A possible XSS vulnerability in the WebViewer has been closed (This also affects the web app.). -- A problem has been fixed where the password was not saved on the server after a change when it was +- A problem has been fixed where the password wasn't saved on the server after a change when it was copied to the clipboard. - The cross-client login for the browser extension is now also operational for synchronized Windows profiles. diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md index b66370d1fd..eb2104a17e 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md @@ -14,7 +14,7 @@ The default name of the configuration database now contains the host name of the #### API -The version of the API can now be called up within it. +The version of the API can now be opened within it. ## Fixed diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.2.32703.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.2.32703.md index 44d7232dcc..e6185e7bc3 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.2.32703.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.2.32703.md @@ -76,7 +76,7 @@ sidebar_position: 9 - Some missing components of the new design of the web app have now also been updated. -- Some errors in which texts were not loaded correctly have been fixed. +- Some errors in which texts weren't loaded correctly have been fixed. - The web app is loading the correct language again. @@ -84,7 +84,7 @@ sidebar_position: 9 #### Basic view -- Some errors in which texts were not loaded correctly have been fixed. +- Some errors in which texts weren't loaded correctly have been fixed. #### Browser extensions diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.3.32988.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.3.32988.md index 8e95ee4905..f6a10d792b 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.3.32988.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.3.32988.md @@ -14,15 +14,15 @@ sidebar_position: 8 #### Extended view (on Windows) - The option "Allow documents without file extension" is now a separate option. The corresponding configuration option in the list of allowed file extensions has been removed. - Obsolete executable files that are no longer required have been removed. -- All binaries are now published via the 'releases.netwrix.com' domain. This affects the setups of the Windows App and the server, the Safari extension for Mac, and the API. The check for new available versions is still executed via the old domain. Please adjust your firewall rules, if such are existing. +- All binaries are now published via the 'releases.netwrix.com' domain. This affects the setups of the Windows App and the server, the Safari extension for Mac, and the API. The check for new available versions is still executed via the old domain. Adjust your firewall rules, if such are existing. #### Extended view (on Windows & web) -- In preparation for the removal of the logo views from the product, it is no longer possible to upload new logos to the database. This does not affect the upload of icons or the display of existing logos. +- In preparation for the removal of the logo views from the product, it is no longer possible to upload new logos to the database. This doesn't affect the upload of icons or the display of existing logos. # Improvements #### Server -- The logging of events during the ECC migration has been improved in order to make the identification of potential sources of errors easier. +- The logging of events during the ECC migration has been improved to make the identification of potential sources of errors easier. #### Web app (basic and extended view) - The ordering and grouping of the elements from the 'Tools' page has been improved. @@ -50,7 +50,7 @@ sidebar_position: 8 - An issue in the MSI setups was resolved, which lead to displaying wrong license conditions. - Generated OTP codes displayed in the Emergency WebViewer are now correct. - OTP fields are now displayed in WebViewer exports. -- In older versions, there could be inconsistencies within the organisational structure. These have now been fixed. After the update, please check wether your organisational structure is still set up as expected. +- In older versions, there could be inconsistencies within the organisational structure. These have now been fixed. After the update, check wether your organisational structure is still set up as expected. #### Server Manager - When creating a database, the setting 'Activate realtime updates' is now saved correctly. diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.4.33163.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.4.33163.md index c8217563a4..2bcc6b3a2e 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.4.33163.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.4.33163.md @@ -21,7 +21,7 @@ sidebar_position: 7 - During login, the field for entering the user name is no longer emptied when the database name is changed. #### Server Manager -- The old version of the Web App, displayed in the Server Manager as “Web app (Legacy)”, can no longer be created. Please use the new web app with immediate effect! +- The old version of the Web App, displayed in the Server Manager as “Web app (Legacy)”, can no longer be created. Use the new web app with immediate effect. # Improvements @@ -30,7 +30,7 @@ sidebar_position: 7 #### Server - The performance of the software was improved in many areas. -- A third-party package containing a vulnerability was updated. We are not aware of any instances where the vulnerability was exploited. +- A third-party package containing a vulnerability was updated. Netwrix isn't aware of any instances where the vulnerability was exploited. #### Server Manager - When adding an existing database in the Server Manager, you can now select whether the database should be activated automatically. @@ -41,10 +41,10 @@ sidebar_position: 7 #### Extended view (on Windows) - The button to open the website of a password is now disabled if no URL is configured. This also affects the offline add-on. -- We have fixed an issue where the native Windows App could become unresponsive. You no longer need to end the application via Task Manager. +- This release fixes an issue where the native Windows App could become unresponsive. You no longer need to end the application via Task Manager. #### Extended view (on web) -- When configuring the password generator in a way that is not able to generate a password, the application no longer gets unresponsive. +- When configuring the password generator in a way that isn't able to generate a password, the application no longer gets unresponsive. - When a password is revealed in the quick view, it can be entered again if a reason is required. - The quick view no longer closes automatically when another modal, such as entering a reason, is opened. - The browser window no longer hangs when a user's password is changed. diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.6.33415.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.6.33415.md index 07dd93b0d4..ebc6731e92 100644 --- a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.6.33415.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.6.33415.md @@ -10,7 +10,7 @@ sidebar_position: 5 - The legacy web app was removed from the product completely. #### Server -- The SAML feature will soon be removed from Netwrix Password Secure! As a result of this announcement, it can no longer be installed on new systems. In addition, it can no longer be enabled for new databases. +- The SAML feature will soon be removed from Netwrix Password Secure. As a result of this announcement, it can no longer be installed on new systems. In addition, it can no longer be enabled for new databases. # Fixes diff --git a/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md index a9f8662af3..aa819ba7cc 100644 --- a/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -13,15 +13,19 @@ Before you execute the migration, you must ensure that the following preparation - Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client - Check in the [Database properties](/docs/passwordsecure/9.2/configuration/servermanager/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed - If that should be the case, **contact your users and make sure that they have to synchronize the + If that should be the case, **contact your users and ensure that they have to synchronize the Offline Add-on and the mobile app**. -**CAUTION:** If the OfflineClient or App does have not yet synchronized items, they are lost after -the migration mode is enabled! +:::warning +If the OfflineClient or App does have not yet synchronized items, they are lost after +the migration mode is enabled. +::: - Backup all certificates using the Netwrix Password Secure Server Manager -**CAUTION:** Only certificate backups made through the Server Manager are valid! +:::warning +Only certificate backups made through the Server Manager are valid. +::: ![Certificates](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/certificates-ac-1-en.webp) @@ -29,7 +33,7 @@ the migration mode is enabled! - Delete or restore all non “permanent deleted” users If you have deactivated or non “permanent deleted“ users it would make sense to delete them - permanently, otherwise the migration would never finalize. Keep in mind, that every E2EE User must + permanently, otherwise the migration would never finalize. Remember that every E2EE User must log in, before you can complete the migration. - Only have **one active Netwrix Password Secure-Server** In the case of multiple Netwrix Password Secure-Servers, you need to stop all Netwrix Password @@ -39,8 +43,10 @@ the migration mode is enabled! ## Migration -NOTE: During the migration, the database is in read-only mode. So it is possible to read all records -from the database, but it is not possible to add new or edit existing records. +:::note +During the migration, the database is in read-only mode. So you can read all records +from the database, but it isn't possible to add new or edit existing records. +::: #### Start migration @@ -50,8 +56,8 @@ Clicking on the icon **“Start migration”** in the databases' module to start Select the database you want to migrate and enter the code-word. -Remember, The code word is “Start”. Please make sure that you have read the whole documentation. -Otherwise, data loss might occur! +Remember, the code word is “Start”. Ensure that you have read the whole documentation. +Otherwise, data loss might occur. ![select database](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-2-en.webp) @@ -63,7 +69,9 @@ As written in the message, export all required certificates via the Netwrix Pass Manager. If you have multiple servers in use import the certificates via the Server Manager at the end of the migration process. -**CAUTION:** If certificates are missing the migration cannot be continued. +:::warning +If certificates are missing the migration can't be continued. +::: #### Watch the migration process diff --git a/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md index 11eb4feb09..edecc6cd2e 100644 --- a/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md @@ -8,11 +8,13 @@ sidebar_position: 20 ## Preparation: -If you use the Offline Add-on and the Mobile app it is necessary to synchronize them before your +If you use the Offline Add-on and the Mobile app you must synchronize them before your admin starts the migration. -**CAUTION:** If you do not synchronize your data, it is lost and no more accessible after the -migration! +:::warning +If you don't synchronize your data, it is lost and no more accessible after the +migration. +::: ## Migration @@ -21,5 +23,7 @@ the message **„Userdata migration finished”** appears. ![userdata_migration_finished_en](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/userdata_migration_finished_en.webp) -NOTE: The migration can only be carried out with the Web Application and NativeClient. A migration -just using the Extension, Autofill Add-on or the Mobile App is not possible. +:::note +The migration can only be performed with the Web Application and NativeClient. A migration +just using the Extension, Autofill Add-on or the Mobile App isn't possible. +::: diff --git a/docs/passwordsecure/9.2/maintenance/moving_the_server.md b/docs/passwordsecure/9.2/maintenance/moving_the_server.md index cea2c9fb2e..87caed70f3 100644 --- a/docs/passwordsecure/9.2/maintenance/moving_the_server.md +++ b/docs/passwordsecure/9.2/maintenance/moving_the_server.md @@ -8,12 +8,12 @@ sidebar_position: 20 ## Preparations -It is necessary to make some preparations so that the move can be completed without any problems. +You must make some preparations so that the move can be completed without any problems. #### 1. Installing the SQL server If the SQL server and the application server are on the same machine, the SQL server should be -installed on the new machine first. It is necessary to observe the +installed on the new machine first. you must observe the [MSSQL Server](/docs/passwordsecure/9.2/installation/requirements/mssql_server.md) for this process. #### 2. Installing the server @@ -28,7 +28,7 @@ is described under After the server has been installed, the [Basic configuration](/docs/passwordsecure/9.2/configuration/servermanager/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you want -to retain the old SQL server, it is necessary to give the configuration database a new name. +to retain the old SQL server, you must give the configuration database a new name. #### 4. Deactivating the old server @@ -43,13 +43,13 @@ After making these preparations, the data from the old server can be backed up. #### 1. Backing up the system If using a virtual machine, a backup of it should be created. The old version of the server can then -be restored in the event of problems. +be restored if problems occur. #### 2. Backing up the database -In order to transfer the data to the new server, a backup of the database should be created. -Although this is also possible via the Server Manager, we recommend carrying out the backup at the -SQL level: right click on the database, then on Tasks and Backup. The desired target folder is +To transfer the data to the new server, a backup of the database should be created. +Although this is also possible via the Server Manager, Netwrix recommendscarrying out the backup at the +SQL level: right click the database, then on Tasks and Backup. The desired target folder is selected in the following window. ![insert backup](/images/passwordsecure/9.2/maintenance/sql-backup-en.webp) @@ -68,7 +68,7 @@ needs to be integrated. #### 1. Integrating the database at the SQL level Firstly, a new database is created on the SQL server. This option can be found in the SQL Management -Studio after right clicking on Databases. It is usually sufficient to simply enter the database +Studio after right clicking on Databases. It is usually sufficient to enter the database names. ![integrate the database](/images/passwordsecure/9.2/maintenance/sql-new-db-en.webp) @@ -79,8 +79,10 @@ is also essential to check whether the correct database has been selected in the ![restore db](/images/passwordsecure/9.2/maintenance/sql-restore-en.webp) -NOTE: This method can be also used to import backups that were directly created from the Server +:::note +This method can be also used to import backups that were directly created from the Server Manager. +::: #### 2. Setting up the server @@ -99,5 +101,5 @@ Finally, the database is integrated onto the server via the database wizard. ## Modifications on the client -If the IP and/or host name for the server has changed, it is necessary to create/roll out new +If the IP and/or host name for the server has changed, you must create/roll out new database profiles from the client. diff --git a/docs/passwordsecure/9.2/maintenance/update.md b/docs/passwordsecure/9.2/maintenance/update.md index 5e64ce3a97..7555cf3472 100644 --- a/docs/passwordsecure/9.2/maintenance/update.md +++ b/docs/passwordsecure/9.2/maintenance/update.md @@ -1,111 +1,122 @@ --- -title: "Update" -description: "Update" -sidebar_position: 10 +Title: "Update" +Description: "Update" +Sidebar_position: 10 --- # Update ## Reasons for regular updates -Our development team is constantly working on the further development of the software. This does not -only involve fixing any problems but also primarily the development of new features to adapt the -software as best as possible to the requirements of our customers. Therefore, it is recommended that -you regularly install updates. +The development team is constantly working on the further development of the software. This doesn't +Only involve fixing any problems but also primarily the development of new features to adapt the +Software as best as possible to the requirements of the customers. Therefore, Netwrix recommends that +You regularly install updates. The documentation always refers to the latest version available. If Netwrix Password Secure deviates -from the documentation (e.g. in appearance or also its functional scope), it makes sense to firstly -update to the latest version. +From the documentation (e.g. In appearance or also its functional scope), it makes sense to firstly +Update to the latest version. -NOTE: The update check on the server or the client can be used to easily install the latest version. -The update check on the client must be activated in the settings for users beforehand. We recommend -leaving the update check deactivated for normal users! Otherwise these users could independently -attempt to install updates. Since a new client cannot connect to an old server, this results in the -user not being able to log in. +:::note +The update check on the server or the client lets you install the latest version. +The update check on the client must be activated in the settings for users beforehand. Netwrix recommends +Leaving the update check deactivated for normal users. Otherwise these users could independently +Attempt to install updates. Since a new client can't connect to an old server, this results in the +User not being able to log in. +::: ## Requirements The requirements should be checked or established before an update. -**CAUTION:** Please always check the Changelog for requirements or breaking changes before updating! +:::warning +Always check the Changelog for requirements or breaking changes before updating. +::: ### Check the software maintenance package -The right to install updates is acquired with the software maintenance package. It is important to -note that you are permitted to install all updates as long as the software maintenance package is -still active. If the software maintenance package has expired, you are only permitted to use those -versions that were released during the term of the software maintenance package. Therefore, you -should check whether the software maintenance package is still active before an update. This can be -easily checked on the Server Manager under +The right to install updates is acquired with the software maintenance package. You can install all updates as long as the software maintenance package is +Still active. If the software maintenance package has expired, you are only permitted to use those +Versions that were released during the term of the software maintenance package. Therefore, you +Should check whether the software maintenance package is still active before an update. This can be +Easily checked on the Server Manager under [License settings](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/license_settings.md). ### Creating a backup An update always involves making a profound change to the existing software. A corresponding [Backup management](/docs/passwordsecure/9.2/configuration/servermanager/mainmenu/backupsettings/backup_management.md) -should thus be created directly before the update to ensure that no data is lost if a serious -problem arises. +Should thus be created directly before the update to ensure that no data is lost if a serious +Problem arises. ### Checking compatibility An attempt is always made to design the Server Manager so that it is backwards compatible. -Unfortunately this is not always possible. Therefore, you should always check which client version -the Server Manager is compatible with before an update. The version history for the relevant version -will provide this information. +Unfortunately this isn't always possible. Therefore, you should always check which client version +The Server Manager is compatible with before an update. The version history for the relevant version +Provides this information. -**CAUTION:** If the password for logging in to the Server Manager on the database has been saved, it -is essential that it is noted down or temporarily saved elsewhere before an update! +:::warning +If the password for logging in to the Server Manager on the database has been saved, it +Is essential that it is noted down or temporarily saved elsewhere before an update. +::: ### Latest installation files The installation files can be downloaded from the -[customer information system](https://license.passwordsafe.de/kis). Please simply use the access -data that we sent to you by email to log in. +[customer information system](https://license.passwordsafe.de/kis). use the access +Data sent to you by email to log in. ## Perform update ### Updating the Server Manager -The Server Manager is simply installed on top of the existing installation. The password from the +The Server Manager is installed on top of the existing installation. The password from the Server Manager should be made available at this point in any case. After the installation of the Server Manager, the database is only accessible when it is activated. If the password is only in the Netwrix Password Secure, it should be temporarily stored at this point. -NOTE: If the service has not been ended in advance, the installation wizard will give you the -opportunity to do so. If the service is still not ended at this stage, the computer will then need -to be restarted. It is thus recommended that the Netwrix Password Secure services are ended before -the update. +:::note +If the service has not been ended in advance, the installation wizard will give you the +Opportunity to do so. If the service is still not ended at this stage, the computer will then need +To be restarted. It is thus recommended that the Netwrix Password Secure services are ended before +The update. +::: Further information on the installation wizard can be found in the section [Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). ### Patch level update for the databases -The databases are usually deactivated after updating the Server Manager because they do not yet have -the corresponding patch level. This should be immediately checked. After logging in to the Server +The databases are usually deactivated after updating the Server Manager because they don't yet have +The corresponding patch level. This should be immediately checked. After logging in to the Server Manager, the module “Databases” is immediately visible. If the databases have been deactivated, you -can reactivate them directly in the ribbon via the corresponding button. The patch level will be -updated during this process. +Can reactivate them directly in the ribbon via the corresponding button. The patch level will be +Updated during this process. ### Updating the client -The updates for the client are also simply installed over the existing installation. Further -information can be found in the section Installation of the client. Naturally, the update can also -be carried out using the installation parameters. +The updates for the client are also installed over the existing installation. Further +Information can be found in the section Installation of the client. The update can also +Be performed using the installation parameters. ### Updating the Web Application The application server must firstly be updated. A new Web Application ([Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) -is then created according to the instructions for the web server being used. The document directory -on the web server should now be completely emptied. The Web Application is then unzipped and copied -to the document directory on the corresponding web server. - -**CAUTION:** If the Web Application is being operated on an IIS web server, a new config.bat is -generated for creating the new version. This must not be executed if the Web Application has already -been installed and it must be deleted without fail after a successful update. - -NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using +Is then created according to the instructions for the web server being used. The document directory +On the web server should now be completely emptied. The Web Application is then unzipped and copied +To the document directory on the corresponding web server. + +:::warning +If the Web Application is being operated on an IIS web server, a new config.bat is +Generated for creating the new version. This must not be executed if the Web Application has already +Been installed and it must be deleted without fail after a successful update. +::: + +:::note +If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the -chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 -or newer. +Chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 +Or newer. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md index 8465dc9cdd..ab79d53690 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md @@ -6,9 +6,9 @@ sidebar_position: 80 # Applications -## What are applications? +## Applications overview -Applications can be used to configure automated logins to various systems. Especially when combined +Applications let you configure automated logins to various systems. Especially when combined with various protective mechanisms, the company benefits in terms of security because complex passwords are automated and entered in the login masks in concealed form. Various types are available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**) @@ -22,22 +22,21 @@ automatic logon to almost any kind of software. ## The four types of applications -Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web +Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO, and web applications. ![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_2-en.webp) -In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types +In terms of how they are handled, **RDP, and SSH** applications can be covered together. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then opens in its own tab in the [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also -applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded +applications for websites. In contrast to RDP and SSH applications, they can't be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as -[Learning the applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, -RDP and SSH can be both completely defined and also started within Netwrix Password Secure. +[Learning the applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). RDP and SSH applications are different — they can be both completely defined and also started within Netwrix Password Secure. ## RDP and SSH @@ -59,7 +58,7 @@ The connection to the desired session can be established via the icon **Establis ![estabish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) Netwrix Password Secure now attempts to log in to the target system with the information available. -Data that are not saved in the form will be directly requested when opening the session. It is thus +Data that aren't saved in the form will be directly requested when opening the session. It is thus also possible to only enter the IP address and/or the password after starting the Netwrix Password Secure application. If all data has been retrieved, the RDP session will open in a tab – if so defined (Window mode field in the application): @@ -71,7 +70,7 @@ defined (Window mode field in the application): It is also possible to complete the authentication process using SSH certificates. For this purpose, the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this file ending in the settings). The document is then linked to the record via the footer. The record -does not need to have a password. However, it is necessary for the record to be linked to a SSH +doesn't need to have a password. However, it is necessary for the record to be linked to a SSH application. ## Linking records and applications @@ -80,7 +79,7 @@ The application defines the requirements for the desired connection and also opt target system. By linking records with applications, the complete login process can be automated. If the record now also supplies the user name and password, all of the information required for the login is available. Applications and records are linked via the "Start" tab in the ribbon. If this -link to a record is established, a 1-click login to the target system is possible. +link to a record is established, a 1-click log in to the target system is possible. ![linking RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_6-en.webp) @@ -95,16 +94,18 @@ multiple access points. ![multiple access points](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_8-en.webp) -This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple +This is generally a very common scenario. However, accessing multiple servers with one single password is questionable from a security standpoint. It is generally recommended that a unique password is issued for every server/access point. -NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP +:::note +You can leave the **IP address** field empty in the application. If an **IP address** field exists in the linked record then this address will be used. If there is also no IP address in the record, a popup window will appear in which the desired IP address can be entered manually. +::: -Alternatively, it is possible to connect several records with one RDP connection. In this way, you -can combine different users with an RDP connection and register them straightforward. +Alternatively, you can connect several records with one RDP connection. In this way, you +can combine different users with an RDP connection and register them directly. ![connect RDP sessions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_9-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index f145ce0241..8b62b19ce7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -10,7 +10,7 @@ sidebar_position: 10 Logging into SAP can be achieved via the usage of [Start Parameter](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The -prerequisite here is for the login process to be carried out via the "SAPshortcut". All available +prerequisite here is for the login process to be performed via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). Form Firstly, a [Forms](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 9acaa59f9e..38b4ddbf06 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -6,13 +6,13 @@ sidebar_position: 10 # Learning the applications -## Which applications need to be learned? +## Applications that require learning -As already indicated in the previous section, RDP and SSH applications are completely embedded in -Netwrix Password Secure. These applications thus do not need to be specially learned. All other +As already indicated in the previous section, RDP, and SSH applications are completely embedded in +Netwrix Password Secure. These applications thus don't need to be specially learned. All other applications in Windows need to be learned once. -## What does learning mean? +## Learning overview The record contains the user name and password. Learning involves defining the steps required. The result is equivalent to a script that defines where precisely the login data should be entered. In @@ -36,13 +36,13 @@ First, a new SSO application is created via the ribbon. ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp) Various properties for the application can now be defined in the tab that opens. The fields **Window -title**, **Application** and **Application path** are not manually filled. This is done via the +title**, **Application** and **Application path** aren't manually filled. This is done via the **Create application** button in the ribbon: ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp) A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields. -You can see the field assignment for the user name below using a login to an SQL server as an +You can see the field assignment for the user name below using a log in to an SQL server as an example. All of the other fields that should be automatically entered are assigned in the same way. The process is always the same. You select the field that needs to be automatically filled and then decide which information should be used to fill it. @@ -51,17 +51,19 @@ decide which information should be used to fill it. In parallel to the previous step, all of the already assigned fields will be displayed on the right edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP, -user name, password and clicking the button to subsequently confirm the login. +user name, password, and clicking the button to subsequently confirm the login. ![connected fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp) -NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It -can be used to define other factors for the SSO. An area is defined that then serves as the output -for the comparison (e.g. for login masks with an image). In order to activate the graphical -recognition function, click on the eye at the top right after assigning the fields! The area that +:::note +"Graphical recognition:" The graphical recognition function provides additional protection. It +lets you define other factors for the SSO. An area is defined that then serves as the output +for the comparison (e.g. for login masks with an image). To activate the graphical +recognition function, click the eye at the top right after assigning the fields! The area that will serve as the output point is then marked. +::: -Once you have assigned all of the fields, you can exit the application process using the enter +After you have assigned all of the fields, you can exit the application process using the enter button. The fields "Window title", "Application" and "Application path" mentioned at the beginning are now automatically filled. @@ -84,6 +86,8 @@ future. Pressing the button directly opens the linked application. ![start application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_7-en.webp) -**CAUTION:** With respect to permissions, applications are subject to the same rules as for -passwords, roles or documents. It is possible to separately define which group of users is permitted +:::warning +With respect to permissions, applications are subject to the same rules as for +passwords, roles, or documents. You can separately define which group of users is permitted to use each application. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index b90b6ac47a..dbf28c2f1c 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -37,9 +37,11 @@ also possible to enter the IP address and/or password after starting the applica It is also possible to use SSH-certificates for authentication. For this purpose, the certificate is stored as a document in .ppk format. The document is then linked to the data record via the footer. -The data record does not have to contain a password, but it must be linked to an SSH application. +The data record doesn't have to contain a password, but it must be linked to an SSH application. -NOTE: The file extension may first have to be enabled via the settings. +:::note +The file extension may first have to be enabled via the settings. +::: ## Keyboard shortcuts diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index 87884a6a96..afae74a76a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Recording a session -## What is session recording? +## Session recording overview -Session recording can be used to make a visual recording of RDP and SSH sessions. These recordings +Session recording lets you make a visual recording of RDP and SSH sessions. These recordings can then be subsequently viewed and evaluated. In this context, it is also possible to limit this functionality so that only the user themselves or an assigned person e.g. security officer can view and evaluate these recordings. @@ -23,10 +23,12 @@ The following options are required to manage sessions for an application. - Can manage recordings for an application -NOTE: Please note that session recording uses disk space in the database. Although the way the +:::note +that session recording uses disk space in the database. Although the way the recordings are saved is efficient in terms of resources, the required amount of disk space varies greatly depending on the content. The more that is done during the recorded session, the higher the disk space usage. +::: Session recording firstly needs to be activated for the relevant RDP or SSH application before it can take place. @@ -42,18 +44,20 @@ SSH If the setting has been activated, the recording will start automatically the next time a connection is established. -NOTE: The recordings are already streamed to the server and saved into the database during the +:::note +The recordings are already streamed to the server and saved into the database during the recording process. Therefore, no recordings are lost even if the connection is terminated. They are immediately saved until the connection is terminated or until the end of the session. +::: ## Viewing the session recordings -If recordings exist for an application, these can be called up and viewed in the Applications +If recordings exist for an application, these can be opened and viewed in the Applications module. ![viewing session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_4-en.webp) -It is possible to search the session recordings using the filter as usual. It is also possible here +You can search the session recordings using the filter as usual. It is also possible here to limit the search results based on the date and user. In the section on the right, it is also possible to further filter the searched list based on all column contents. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md index a91528d405..36cdbe969b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Client Module -## What are modules? +## Modules overview Netwrix Password Secure can be customized according to the needs of the users. This requirement can be applied by the user, and can also be applied by administrative users. This means that everyone @@ -25,7 +25,9 @@ individually within the user rights. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_2-en.webp) -NOTE: The visibility of modules can always be adapted to the needs of individual user groups +:::note +The visibility of modules can always be adapted to the needs of individual user groups +::: ## Sorting modules @@ -37,10 +39,12 @@ example). ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_3-en.webp) -The navigation options enable you to define the maximum number of visible elements and also how they +The navigation options let you define the maximum number of visible elements and also how they are sorted. ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_4-en.webp) -NOTE: The previously described visibility of the modules is a basic requirement for viewing and +:::note +The previously described visibility of the modules is a basic requirement for viewing and sorting them in the navigation options +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index 47befb4adc..c677f4e59d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -19,7 +19,9 @@ table: ![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-2-en.webp) -NOTE: The information can be grouped together using the column editor. +:::note +The information can be grouped together using the column editor. +::: ## Network Scan @@ -78,8 +80,10 @@ finished, the **Network Scan** scans the **network** according to these guidelin second section defines the scan configuration for the local computer. Select from either Local user of services or _Local user_. -**CAUTION:** The system executing the scan – on which the Server Manager is installed – is not -scanned! +:::warning +The system executing the scan – on which the Server Manager is installed – isn't +scanned. +::: ## Interval / Executing server / Tags @@ -104,6 +108,8 @@ After the **Discovery Service Task** has been configured, a connection test is p configuration is saved. The system then indicates whether the configuration is correct or faulty. Depending on the message, the **Discovery Service Task** may need to be amended. -**CAUTION:** The **default setting** for the **Discovery Service Task** after it has been saved is +:::warning +The **default setting** for the **Discovery Service Task** after it has been saved is **Activated!** It will **immediately actively** scan the network for data. This data is **read** but -not amended! +not amended. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md index 7643e359de..97a1367605 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -15,7 +15,7 @@ the **System Tasks**. ![ribbon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_1-en.webp) After the **Discovery Service Task** has been successfully executed, the entries are available in -the **Discovery Service**. Further processing of the entries is then carried out using the +the **Discovery Service**. Further processing of the entries is then performed using the **Conversion Wizard**. For processing in the **Conversion Wizard**, the network is scanned for the following types: @@ -44,12 +44,14 @@ In the **Discovery Service** table, the user selects the entries for which he wa has been entered. 3. This column shows the **discovered type** for the entry. 4. This column shows already existing passwords in Netwrix Password Secure that match the discovered - **Active Directory user** or **user account**. It is possible to select here which password can + **Active Directory user** or **user account**. You can select here which password can be used when creating a **Password Reset** (it is then used as the only password linked to the Password Reset). Alternatively, these passwords can also be newly created. -NOTE: Logically, **every root node** corresponds to **one user** and all of its associated data +:::note +Logically, **every root node** corresponds to **one user** and all of its associated data (e.g. services). A **Password Reset** is created later for **every user** and its associated data. +::: The following image shows the options **add new password** or retain **existing password**. @@ -69,23 +71,27 @@ The **settings** will be described in more detail below: addition, a template for the rights inheritance can be entered here. 2. The **responsible user** for the **password** is entered here. A special tag can be set here. 3. Adding a **Password Reset** Option 1: **Do you also want to add a Password Reset?** Adds a - **Password Reset** If **option 1** is not selected, the following options are not displayed. + **Password Reset** If **option 1** isn't selected, the following options aren't displayed. 4. Setting for executing a **Password Reset** Option 2: **(Execute Password Resets immediately after - they are created)** means that the **Password Reset** will be executed as soon as you click on + they are created)** means that the **Password Reset** will be executed as soon as you click **Finish**. 5. The **responsible user for the Password Reset** is entered here. 6. Various **triggers for the Password Reset** can be selected here. -**CAUTION:** After clicking on **Finish**, the **Password Resets** will be **immediately executed** +:::warning +After clicking on **Finish**, the **Password Resets** will be **immediately executed** and the **passwords changed!**. This also applies to **Windows passwords!** +::: -If option 1: **Do you also want to add a Password Reset?** is not selected, \*steps 4, 5 and 6 are +If option 1: **Do you also want to add a Password Reset?** isn't selected, \*steps 4, 5, and 6 are not displayed for configuration. ![password reset option](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_5-en.webp) -NOTE: After clicking on **Finish**, one or more **passwords will be created** but **no corresponding +:::note +After clicking on **Finish**, one or more **passwords will be created** but **no corresponding Password Resets will be created!** +::: ## Assignment (Active Directory user) @@ -109,8 +115,8 @@ The following images shows the **Assignment (Active Directory user)** Ribbon ### Procedure 1. An **Existing form** is selected here -2. The **assignment** to the fields is carried out here Important assignments are **Type: General** - and **Type: Password Reset**. An amendment can be carried out here +2. The **assignment** to the fields is performed here Important assignments are **Type: General** + and **Type: Password Reset**. An amendment can be performed here ### "New form" selected @@ -120,12 +126,12 @@ The following images shows the **Assignment (Active Directory user)** Ribbon 1. A name for the **New form** needs to be entered here 2. The discovered entries are **automatically** assigned as standard Important assignments are - **Type: General** and **Type: Password Reset**. An amendment can be carried out here + **Type: General** and **Type: Password Reset**. An amendment can be performed here ### Summary -A brief overview of the actions that will be carried out with the added configuration is displayed -in the **Summary** Ribbon. These actions will then be carried out if you click on **Finish**. +A brief overview of the actions that will be performed with the added configuration is displayed +in the **Summary** Ribbon. These actions will then be performed if you click **Finish**. ![summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_9-en.webp) @@ -137,27 +143,33 @@ creating **Password Resets**. If the option **Execute Password Resets immediatel created** is used in the configuration, the **selected passwords** are immediately changed after clicking on **Finish**. -**CAUTION:** **If you are not paying careful attention, this could have inconvenient consequences.** +:::warning +**If you aren't paying careful attention, this could have inconvenient consequences.** +::: **Security level 1:** An **Important note** is displayed in the **Summary** after clicking on **Finish**. -**CAUTION:** **Please observe the note and read it through carefully!** +:::warning +**Read the note carefully before proceeding.** +::: -An **Overview** of which actions will be carried out is displayed for the user together with this -note. The user can then still decide to **Cancel** the process. If you click on **OK**, an +An **Overview** of which actions will be performed is displayed for the user together with this +note. The user can then still decide to **Cancel** the process. If you click **OK**, an **additional confirmation warning** will be displayed. ![important note](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_10-en.webp) **Security level 2:** -Another **confirmation prompt** highlights that it is important to understand what you are about to -do. It will no longer be possible to reverse the actions afterwards! +Another **confirmation prompt** highlights that understand what you are about to +do. It will no longer be possible to reverse the actions afterwards. -**CAUTION:** **Last chance to cancel the execution!** +:::warning +**Last chance to cancel the execution.** +::: ![securtiy warning](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_11-en.webp) After **entering the displayed number** and **confirming with OK**, the process is **executed -immediately** and the **Password Resets** are carried out and the **associated passwords changed**. +immediately** and the **Password Resets** are performed and the **associated passwords changed**. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md index a05b5d4992..7714dfadf2 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -12,11 +12,11 @@ Service Task** that was executed and can be found and displayed using the filter ## Deletion process -The discovered data in the **Discovery Service** cannot simply be deleted and removed from the +The discovered data in the **Discovery Service** can't be deleted directly and removed from the **Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it is necessary to delete the discovered entries via the **Discovery Service Task** that was created. If -entries were discovered using a joint **Discovery Service Task**, it is not possible to simply -delete them. This is the case if two different users have carried out a scan on the same area. If +entries were discovered using a joint **Discovery Service Task**, it isn't possible to +delete them individually. This is the case if two different users have performed a scan on the same area. If you delete one of the two **Discovery Service Task**, only the entries that had a single link to this **Discovery Service Task** will be deleted. The entries for the other **Discovery Service Task** will be retained and must be deleted via the associated **Discovery Service Task**. You can @@ -29,8 +29,8 @@ find out which **Discovery Service Task** found a particular entry by selecting If the IP range for an existing **Discovery Service Task** is changed and the **Discovery Service Task** is then executed for this new IP range, the previously discovered entries from the previous -executed **Discovery Service Task** will be deleted from the **Discovery Service**. If you want to -carry out a **Discovery Service Task** for a different IP range, you should create a new **Discovery +executed **Discovery Service Task** will be deleted from the **Discovery Service**. To +carry out a **Discovery Service Task** for a different IP range, create a new **Discovery Service Task**. This will prevent any already discovered entries from being deleted. However, if the existing entries are no longer required, you can delete them by using the same **Discovery Service Task** with a different IP range. @@ -47,5 +47,7 @@ Task** with a different IP range. 10. A new scan using Task A with a different IP address 192.168.150.2 will not delete the data from Task B -NOTE: The **Password Resets** and **passwords** created using the **Conversion Wizard** are not +:::note +The **Password Resets** and **passwords** created using the **Conversion Wizard** aren't deleted when the **Discovery Service Tasks** are deleted. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md index d56f9fb6f3..ada82a2a71 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -8,8 +8,8 @@ sidebar_position: 30 The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can take some time for all the data on the systems for the entered IP network to be collected. This can -be easily recognized by the **blue arrow** symbol on the **Discovery Service Task** and a -corresponding message is also shown in the General display. Once the **Discovery Service Task** has +be recognized by the **blue arrow** symbol on the **Discovery Service Task** and a +corresponding message is also shown in the General display. After the **Discovery Service Task** has been completed, the data will be shown in the **Discovery Service module**. ![new discovery service task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_1-en.webp) @@ -25,10 +25,12 @@ described below. 3. **Overview**: Current data for the **Discovery Service Task** about its progress and subsequent executions are shown here. 4. **Logbook**: The **logbook** can be found in the **footer** of the **Discovery Service Task**. - The latest activities carried out by the **Discovery Service Task** are shown here. + The latest activities performed by the **Discovery Service Task** are shown here. -NOTE: The **data** is **not kept up-to-date while the task is being executed** and does not always -show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**! +:::note +The **data** is **not kept up-to-date while the task is being executed** and doesn't always +show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**. +::: ## Using the Discovery Service entries @@ -45,20 +47,22 @@ Task** and selected for the **Conversion Wizard** are displayed. If multiple entries are selected for a **Password Reset**, a corresponding number of **passwords** and **Password Resets** need to be added in the **Conversion Wizard**. Depending on the entries -selected (service, Active Directory user, user account), it is necessary to carry out corresponding +selected (service, Active Directory user, user account), you must carry out corresponding **assignments** in the **Conversion Wizard** for the **passwords**. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_3-en.webp) -Every line must be connected to a **password** in the end. Therefore, it is necessary to carry out +Every line must be connected to a **password** in the end. Therefore, you must carry out an assignment process in the **Conversion Wizard** for every entry. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_4-en.webp) -For **Active Directory users**, it is possible to assign an existing **password**. +For **Active Directory users**, you can assign an existing **password**. -NOTE: The subsequent process is carried out in the same way as when only one **Discovery Service +:::note +The subsequent process is performed in the same way as when only one **Discovery Service entry** is selected. +::: ## Filter settings diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md index d9dc37f534..7b0e33470f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -9,13 +9,13 @@ sidebar_position: 100 ## The problem **Service accounts** are used on most networks. These accounts are used, for example, to carry out -certain services. It is not uncommon for **one and the same password** to be used here for multiple +certain services. It isn't uncommon for **one and the same password** to be used here for multiple accounts. Manually changing these passwords is extremely time consuming. Therefore, this process is often ignored for reasons of convenience. The result is that the same outdated passwords are often used for many **security-critical access -points**. This naturally represents a **severe security risk** and leaves the door wide open for any -attacker who gains access to just one of the passwords! +points**. This represents a **severe security risk** because any +attacker who gains access to even one of the passwords can compromise multiple systems. ## The solution diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index 4b3f96ed0d..8ce0285504 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -34,11 +34,11 @@ If an error occurs during the execution of the **Discovery Service Task**, this ## Display in the logbook In general, the **logbook module** displays more detailed information about the **Discovery Service -Task**. The [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data +Task**. The [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) lets you select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. ![logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-3-en.webp) -The column editor can be used to arrange and display the data in the table according to their +The column editor lets you arrange and display the data in the table according to their importance. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md index bcb85dff67..6024900b79 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -24,8 +24,10 @@ data. Before configuring the **Network Scan**, a password needs to be issued tha data. This user should be a member of admin for the corresponding group of domains. Otherwise, you can use a domain administrator. -**CAUTION:** A corresponding **password** with **rights** for the **domains** must exist before -adding a **Network Scan**! +:::warning +A corresponding **password** with **rights** for the **domains** must exist before +adding a **Network Scan**. +::: ### Password @@ -37,14 +39,16 @@ adding a **Network Scan**! - The computer to be scanned and AD controller must be accessible via the network. - The service: “Windows Management Instrumentation” must have been started on the computer to be - scanned (carried out by Windows as standard). + scanned (performed by Windows as standard). - Help section for starting the service: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa826517(v=vs.85).aspx) - The firewall must not block WMI requests (not blocked as standard). - Help section for configuring the firewall: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa822854(v=vs.85).aspx) -NOTE: Only **IPv4 addresses** can currently be scanned. +:::note +Only **IPv4 addresses** can be scanned. +::: ### Open ports for the scan (necessary) @@ -59,7 +63,7 @@ Server 2003) – port 1025-5000 (TCP) or a static WMI port 2. Computer name and associated IP address: The computer name is first requested on the **DNS server** for the domain. The computer name returned by the server also contains the domain names as a postfix (e.g. Client01.domain.local). If there is no entry on the domain for the requested - IP address, the computer name is determined via **NetBIOS**. The domain name is not displayed on + IP address, the computer name is determined via **NetBIOS**. The domain name isn't displayed on the computer (e.g. Client01). In Netwrix Password Secure V8, the **DNS request** is the preferred function for determining the computer name. If no result is delivered, a request via **NetBIOS** is made. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md index e16062b535..d69740b668 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/documents.md @@ -6,15 +6,15 @@ sidebar_position: 20 # Documents -## What are documents? +## Documents overview -Security-critical data does not necessarily need to be in the form of passwords. To enable the +Security-critical data doesn't necessarily need to be in the form of passwords. To enable the uniform and secure storage of data other than passwords, Netwrix Password Secure version 9 offers effective tools for the professional handling of sensitive documents and files. The ability to share documents with others according to their permissions gives you access to the current status of a document and helps avoid redundancies. The documents module is complemented by a sophisticated version management system, which records all versions of a document that were saved in the past and -thus enables you to revert back to historical versions. The configuration of visibility is explained +thus lets you revert back to historical versions. The configuration of visibility is explained in a similar way to the other modules in one place.. ![Document modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_1-en.webp) @@ -32,7 +32,7 @@ The following option is required to add new documents. There are two ways to manage documents and files in Netwrix Password Secure v8: - **Creating a link**: In this case, only a file that is located locally or on a network drive will - be linked. The file itself is not stored in the database. Neither version management nor the + be linked. The file itself isn't stored in the database. Neither version management nor the traceability of changes in the history are possible. - **Storing the document in the database**: The file becomes part of the encrypted database. It is saved within the database and can be made available selectively to employees for further @@ -50,18 +50,22 @@ documents in one step. ## Versioning -The heart of each document management system is the ability to capture and archive changes to +The core feature of each document management system is the ability to capture and archive changes to documents or files. All versions of a document can be compared with each other and historical versions can be restored if necessary. Netwrix Password Secure provides this functionality via the history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can be used in the same way as the [History](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list of all information that is -relevant to the handling of sensitive data. Version management can be used to restore any historical +relevant to the handling of sensitive data. Version management lets you restore any historical versions of a document. -NOTE: The file size for a **linked document** can only be updated if the document was opened using +:::note +The file size for a **linked document** can only be updated if the document was opened using Netwrix Password Secure. +::: -NOTE: If desired, the document history can be automatically cleaned up. This option can be +:::note +If desired, the document history can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section Managing databases. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md index 045899a013..cda2c84f62 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/change_form.md @@ -20,7 +20,7 @@ previously used form to the new form. In this example, a record that previously ![change form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_2-en.webp) -The drop-down menu allows you to select the target form. The comparison of current and new form +The dropdown menu lets you select the target form. The comparison of current and new form fields is shown in the lower section. - Fields **marked in green** have already been assigned to the new form @@ -34,12 +34,14 @@ The following options are required to change forms. - Can change form for a password -**CAUTION:** Please note that information could be lost during this process! In the example, this +:::warning +that information could be lost during this process! In the example, this applies to the fields "Website" and "Information". +::: ## The effects of changes to forms on existing records -In general, changes to forms do not effect existing records. This means that a record that was +In general, changes to forms don't effect existing records. This means that a record that was created with a certain form will not itself be changed after this form has been adapted/changed. It remains in its original state. However, there are methods by which changes to forms could be adopted by existing records. There are two possibilities in this context: @@ -56,7 +58,7 @@ be directly shown and adopted after it is saved. The setting "Apply form changes to passwords" makes it possible to force the change to the form to be adopted. This becomes effective when editing the record! It is immaterial here whether changes -are being made to the record. Simply re-editing and saving the record will cause the adjustment to +are being made to the record. Re-editing and saving the record will cause the adjustment to the form. ### The following permissions/configuration must exist @@ -67,7 +69,7 @@ the form. ## Conclusion -A common feature of both variants is that adjustments to forms cannot be automatically triggered. +A common feature of both variants is that adjustments to forms can't be automatically triggered. Already existing records are thus not automatically adjusted. The adjustment thus needs to be -carried out manually. In the first case, the manual step is to use the function "Change form". In -the second case, it is sufficient to simply edit and save the record. +performed manually. In the first case, the manual step is to use the function "Change form". In +the second case, it is sufficient to edit and save the record. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md index e151e9c718..02ce7de15a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/forms/forms.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Forms -## What are forms? +## Forms overview When creating a new data record, it is always indispensable to query all relevant data for the intended application. In this context, **Forms** represent templates for the information which have to be stored. The manageability of existing forms primarily ensures the completeness of the data -which have to be stored. Nevertheless, their use as an effective filter criterion is not to be +which have to be stored. Nevertheless, their use as an effective filter criterion isn't to be ignored! Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed and maintained with the necessary care by the administration. @@ -29,7 +29,7 @@ The following options are required to add new forms. ## Standard forms Netwrix Password Secure is supplied with a series of standard forms – these should generally cover -all standard requirements. Naturally, it is still possible to adapt the standard forms to your +all standard requirements. it is still possible to adapt the standard forms to your individual requirements. ![forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) @@ -53,20 +53,22 @@ relevant buttons in the ribbon. The following field settings thus appear for the field type "Password": "Mandatory field, reveal only with reason, check only generated passwords and password policy". These can now be defined as -desired. (**Note**: It is possible to select +desired. (**Note**: You can select [Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; they are defined as part of the options in the main menu) -**CAUTION:** If a form has been created, it can then be selected for use when creating new records. +:::warning +If a form has been created, it can then be selected for use when creating new records. The prerequisite is that the logged-in user has at least read rights to the form. +::: ## Permissions for forms In the same way as for other objects (records, roles, documents,…), permissions can also be granted for forms. On the one hand, this ensures that not everyone can edit existing forms, while on the -other hand, it allows you to make forms available to selective groups. This ensures that clarity is -maintained and that users are not confronted with information that is irrelevant to them. The form -"Credit cards" may be relevant within the accounting department but administrators do not generally +other hand, it lets you make forms available to selective groups. This ensures that clarity is +maintained and that users aren't confronted with information that is irrelevant to them. The form +"Credit cards" may be relevant within the accounting department but administrators don't generally need to use it. ## Configuring the info field @@ -77,8 +79,8 @@ The name of the form is displayed in between in a blue font. ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_4-en.webp) -The name of the record (192.168.150.236) and the form (password) cannot be adjusted – these are -always displayed. The user (Administrator) that is still saved for the record is currently +The name of the record (192.168.150.236) and the form (password) can't be adjusted – these are +always displayed. The user (Administrator) that is still saved for the record is displayed. This can be configured in the info field for the form. It is thus possible to separately define for each form what information for a record can be directly seen in list view. In the form module, the info field is configured by opening the form which has to be edited in editing mode by @@ -86,7 +88,7 @@ double clicking on it and then pressing the \*Configure info field” button in ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_5-en.webp) -This will open a separate tab that enables you to design the info section via drag & drop. The +This will open a separate tab that lets you design the info section via drag & drop. The fields that are available on the right can be "dragged" onto the configuration window on the left. In the following example, "Start RDP session2 will be made visible in the info section, whereby only the word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the @@ -99,9 +101,11 @@ the RDP session. ![updated form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) -NOTE: The **forms module** is based on the +:::note +The **forms module** is based on the [Web Application](/docs/passwordsecure/9.3/configuration/webapplication/web_application.md) module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## Standard form diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md index 7e298ce573..f1faf3f3d6 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Logbook -## What is a logbook? +## Logbook overview Netwrix Password Secure logs all user interactions. These entries can be viewed and filtered via the logbook. The logbook records which user has made exactly what changes. This module is @@ -25,7 +25,7 @@ The following options are required: ## Use of the filter in the logbook -You can also use the filter in the logbook. This enables you to limit the number of displayed +You can also use the filter in the logbook. This lets you limit the number of displayed elements based on the defined criteria. In the following example, the user is searching for logbook entries relating to the object type “Password” that also match the event criteria "Change". In short: The entries are being filtered based on changes to passwords. @@ -36,7 +36,7 @@ short: The entries are being filtered based on changes to passwords. This list can also be grouped together by dragging and dropping column headers – see the following grouping of the columns for **computer user**. The filtered results now show all changes to -passwords carried out by the computer user "administrator". +passwords performed by the computer user "administrator". ![Logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_3-en.webp) @@ -47,9 +47,11 @@ of state is recorded and saved in the MSSQL database. There are no plans to allo logbook entries to be selectively defined. It is only by using this process that changes are completed in a traceable and audit-proof manner to prevent falsification. -NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the +:::note +If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section [Managing databases](/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/managing_databases.md). +::: ## Transferring to a Syslog server diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md index eff2c5a800..841299ea96 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/notifications.md @@ -6,11 +6,11 @@ sidebar_position: 30 # Notifications -## What are notifications? +## Notifications overview With the notification system, you are always up-to-date on all events that you consider important. -Almost all modules allow users to configure notifications. All configured messages are only created -for the currently registered Netwrix Password Secure user. It is not possible to create a +Almost all modules let users configure notifications. All configured messages are only created +for the registered Netwrix Password Secure user. It isn't possible to create a notification for another user. Each user can and should define himself which passwords, which triggers as well as changes are important and informative for him. The configuration of visibility is explained in a similar way to the other modules in one place @@ -18,8 +18,10 @@ is explained in a similar way to the other modules in one place ![Notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) -NOTE: The reading pane is deactivated in this module by default. It can be activated in the +:::note +The reading pane is deactivated in this module by default. It can be activated in the "Display" tab in the ribbon. +::: ## Module-specific ribbon functions @@ -31,13 +33,13 @@ administrators and users to maintain control and transparency independent of the ### Mark notifications as read -The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +The two buttons on the ribbon let you mark notifications as read/unread. In particular, the filter criterion available in this context (see following screenshot) enables fast sorting according to current and also historical notifications. ![filter notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) -It is possible to mark the notifications as read/unread via the ribbon and also via the context menu +You can mark the notifications as read/unread via the ribbon and also via the context menu that is accessed using the right mouse button. If the corresponding setting has been activated, opening a notification will also mean that it is marked as read. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md index 2af4c8d6d2..80177d148a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Active Directory link -## What are active directory profiles? +## Active directory profiles overview The connection to Active Directory (AD) is established via so-called AD profiles. These profiles contain all of the information relevant for establishing a connection to AD and enable imports/synchronization of users, organisational units or roles. To connect to various different -ADs, it is naturally also possible to create multiple AD profiles. +ADs, it is also possible to create multiple AD profiles. ## Two import modes in comparison @@ -25,13 +25,15 @@ In principle, the two variants differ by the presence of the encryption mentione solution with active end-to-end encryption (**E2EE**), the process may be less convenient (see table) but there is a huge benefit in terms of security. In Master Key mode, a master key is created on the server that has full permissions for all users, organisational units and roles. This -represents an additional attack vector, which does not exist in end-to-end mode. In return, however, +represents an additional attack vector, which doesn't exist in end-to-end mode. In return, however, in Master Key mode, users can be updated via synchronization with the Active Directory. Memberships of organisational units and roles are also imported. In the more secure end-to-end mode, this -synchronization of the changes must be carried out manually. +synchronization of the changes must be performed manually. -NOTE: It is technically possible to create several profiles with different modes. However, this is +:::note +It is technically possible to create several profiles with different modes. However, this is not recommended for the sake of clarity. +::: | Comparison of the modes | End-to-end mode | Master key mode | | ---------------------------------------------------------- | --------------- | --------------- | @@ -57,7 +59,7 @@ Secure. In contrast, a connection in **Master Key mode offers the highest level imports not only users, organisational units and roles but also their links and assignments. Synchronization with Active Directory is possible – **The AD is used as the leading system**. -## Users, groups and roles +## Users, groups, and roles When importing or synchronizing from Active Directory, users are also added as users in Netwrix Password Secure. Netwrix Password Secure also uses the organisational units as such. @@ -66,10 +68,14 @@ In order for Netwrix Password Secure to be quickly integrated into the given inf can also be directly imported from the Active Directory. Namely Active Directory Groups are used to password-safe roles. -NOTE: Groups in groups Memberships, which may be present in the Active Directory, will not be +:::note +Groups in groups Memberships, which may be present in the Active Directory, will not be displayed within Netwrix Password Secure. Both groups are imported as roles, but independent and not linked in any way. +::: -**CAUTION:** If Master Key mode has been selected for the Active Directory profile, the AD is the -leading system. In this mode, roles that have been imported cannot be changed locally in Netwrix +:::warning +If Master Key mode has been selected for the Active Directory profile, the AD is the +leading system. In this mode, roles that have been imported can't be changed locally in Netwrix Password Secure. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index 46b707af1d..08e46686a8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Maximum encryption -[Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +[Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is @@ -34,7 +34,9 @@ The process for creating a new profile is started via the icon "manage profiles" ![New AD profile](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_1-en.webp) -NOTE: "End-to-end" needs to be set in the "Encryption" field +:::note +"End-to-end" needs to be set in the "Encryption" field +::: A **user** is required to access the AD. The user should be formatted as follows: Domain\user. It must have access to the AD. @@ -42,7 +44,7 @@ must have access to the AD. - The relevant **user password** (domain password) is required for the user mentioned above - **Direct search** is recommended for very large domain trees. The representation of the tree structure is omitted, elements can only be found and selected via the search. -- The **filter** can be used to directly specify an AD path as an entry point via an LDAP query. +- The **filter** lets you directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration – can be selected for the connection of the AD to Netwrix Password Secure: - Secure @@ -95,8 +97,10 @@ provides helpful functions for selecting the individual elements. In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. -NOTE: If individual users, organisational units, or roles cannot be selected for import, they have +:::note +If individual users, organisational units, or roles can't be selected for import, they have already been imported via another profile +::: ## Summary @@ -107,20 +111,24 @@ element is imported. The number of objects is added together at the bottom. ![Import wizard/Summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) -NOTE: Depending on the amount of data, it may take several minutes to create the summary. +:::note +Depending on the amount of data, it may take several minutes to create the summary. +::: ## Importing -The import itself is carried out by the server in the background. The individual elements then +The import itself is performed by the server in the background. The individual elements then appear in the list one by one. This may take some time, depending on the amount of import data. If the import is terminated, you will receive a confirmation. ![confirmation](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) -NOTE: As end-to-end encryption is retained in this mode, the server does not receive a key to match +:::note +As end-to-end encryption is retained in this mode, the server doesn't receive a key to match already imported users with the AD. There is thus no synchronization with the AD. Similarly, no memberships can be imported. After the import, users must be manually assigned to the appropriate organisational units and roles. +::: ## Imported users and organisational units @@ -150,11 +158,13 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | None | None | None | -NOTE: In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +:::note +In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +::: ## Logging into Netwrix Password Secure -Users imported in this mode can not login with the domain password. Rather, a password is generated +Users imported in this mode can't login with the domain password. Rather, a password is generated during import. This password is sent to the users by e-mail. If a user has not entered an e-mail address, the user name is entered as the password. The initial password can be changed by the administrator or the user himself at the first login. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index d48ce61a79..360b4d7d54 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -36,7 +36,9 @@ The following information must be provided in the profile: - An optional **description** - Masterkey mode is selected for the **encryption** -NOTE: In the case of already created profiles, the encryption can no longer be changed. +:::note +In the case of already created profiles, the encryption can no longer be changed. +::: - The **domain** field is used to define which domain is to be read. The value entered here will also be used for authentication if no alternative spellings have been saved under **Other domain @@ -56,7 +58,7 @@ NOTE: In the case of already created profiles, the encryption can no longer be c updated on the next synchronization, regardless of whether the record has changed in the Active Directory or not. (This checkbox is automatically activated when you have edited the other responsible users and is deactivated again after the next synchronization). -- The **LDAP filter** can be used to directly specify an AD path as an entry point via an LDAP +- The **LDAP filter** lets you directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration (**Flags**) – can be selected for the connection of the AD to Netwrix Password Secure: @@ -66,23 +68,29 @@ NOTE: In the case of already created profiles, the encryption can no longer be c - Signing - Sealing -NOTE: The first two options are already activated by default when configuring a new profile. If a -connection is not possible, deactivate SecureSocketsLayer and try again. +:::note +The first two options are already activated by default when configuring a new profile. If a +connection isn't possible, deactivate SecureSocketsLayer and try again. +::: -- **Other responsible users or roles** can be used to define who is permitted to carry out the +- **Other responsible users or roles** lets you define who is permitted to carry out the synchronization with the AD. -- The option **Other domain names** can be used to save alternative spellings of the login domain. +- The option **Other domain names** lets you save alternative spellings of the login domain. These must correspond to the spelling entered in the login window. For example, if a connection is being established to the domain **jupiter.local** or an IP address, the login can only be carried out with **jupiter\user** if **jupiter** has been saved here. -**CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the +:::warning +The master key is added in form of a certificate. It is **essential to back up** the generated certificate! If the database is being moved to another server, the certificate also needs to be transferred! Further information can be found in the section [Certificates](/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md). +::: -NOTE: You can now use the option to integrate a RADIUS server. Read more in -[RADIUS authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +:::note +You can use the option to integrate a RADIUS server. See +[RADIUS authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) for details. +::: ## Import @@ -122,8 +130,10 @@ selection of the individual elements. ![select subjects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) -NOTE: If individual users cannot be selected for import, they have already been imported via an +:::note +If individual users can't be selected for import, they have already been imported via an end-to-end encrypted profile. +::: In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. @@ -147,7 +157,7 @@ this is symbolized by a hint. ## Imported users and organisational units -The users and organisational units imported in Masterkey mode cannot be edited in Netwrix Password +The users and organisational units imported in Masterkey mode can't be edited in Netwrix Password Secure. Therefore, any changes must be made in AD and synchronized. AD thus becomes the leading system. Affiliations to roles are also synchronized and must be set in the AD. In organisational units or roles created in Netwrix Password Secure, the users can be included directly in Netwrix @@ -175,23 +185,29 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | All with the "authorize" right | None | All with the "authorize" right | -NOTE: If a user is imported, he will be given those roles that he also had in AD insofar as these +:::note +If a user is imported, he will be given those roles that he also had in AD insofar as these roles already exist in Netwrix Password Secure or have also been imported. +::: ## Logging into Netwrix Password Secure -Users who are imported using this mode can log in with the domain password. Please note that no +Users who are imported using this mode can log in with the domain password. That no domain needs to be specified when logging in. Of course, the login process can also be supplemented with [Multifactor Authentication](/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). -NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server +:::note +Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain -password. If the logon via Kerberos does not work – e.g. due to incorrect configuration of the +password. If the logon via Kerberos doesn't work – e.g. due to incorrect configuration of the domain controller – the logon via the NTLM protocol is attempted. However, these are all settings that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. +::: -**CAUTION:** Logging on to Netwrix Password Secure using SSO via Kerberos is currently not possible. +:::warning +Logging on to Netwrix Password Secure using SSO via Kerberos isn't possible. +::: ## Permissions to imported objects @@ -207,7 +223,9 @@ The rights to be issued to imported users are explained in the following example keys as it will be used for the synchronization 5. Finally, users will be issued with the rights for themselves -NOTE: All users and roles issued with **rights** to the imported object also receive its rights key. +:::note +All users and roles issued with **rights** to the imported object also receive its rights key. +::: ## Synchronization @@ -217,8 +235,10 @@ or deactivated according to the settings in the AD. If the membership of organis be changed, this can be done by **Drag & Drop**. New users and correspondingly defined roles are imported. -NOTE: If the tick was not set in the Synchronization column when a user is imported, no changes are +:::note +If the tick wasn't set in the Synchronization column when a user is imported, no changes are made. +::: ### Manual synchronization @@ -231,7 +251,7 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks -The synchronization can also be carried out automatically. This is made possible via the +The synchronization can also be performed automatically. This is made possible via the [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users @@ -241,9 +261,9 @@ next synchronization. For this purpose, it is necessary for the user to be impor **synchronizable** user. If the user is only deleted from Netwrix Password Secure but retained in Active Directory, a -synchronization needs to be carried out to delete it from the database. For this purpose, the wizard -is called up via **import**. The first step is to select an organisational unit. This has no effect -when simply deleting a user. The second step is to search for the user. Both ticks are removed. +synchronization needs to be performed to delete it from the database. For this purpose, the wizard +is opened via **import**. The first step is to select an organisational unit. This has no effect +when deleting a user. The second step is to search for the user. Both ticks are removed. After checking the summary, the process is concluded. The synchronization is completed and the user is deleted from the database. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md index 9f6b032355..7e9b796238 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 30 # RADIUS authentication -## What is the RADIUS authentication? +## RADIUS authentication overview RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol used primarily for authentication and authorization of users during dial-up connections in corporate networks. Netwrix diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md index 4b48867a6c..b6ececae98 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Directory services -It is possible to use existing user and group structures from external directories with Netwrix +You can use existing user and group structures from external directories with Netwrix Password Secure. Choose your preferred integration method: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md index f2975dd9af..a4519bd4b2 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -13,14 +13,14 @@ from multiple Entra IDs, you can create multiple profiles. ## Introduction -## Why Entra ID? +## Benefits of Entra ID More and more companies use cloud services. Therefore, also the management of users is outsourced. Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password Secure integrates the possibility to bring in users and roles from Azure. To use users and roles from multiple Entra IDs, you can create multiple profiles. -Remember, In order to use Azure login with the windows application, +Remember, to use Azure login with the windows application, [WebView2](https://developer.microsoft.com/de-de/microsoft-edge/webview2/) from Microsoft must be installed on the client device. @@ -28,10 +28,10 @@ installed on the client device. The connection to the Entra ID differs in one special point from the connection to a conventional Active Directory. While Netwrix Password Secure queries the users, groups, and roles actively from -the conventional AD, the Entra ID is pushing them automatically to our server. For this a so-called +the conventional AD, the Entra ID is pushing them automatically to the server. For this a so-called [SCIM service](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) is used. -To login to Netwrix Password Secure, after entering the username a popup opens for the +To log in to Netwrix Password Secure, after entering the username a popup opens for the authentication with the entered Microsoft account. Here, a possible configured second factor is also requested. The authentication is handled via the [Open ID Connect protocol](https://openid.net/connect/). @@ -40,7 +40,7 @@ requested. The authentication is handled via the Below you will find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure portal, go to the management page of your Microsoft Entra ID. Use an account with administrative -permissions for this. During this, login to Netwrix Password Secure with an account that has the +permissions for this. During this, log in to Netwrix Password Secure with an account that has the user right "Display organisational structure module", "Can manage Entra ID profiles", and "Can create new Entra ID profiles" enabled. @@ -48,10 +48,12 @@ create new Entra ID profiles" enabled. ### New enterprise application -Login to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of +Log in to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of your Microsoft Entra ID. -NOTE: You need an account with administrative permissions +:::note +You need an account with administrative permissions +::: - Write down your "Tenant ID" shown in the Azure console or by using PowerShell: @@ -62,27 +64,33 @@ Connect-AzureAD ``` - Navigate in your Entra ID to "Enterprise applications" -- Add an own application, that is not listed in the Azure Gallery – in our example, we name it +- Add an own application that isn't listed in the Azure Gallery – in the example, the application is named "Netwrix Password Secure" -NOTE: A key feature of Netwrix Password Secure is, that it is self-hosted by our customers. However, -to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure is not +:::note +A key feature of Netwrix Password Secure is, that it is self-hosted by the customers. However, +to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure isn't available in the Azure Gallery. +::: - When the application was created successfully, you are redirected to it automatically - Write down the "Application ID" - In the navigation, click "Users and groups" - Add the Users and groups that should be available to Netwrix Password Secure -**CAUTION:** The import of Azure groups as Netwrix Password Secure roles is only possible if you -have booked the Azure package Entra ID Premium P1! +:::warning +The import of Azure groups as Netwrix Password Secure roles is only possible if you +have booked the Azure package Entra ID Premium P1. +::: - Navigate to the "Provisioning" page - Configure the Provisioning Mode to "Automatic" ### Netwrix Password Secure Entra ID configuration -NOTE: Your Netwrix Password Secure user need the following permissions: +:::note +Your Netwrix Password Secure user need the following permissions: +::: ``` @@ -93,7 +101,7 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ``` - Navigate to the module "Organisational structure" -- In the toolbar, click on "Manage profiles" in the category "Entra ID" +- In the toolbar, click "Manage profiles" in the category "Entra ID" - Create the profile with your information - Insert the `Tenant ID` and the `Application ID` - As soon as the profile has been saved, a popup opens for generating a token @@ -103,18 +111,22 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ### Azure provisioning configuration Fill the fields "Tenant URL" and "Secret Token" with the information provided by Netwrix Password -Secure Click "Test Connection" When the test has been successful, click on "Save" at the top of the +Secure Click "Test Connection" When the test has been successful, click "Save" at the top of the page Back on the "Provisioning" page, click "Start provisioning" In the settings of the provisioning, check if "Provisioning Status" is set to "On" All allocated users and groups are created in Netwrix Password Secure now -NOTE: Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and +:::note +Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and roles are shown in Netwrix Password Secure. +::: -**CAUTION:** Please note that Azure establishes the connection to Netwrix Password Secure. For this, +:::warning +that Azure establishes the connection to Netwrix Password Secure. For this, the client URL must be accessible from an external network / provisioning agent and any used SSL -certificate must be valid! If the users are not created in Netwrix Password Secure, consult the -Azure Enterprise Application Provisioning log for more information. +certificate must be valid! If the users aren't created in Netwrix Password Secure, consult the +Azure Enterprise Application Provisioning log for troubleshooting details. +::: ### Azure login configuration @@ -123,8 +135,8 @@ To enable the Azure login for your users, a few more steps are required: - Navigate to the Overview page of your Entra ID - Navigate to "App registrations" - If no application is displayed, click "All applications" -- Click on "Netwrix Netwrix Password Secure" and navigate to "Authentication" -- Click on "Add a platform", select "Web" and configure the required URIs: +- Click "Netwrix Netwrix Password Secure" and navigate to "Authentication" +- Click "Add a platform", select "Web" and configure the required URIs: | Client | URI | | ------------------------ | ------------------------------------------------------------------------- | @@ -136,7 +148,7 @@ To enable the Azure login for your users, a few more steps are required: ![web_configuration_entra_id](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/web_configuration_entra_id.webp) -Click on "Add a platform", select "Mobile & desktop applications" and configure the required +Click "Add a platform", select "Mobile & desktop applications" and configure the required mobile-app URI: | Client | URI | @@ -147,7 +159,7 @@ mobile-app URI: #### Create client secret -Navigate to your Netwrix Netwrix Password Secure App registration -> Certificates & secrets -> +Navigate to your Netwrix Password Secure App registration -> Certificates & secrets -> Client secret Create a client secret: @@ -160,11 +172,11 @@ Copy it over to the Netwrix Password Secure Entra ID profile: #### Set API permissions -Finally, the API permissions for the Azure API have to be set, so the login to can be performed +Finally, the API permissions for the Azure API have to be set, so the log in to can be performed successfully. 1. Navigate to "API permissions" and click "Add a permission" 2. Select "Microsoft Graph" and then "Delegated permissions" 3. Set the checkboxes for "openid" and "profile" just under "OpenId permissions" -4. Click on "Add permissions" -5. Click on "Grant admin consent for YOUR_AD_NAME" +4. Click "Add permissions" +5. Click "Grant admin consent for YOUR_AD_NAME" diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md index 8825ca490e..a42dba37cf 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -6,25 +6,25 @@ sidebar_position: 10 # Microsoft Entra ID Services FAQ -## Is it possible to migrate from LDAP to Entra ID? +## Migrating from LDAP to Entra ID -Currently, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is -not possible! +, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is +not possible. -## Which port is used for the SCIM endpoint for provisioning users/groups from Entra ID to the Application Server? +## SCIM endpoint port for provisioning users and groups from Entra ID 11015 is the port that will be used for the communication from Entra ID to Netwrix Password Secure. -## Does the Entra ID connection support nested groups? +## Entra ID connection support for nested groups -Due to Azure based technical limitations, Netwrix Password Secure does not support nested groups. +Due to Azure based technical limitations, Netwrix Password Secure doesn't support nested groups. -## Does Entra ID work on servers that are only available internally? +## Entra ID on internally available servers -An integration on servers, that are not accessible from external sources, the integration of Entra +An integration on servers, that aren't accessible from external sources, the integration of Entra ID is also possible. For this, you can use the [Entra ID on-premises application provisioning to SCIM-enabled apps](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning). -This can be installed on all or only one application server. It must be noted that the IP or DNS +This can be installed on all or only one application server. The IP or DNS name of the "Tenent URL" specified in the subsequently created enterprise application is present in the alternative application names in the server certificate. Tip: `https://127.0.0.1:11015/scim` can also be specified as the "Tenent URL", in which case 127.0.0.1 must again be present in the @@ -52,6 +52,6 @@ alternative application names in the server certificate. - Click "Get started" - Set provisioning mode "Automatic" - Unhide "On-Premises Connectivity" -- Assign the just installed agent to this application by selecting it and click "Assign Agent(s)" +- Assign the just installed agent to this application by selecting it and click "Assign Agents" - It takes about 20 minutes until the agent is correctly connected to your application and you can proceed. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index 05943fedbc..053d386351 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -6,9 +6,9 @@ sidebar_position: 40 # First factor -## What is meant by first factor? +## First factor overview -It is a process that regulates access to our system. +It is a process that regulates access to the system. ## Requirements @@ -25,19 +25,23 @@ The configuration is done via the user setting **First factor**. ![Smartcard 1st factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_2-en.webp) -NOTE: This option is only valid for users in master key mode +:::note +This option is only valid for users in master key mode +::: -**CAUTION:** Be Aware" The smartcard logon tries to determine whether the certificate belongs to the +:::warning +Be Aware" The smartcard logon tries to determine whether the certificate belongs to the user to be logged on based on the applicant in the smartcard certificate. This is done using regex, the default regex `^{username}[.@\\/-_:]({domain})$` or `^({domain})[.@\\/-_:]({username})$` is applied to the applicant. In this case, `{username}` is replaced with the user to be registered and `{domain}` is replaced with the domain in the AD profile in the regex and if the regex query is -positive, the user is registered. If the format of your applicant in your certificates is not +positive, the user is registered. If the format of your applicant in your certificates isn't compatible with these two regex queries, you must set a custom regex query in the Server Manager. -Please note that `{username}` for username and `{domain}` for the AD domain SHOULD be present in the +That `{username}` for username and `{domain}` for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters. +::: -In addition, the smartcard certificate must of course also be valid on the server! +In addition, the smartcard certificate must also be valid on the server. ## Fido2 (only at the Web Application) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md index 1cbe829669..a1411466c8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Managing users -## How are users managed in Netwrix Password Secure? +## User management in Netwrix Password Secure The way in which users are managed is highly dependent on whether Active Directory is connected or not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then @@ -41,15 +41,17 @@ only the differences will be covered below. checking the integrity and hierarchies of various pieces of information with one another but are not required to productively work with the information themselves. This could be a data protection officer or also an administrator in some cases. This would be the case if an administrator was - responsible for issuing permissions to other people but should not be able to view the data + responsible for issuing permissions to other people but shouldn't be able to view the data themselves. The property **restricted user** is used to limit the visibility of the password field. It thus deals with purely administrative users or controlling entities. -NOTE: Restricted users cannot view any passwords +:::note +Restricted users can't view any passwords +::: ### Configuring rights -The second tab of the wizard allows you to define the permissions for the newly created user. If an +The second tab of the wizard lets you define the permissions for the newly created user. If an allocated organisational unit or a rights template group was defined in the first tab, the new user will inherit its permissions. Here, these permissions can be adapted if desired. @@ -61,26 +63,30 @@ globally defined user rights. ## Importing users -Importing from Active Directory can be carried out in two ways that are described in a separate +Importing from Active Directory can be performed in two ways that are described in a separate section. ## User licenses There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all -other editions you can only purchase Advanced view licenses. Please note that licensed Basic view -users are not able to use the Advanced view. However, Advanced view Users can also switch to the +other editions you can only purchase Advanced view licenses. That licensed Basic view +users aren't able to use the Advanced view. However, Advanced view Users can also switch to the Basic view. -**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a -Basic view user! +:::warning +For licensing reasons, it isn't intended to switch from a Advanced view user to a +Basic view user. +::: -Our sales team will be happy to answer any questions you may have about licensing. +The sales team will be happy to answer any questions you may have about licensing. -Display data to which the user is authorized In order to display the data to which a user is -authorized, you must right-click on the corresponding user in the organisational structure. In the +Display data to which the user is authorized to display the data to which a user is +authorized, you must right-click the corresponding user in the organisational structure. In the context menu that opens, you will find the following options under **displaying data records**: Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates -NOTE: All authorizations for a data record are taken into account, regardless of whether you are +:::note +All authorizations for a data record are taken into account, regardless of whether you are authorized by a role or the user. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index 67a274545d..e44381a039 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -9,7 +9,7 @@ sidebar_position: 10 ## User passwords Depending on the type of user, they will either be allocated their password in Netwrix Password -Secure or the login will be carried out using access data for the domain. How the user logs in also +Secure or the login will be performed using access data for the domain. How the user logs in also differs according to the type of user. ### Differences between users and passwords @@ -23,12 +23,12 @@ differs according to the type of user. migration. - **AD users in Master Key mode** These users log in directly with access data for the domain. It is thus not necessary to assign them a password. As these users directly authenticate themselves via - Active Directory, the currently saved password in Active Directory is thus always valid. These + Active Directory, the saved password in Active Directory is thus always valid. These users can still directly log in using the existing password even after a migration ### Required rights -Various rights are required in order to issue or change user passwords. One prerequisite is the user +Various rights are required to issue or change user passwords. One prerequisite is the user right **Can display organisational structure module**. **Read** and **write** rights for the user are also required. Finally, membership of the user is required. Normally, the user themselves and the user who created or imported the user have the right to change their password. @@ -38,11 +38,11 @@ the user who created or imported the user have the right to change their passwor ### Assigning and changing passwords As already explained, local users are directly assigned their initial password when the user is -created. The situation is different for users that are imported in end-to-end mode. They do not +created. The situation is different for users that are imported in end-to-end mode. They don't possess a password directly after the import and can thus not log in. It is thus necessary to assign passwords after the import. -The passwords can be directly assigned or changed via the ribbon. Naturally, it is also possible to +The passwords can be directly assigned or changed via the ribbon. it is also possible to select multiple users if e.g. several imported users should be assigned the same password. ![change password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_2-en.webp) @@ -59,7 +59,7 @@ automatically deactivated after the user has successfully logged in and changed ### Security of passwords -To guarantee that passwords are sufficiently strong, it is recommended that corresponding +To guarantee that passwords are sufficiently strong, corresponding [Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is especially important to ensure here that user names are excluded. The password rule then still needs to be defined as a user password rule. @@ -70,7 +70,7 @@ The process for logging into the database differs depending on the type of user. ### Local user -Local users simply log in using their user name and the assigned password. +Local users log in using their user name and the assigned password. ![login username](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_4-en_415x238.webp) @@ -83,9 +83,11 @@ password the same as local users. If multiple domains have been configured or th with the same name, the name of the domain must be entered in front of the user name The name of the domain must be entered as it is configured in the AD profile under **Domains**. The -option **Other domain names** can be used to save other forms of the domain name. +option **Other domain names** lets you save other forms of the domain name. ![AD User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_6-en.webp) -NOTE: The logon to the client is automatically forwarded to the Autofill Add-on and other clients on +:::note +The logon to the client is automatically forwarded to the Autofill Add-on and other clients on the same computer. The same applies to logging on to the Autofill Add-on. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index cde0c134a8..b43d3a87b8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Multifactor authentication -## What is multifactor authentication? +## Multifactor authentication overview By means of multifactor authentication, you can save the login – in addition to the password – with a further factor. Setting up a multifactor authentication can be done by either the administrator or @@ -19,7 +19,7 @@ Manager. In the database module, open the settings for the selected database via ![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_1-en.webp) -It is possible to separately define in the settings whether it is permitted to use each interface on +You can separately define in the settings whether it is permitted to use each interface on the database. ![multifactor authentication](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_2-en.webp) @@ -29,9 +29,11 @@ the database. In the user settings, it is also possible to define the "Length of validity of a multifactor authentication token" in minutes. -NOTE: In order for a user (administrator) to be able to **configure** multifactor authentication for +:::note +In order for a user (administrator) to be able to **configure** multifactor authentication for other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It is important that these rights exist before Multifactor Authentication is set up. +::: ## Configuration of multifactor authentication @@ -51,18 +53,20 @@ QR code is displayed, which must be scanned using the Google Authenticator app o ![google authenticator](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_4-en.webp) -Once the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must -then enter it in the appropriate field. Finally, click on **Create** in the ribbon. +After the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must +then enter it in the appropriate field. Finally, click **Create** in the ribbon. ## RSA SecurID Token -To set up multifactor authentication using RSA SecurID, simply enter the RSA user name and click +To set up multifactor authentication using RSA SecurID, enter the RSA user name and click **Create** directly in the ribbon. ![RSA SecurID Token](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_5-en.webp) -NOTE: The prerequisite for the use of RSA SecurID token is that the access data has been stored in +:::note +The prerequisite for the use of RSA SecurID token is that the access data has been stored in the Database settings on the Server Manager. +::: ## Public key infrastructure @@ -71,7 +75,7 @@ All eligible certificates are displayed. ![Public key infrastructure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_7-en.webp) -Now just select the desired certificate from the list to confirm the process. +Select the desired certificate from the list to confirm the process. ## Yubico One Time Password @@ -84,7 +88,7 @@ The multifactor authentication can be deleted by the user himself or by another authorization. The rights **Read**, **Write**, **Authorize** and **Delete** are required for another user to perform the deletion. -In order to delete a file, you should go to the main menu. Under **Account** you will find the item +To delete a file, you should go to the main menu. Under **Account** you will find the item **Multifactor Authentication**. An alternative way is to enter the management of multifactor authentication via the organisational structure. To do so, select the corresponding user and click on the **Multifactor Authentication** ribbon. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md index b675535af4..851a53b8dd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -8,7 +8,7 @@ sidebar_position: 20 ## Using OTP in Netwrix Password Secure -A one-time password is a password that is valid once and can be used for authentication or +A one-time password is a password that is valid once and supports authentication or transactions. Accordingly, each additional authentication or authorization requires a new one-time password. @@ -43,10 +43,12 @@ How to use the HTML WebViewer can be read in the chapter with the same name. ##### OTP in Emergency WebViewer -NOTE: The special feature of the Emergency WebViewer is that the stored OTP secret is also +:::note +The special feature of the Emergency WebViewer is that the stored OTP secret is also displayed. +::: -In order to use the One-Time-Password in the +To use the One-Time-Password in the [EmergencyWebViewer](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index e9dbc85a30..7d326780c8 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -30,13 +30,13 @@ The **One Time Password** is entered directly into the corresponding field. ![yubico OTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_3-en.webp) -Once the general terms and conditions have been approved, the API Key can be requested. +After the general terms and conditions have been approved, the API Key can be requested. ![yubico key](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_4-en.webp) ### Configuring the Yubikey API -The actual setting up of the multifactor authentication is carried out on the Server Manager in the +The actual setting up of the multifactor authentication is performed on the Server Manager in the **Database** module. First select the required data base; then open the "Features" in the ribbon. The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and saved. @@ -44,15 +44,17 @@ The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and The interface is now ready and can be used. -NOTE: The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for -communication with Yubico. Please make sure that the Netwrix Password Secure Server can connect to +:::note +The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for +communication with Yubico. ensure that the Netwrix Password Secure Server can connect to this endpoint. +::: ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md) -menu. In order to configure the Yubikey, simply select **Yubico OTP**. +menu. To configure the Yubikey, select **Yubico OTP**. ![setup second factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) @@ -62,7 +64,7 @@ only need to touch the touch panel. The same applies to **Yubikey Nano**. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) The token is entered directly into the corresponding field. The multifactor authentication is -configured once you’ve clicked on configure. +configured after you click configure. ![Configuration yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_8-en.webp) @@ -75,7 +77,7 @@ After the first password authentication, another window for the **Yubico Key** i ![Login yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_10-en.webp) -Click on the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. +Click the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md index 5b197a5b0f..46863699dd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Organisational structure -## What are organisational structures? +## Organisational structures overview The storage of passwords or documents always takes place according to the defined organisational structures. The module enables complex structures to be defined, which later form the basis for the systematic storage of data. It is often possible to define them on the basis of already existing organization diagrams for the company or department. It is also possible to use other criteria, such as the function / activity performed, as the basis for creating hierarchies. It is always up to the -customer themselves to decide which structure is most useful for the purpose of the application. +customer themselves to decide which structure is most useful for the application. ![Organizational structure modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) @@ -38,7 +38,7 @@ remaining actions have already be explained for the password module. ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right mouse button. Due to its complexity, there is a separate section for this function: [User management](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) -- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational +- **Drag & Drop**: If this option has been activated, you can move users or organisational units in list view via drag & drop - **Permissions**: The configuration of permissions within the organisational structure is important both for the administration of the structure and also as the basis for the permissions in @@ -55,24 +55,28 @@ remaining actions have already be explained for the password module. - **Multi Factor authentication**: Additional security during login is provided through positive authentication based on another factor. More on this subject… - **Reset password**: Administrators can reset the passwords with which users log in to Netwrix - Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Password Secure to a defined value. this is only possible if the connection to Active Directory is configured via[End-to-end encryption](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the alternative [Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the authentication is linked to the correct entry of the AD password. -NOTE: To reset a user password, membership for the user is a prerequisite. +:::note +To reset a user password, membership for the user is a prerequisite. +::: The example below shows the configuration of a user where only the user themselves is a member. ![permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) -This configuration means that the user password cannot be reset by administrators. The disadvantage +This configuration means that the user password can't be reset by administrators. The disadvantage is that if the password is lost there is no technical solution for "resetting" the password in the system. -**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has +:::warning +It isn't recommended to configure the permissions so that only the user themselves has membership. No other interventions can be made if the password is then lost. +::: ## Adding local organisational units @@ -85,18 +89,20 @@ wizards. The example below shows the creation of a new organisational unit: ![Add new organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) - **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, - it is not allocated to an existing organisational unit + it isn't allocated to an existing organisational unit - **Rights template group**: If an already existing organisational unit was selected under "allocated organisational unit", you can select one of the existing rights template groups. -NOTE: The organisational unit marked in list view will be used as a default. This applies to the +:::note +The organisational unit marked in list view will be used as a default. This applies to the fields "allocated organisational unit" and also "rights template". +::: ### Create role ![Create role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) -When creating a new organisational unit, the second tab in the wizard enables you to directly create +When creating a new organisational unit, the second tab in the wizard lets you directly create a new role. This role will not only be created but also given "read permission" to the newly created organisational unit. @@ -104,10 +110,12 @@ organisational unit. ![Configuring rights](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) -The third tab of the wizard allows you to define the permissions for the newly created +The third tab of the wizard lets you define the permissions for the newly created organisational unit. If an allocated organisational unit or a rights template group was defined in the first tab, the new organisational unit will inherit its permissions. These permissions can be adapted if desired. -NOTE: The **organisational structure** module is based on the Web Application module of the same +:::note +The **organisational structure** module is based on the Web Application module of the same name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md index 0d090cc864..43b10ab604 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Inheriting permissions -## What is inherited in organisational structures? +## Inheritance in organisational structures -If you open the permissions for an organisational structure, the currently configured permissions +If you open the permissions for an organisational structure, the configured permissions will be visible. In the following example, there are a total of four roles with varying permissions for the organisational structure. @@ -34,5 +34,5 @@ The two highlighted options are now available on the ribbon. Both mechanisms are protected by a confirmation prompt. If both "inherit" and also "overwrite" are selected, "overwrite" is considered the overriding function. -**CAUTION:** Both mechanisms are not protected by user rights. The **authorize** right for the +**CAUTION:** Both mechanisms aren't protected by user rights. The **authorize** right for the organisational structure is required to activate the inheritance or overwrite functions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index ff72a34ad7..ad3e82882c 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -16,7 +16,7 @@ permissions for organisational structures. [Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective [Protective mechanisms](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). - Configuration of the visibility is carried out directly when issuing permissions to + Configuration of the visibility is performed directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: [Inheritance from organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) @@ -32,7 +32,7 @@ interfaces. ## Permissions -The visibility and also inheritance mechanisms are not considered below. This section exclusively +The visibility and also inheritance mechanisms aren't considered below. This section exclusively deals with permissions for the actual organisational structure. It deals with which users and roles have what form of permissions for a given organisational structure. Permissions for organisational structures can be defined via the ribbon or also the context menu that is accessed using the right @@ -40,23 +40,29 @@ mouse button. A permissions tab appears: ![Permissions for OU](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_2-en.webp) -NOTE: The basic mechanisms for setting permissions is described in detail in the Authorization +:::note +The basic mechanisms for setting permissions is described in detail in the Authorization concept. +::: -**CAUTION:** It is important that the permissions displayed here are interpreted correctly! The +:::warning +It is important that the permissions displayed here are interpreted correctly! The example above shows the permissions for the "organisational structure IT". +::: The user Max Muster possesses all rights to the organisational structure IT and can thus edit, -delete and also grant permissions for this structure. +delete, and also grant permissions for this structure. ## The add right -The "add" right holds a special position amongst the available rights because it does not refer to +The "add" right holds a special position amongst the available rights because it doesn't refer to the organisational unit itself but rather to data that will be created within it. In general, it is fair to say that to add objects in an organisational unit requires the add right. If a user wants to add a new record to an organisational unit, the user requires the above-mentioned right. In the example above, only the administrator has the required permissions for adding new records. Even the -IT manager – who possess all other rights to the organisational structure "IT" – does not have the +IT manager – who possess all other rights to the organisational structure "IT" – doesn't have the right to add records. -**CAUTION:** The add right merely describes the right to create objects in an organisational unit. +:::warning +The add right merely describes the right to create objects in an organisational unit. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md index c5ad12aed1..4a651b229f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -30,7 +30,7 @@ and "Linked passwords". ### Trigger -Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. +Triggers describe the conditions that need to be fulfilled so that a Password Reset is performed. There are a total of three possible triggers available: - Reset the password x minutes after the password has been viewed @@ -42,8 +42,10 @@ triggers is equivalent to deactivating the Password Reset. All three triggers ca deactivated independently of one another. Only one selection can be made in each of the three categories. -NOTE: A separate system task within Netwrix Password Secure checks every minute whether a trigger +:::note +A separate system task within Netwrix Password Secure checks every minute whether a trigger applies. +::: ### Scripts @@ -58,12 +60,14 @@ A new dialogue appears after the selection in which the type of system "to be re The functions and configuration process are described in detail in the section Scripts. -NOTE: It is not possible to create a Password Reset without an associated script. +:::note +It isn't possible to create a Password Reset without an associated script. +::: ### Linked passwords All records that should be reset with the Password Reset according to the selected trigger are listed under “Linked passwords”. Multiple objects can be entered. The linked Password Reset is also -visible in the footer of the reading pane once it has been successfully configured. +visible in the footer of the reading pane after it has been successfully configured. ![new script password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index bad456d35f..48d7f773a5 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -6,10 +6,10 @@ sidebar_position: 50 # Heartbeat -## What is the heartbeat? +## Heartbeat overview The heartbeat checks whether passwords in Netwrix Password Secure match the login data on the -relevant systems. This process ensures that the passwords do not differ from one another. +relevant systems. This process ensures that the passwords don't differ from one another. ## Requirements @@ -33,14 +33,14 @@ The testing process using the heartbeat can be executed via various methods. ## Testing via Password Reset -The heartbeat is always carried out before the first resetting process using a Password Reset. After -the script has run, the testing process is carried out again. Further information on this process +The heartbeat is always performed before the first resetting process using a Password Reset. After +the script has run, the testing process is performed again. Further information on this process can also be found in the section [Rollback](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing The heartbeat can be executed in the ribbon for the password module by clicking on **Check login -data**. The currently marked password is always tested. +data**. The marked password is always tested. ### Automatic testing via the password settings @@ -61,8 +61,8 @@ the mouse over the icon. The icon has three different versions. These have the following meanings: -The last test was successful. The password is correct The test could not be performed. For example, -the password could not be reached. The last test was completed. However, the password is different +The last test was successful. The password is correct The test couldn't be performed. For example, +the password couldn't be reached. The last test was completed. However, the password is different to the one on the target system. ## Filtering the results diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md index 6b9cc63df7..897427e618 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -27,7 +27,7 @@ logbook entries are written: | Execution Error | Password Reset | | Error during rollback | Password Reset | -If an attempt was made to perform a rollback, but the rollback cannot be performed because the old +If an attempt was made to perform a rollback, but the rollback can't be performed because the old password was incorrect before the reset, or the first script is of the type “user-defined”, the following logbook entry is written: @@ -36,7 +36,7 @@ following logbook entry is written: | Error during rollback | Password Reset | If a password reset has failed and an attempt is made to perform a rollback, the reset is blocked -for one day and the following logbook entry is written: (It does not matter if the rollback worked +for one day and the following logbook entry is written: (It doesn't matter if the rollback worked or not) | Logbook type | Logbook record | diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md index c84a61949b..5c83f2c151 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Password Reset -## What is a Password Reset? +## Password reset overview The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to a new and unknown value according to freely definable triggers. A trigger could be a definable time @@ -21,9 +21,13 @@ system to a new value. ![Password reset process diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_2-en.webp) -NOTE: If an error occurs during the execution of a password reset, the affected reset is blocked +:::note +If an error occurs during the execution of a password reset, the affected reset is blocked with all associated passwords. This is noted in the logbook with an entry "blocked". +::: -**CAUTION:** Due to the complexity of the process, it is strongly recommended that Password Reset is +:::warning +Due to the complexity of the process, it is strongly recommended that Password Reset is configured **in combination with certified partners**. The desired simplification of work processes using the above-mentioned automated functions is accompanied by numerous risks. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md index 823b2016ae..8e1661e0c7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Rollback -## What is a rollback? +## Rollback overview If an error occurs while running a script, a rollback is initiated. This ensures that the original password is restored. -## When does a rollback run? +## Rollback triggers The following diagram shows when and according to which criteria a rollback is initiated: @@ -25,5 +25,5 @@ rollback. ## Logbook -The logbook can be used to see if a rollback has been run and if it was successful. After a +The logbook lets you see if a rollback has been run and if it was successful. After a rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md index a1b706fffb..9b8dfe8308 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -9,7 +9,7 @@ sidebar_position: 30 ## Available scripts The following scripts are supplied and can be directly used. In all scripts, a password is firstly -selected in the upper section. This is not the password that will be reset on the target system. +selected in the upper section. This isn't the password that will be reset on the target system. Instead, a user should be entered here that can complete the rest of the process on the target system. This password thus requires administrative rights to the target system. @@ -32,7 +32,7 @@ changed. The **host name** – i.e. the target computer – and the **service na ![Service accounts scripts](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) -Please note that the **display name** for the **service** needs to be used. +That the **display name** for the **service** needs to be used. ![display name service](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) @@ -48,7 +48,7 @@ The access data in the associated password can be saved as follows: ## Windows user -This script can be used to reset the passwords for local Windows users. Only the **host name** needs +This script lets you reset the passwords for local Windows users. Only the **host name** needs to be saved here. ![Windows user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 7726d669ff..8b2e929dce 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -8,11 +8,11 @@ sidebar_position: 40 ## Individual solutions using your own scripts -If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible +If your requirements can't be met using the [Scripts](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. -## Storage location, name and call +## Storage location, name, and call The scripts must be saved in the following directory: `C:\ProgramData\MATESO\Password Safe and Repository Service\System\PowerShell` @@ -44,17 +44,17 @@ The following standard parameters can be used here: - UserName: The user name for which the password should be changed - Password: The password that should be reset -- CredentialsUserName: The user name of the user authorized to carry our the reset (e.g. +- CredentialsUserName: The user name of the user authorized to carry the reset (e.g. administrator) - CredentialsPassword: The password of the authorized user ### Scriptblock The **scriptblock** can be used when the script should run in the context of another user. The -actual change is then carried out in the **scriptblock**. +actual change is then performed in the **scriptblock**. It is important in this case that you provide Netwrix Password Secure with feedback about what has -been changed via a **Write-Output**. The following example simply uses the outputs **true** or +been changed via a **Write-Output**. The following example uses the outputs **true** or **false**. However, it is also conceivable that an error message or similar is output. @@ -69,7 +69,7 @@ been changed via a **Write-Output**. The following example simply uses the outpu ``` -Naturally, CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. +CredentialsUserName, and CredentialsPassword can also be directly used in the script (i.e. without the **scriptblock**). You can view the supplied MSSQL script as an example. ### Invoke diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md index 66879a2767..3266a93ab1 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Creating new passwords -## What does creating new passwords/records mean? +## Creating new passwords and records Saving a record/password stores information in the MSSQL database. This process is started in the Passwords module for the client. It is accessed either via the icon in the ribbon, using the @@ -22,7 +22,7 @@ The following 2 user rights are required: ## Selecting a form -When creating a new record, it is possible to select from all the forms for which the logged-in user +When creating a new record, you can select from all the forms for which the logged-in user has the required permissions. To make the selection process as easy as possible, a preview of the form fields included in the form is shown on the right hand side. @@ -51,7 +51,7 @@ record. Both values are optional. - The **validity** defines an end date until which the record is valid. This information can be evaluated e.g. in the logbook or in reports. It is thus possible to create a list of all expired - passwords for a user or an authorized entity. However, it is not possible to limit the usability + passwords for a user or an authorized entity. However, it isn't possible to limit the usability of expired passwords for security reasons. - **Tags** are freely definable properties of records that can be used as search criteria. This also allows thematically linked information to be grouped together. @@ -59,29 +59,35 @@ record. Both values are optional. ## Setting permissions for new records In principle, there are various approaches for setting permissions for newly created records. All of -them have already been described in the Authorization concept section. It is important to note here +them have already been described in the Authorization concept section. note here that **manual setting of permissions is only possible after saving** a record. Automatic permissions are set before the record is saved. In this context, the selection of the organisational structure and the permissions for a record are important aspects. ![permissions new record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_4-en.webp) -- **Manual setting of permissions**: If you want to manually set permissions for the record, select +- **Manual setting of permissions**: To manually set permissions for the record, select the organisational structure in which the record should be saved. After saving the record, the - permissions can be manually amended via the permissions tab in the ribbon. If you only want to - create a personal record for which no other user will receive permissions, simply select your own + permissions can be manually amended via the permissions tab in the ribbon. To + create a personal record for which no other user receives permissions, select your own organisational structure and conclude the process with "save" via the ribbon. -NOTE: If any kind of automatic permissions have been activated for the selected OU, this will always +:::note +If any kind of automatic permissions have been activated for the selected OU, this will always be prioritized. +::: -**CAUTION:** Even when creating private records, inheritance of permissions based on the logged-in +:::warning +Even when creating private records, inheritance of permissions based on the logged-in user can also be activated as an option. This option is described in a separate section. +::: -NOTE: The user right Allow sharing of personal passwords can be used to define that personal -passwords cannot be released to other users. +:::note +The user right Allow sharing of personal passwords lets you define that personal +passwords can't be released to other users. +::: -**Automatic setting of permissions**: Automatic setting of permissions is carried out before the +**Automatic setting of permissions**: Automatic setting of permissions is performed before the record is saved. Irrespective of whether predefined rights or rights inheritance is being used, the -configuration is always carried out in the organisational structure or permissions area. Saving the +configuration is always performed in the organisational structure or permissions area. Saving the record thus completes the process for creating the password including the issuing of permissions. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md index 9d246adca8..af0bba104a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -6,10 +6,10 @@ sidebar_position: 40 # Form field permissions -## What are form field permissions? +## Form field permissions overview The authorization concept allows separate permissions to be set for each object. These objects could -be records, forms or users. Netwrix Password Secure goes one step further in this context. Every +be records, forms, or users. Netwrix Password Secure goes one step further in this context. Every single form field for a record can also be granted with separate permissions. It is thus possible to grant different permissions for the password field of a record than are set for the other fields. @@ -25,11 +25,11 @@ The following options are required to view "inherit" and "overwrite" icons. ## Configuration The associated form field permissions for the marked record can be opened via the ribbon using the -drop-down menu under "Permissions". +dropdown menu under "Permissions". ![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_1-en.webp) -The window that opens allows you to select the relevant form field for which you want to grant +The window that opens lets you select the relevant form field for which you want to grant permissions. The following example focuses on the password field. ![permissions of password field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md index 2b897e9f10..45e7e23ae7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/history.md @@ -6,17 +6,17 @@ sidebar_position: 60 # History -## What is the history? +## History overview Alongside saving passwords and keeping them safe, the ability to trace changes to records also has great relevance. The history maintains a seamless account of the versions for all form fields in a -record. Every change to records is separately recorded, saved and can thus also be restored. In +record. Every change to records is separately recorded, saved, and can thus also be restored. In addition, it is always possible to compare historical values with the current version. The history is thus an indispensable component of every security concept. ## The history in the reading pane -The optional footer area can be used to already display the history when in the reading pane. All of +The optional footer area lets you already display the history when in the reading pane. All of the historical entries are listed and sorted in chronological order. ![history in footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) @@ -29,7 +29,7 @@ in the ribbon or via a double click. ## Detailed history in the Extras -The detailed history for the record marked in list view can be called up in the Start/Extras tab. +The detailed history for the record marked in list view can be opened in the Start/Extras tab. ![History](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) @@ -40,7 +40,7 @@ versions with the date and time of their last change are sorted in chronological ## Comparison of versions -At least two versions need to be selected in order to carry out a comparison. In list view, mark the +At least two versions need to be selected to carry out a comparison. In list view, mark the first version and then add another version via the “Add” button on the right of the reading pane to compare with the first one. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md index 345a9483b1..bcb5c6a20a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -6,14 +6,14 @@ sidebar_position: 30 # Moving passwords -## What happens when records are moved? +## Record movement behavior -Data can be moved within Netwrix Password Secure to another organisational structure. This does not +Data can be moved within Netwrix Password Secure to another organisational structure. This doesn't necessarily have to be linked to a change in permissions (the effects are described separately below). Moving records without changing the permissions mainly has effects on the filtering or search functions for records. -## How do you move a record? +## Move a record The (marked) records are moved either via the ribbon or via the context menu that is accessed using the right mouse button. @@ -25,7 +25,7 @@ records in this case. ### Required permissions -No special user rights/settings are required in order to move records. The “move” right for the +No special user rights/settings are required to move records. The “move” right for the record is the only deciding factor. ![required permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_2-en.webp) @@ -34,15 +34,17 @@ record is the only deciding factor. ![effects on existing permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_3-en.webp) -- **Retain permissions**: The permissions for the record are not changed by moving it and are +- **Retain permissions**: The permissions for the record aren't changed by moving it and are retained - **Overwrite permissions**: The permissions for the record are overwritten by the target OU - **Extend permissions**: The existing permissions are extended to include the permissions for the target OU -**CAUTION:** From a technical perspective, all rights will be removed from the record when +:::warning +From a technical perspective, all rights will be removed from the record when overwriting the permissions. The permissions will then be applied to the record in accordance with -the rights template or inheritance from organisational structures. It is important to note here that +the rights template or inheritance from organisational structures. note here that it is theoretically possible to remove your own rights to the record! The rights change will only be -carried out if at least one user retains the right to issue permissions as a result. Otherwise, the +performed if at least one user retains the right to issue permissions as a result. Otherwise, the rights change will be cancelled with a corresponding message. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md index bcb187aa92..740f5260b9 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -6,16 +6,16 @@ sidebar_position: 50 # Password settings -## What are password settings? +## Password settings overview -The password settings can be used to define a diverse range of options. These can be found in the +The password settings let you define a diverse range of options. These can be found in the ribbon in the subsection “Extras”. The settings open up in a new tab. ![password settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings_1-en.webp) ### Category: Browser -- **Default browser**: This option can be used to define a default browser for every record +- **Default browser**: This option lets you define a default browser for every record separately. You can select from all browsers that have been registered as a browser in Windows. ### Category: SSO @@ -26,7 +26,7 @@ ribbon in the subsection “Extras”. The settings open up in a new tab. - **Browser Extensions**: Automatically fill login masks: This setting defines whether the login masks are automatically filled when logging in via SSO. This is the case when the user is located on a login page. If the record for this page has been saved, the login mask will be filled if this - option has been activated. Otherwise, this step needs to be carried out manually via the add-on. + option has been activated. Otherwise, this step needs to be performed manually via the add-on. If multiple records have been saved for this page, the user must complete this step manually via the add-on in both cases. - **Browser Extensions**: Automatically send login masks: If this option has been activated, the diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md index 205a7fddfa..97b6c21c94 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/passwords.md @@ -6,13 +6,12 @@ sidebar_position: 10 # Passwords -## What are passwords? +## Passwords overview In Netwrix Password Secure v8, the data record with the passwords represents the central data object. The Passwords module provides administrators and users with central access to the passwords -for the purpose of handling this sensitive data that requires protection. Search filters in -combination with color-highlighted tags enable very focussed work. Various approaches can be used to -help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module +to handle this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. Various approaches help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module helps all users to use Netwrix Password Secure in an efficient and targeted manner. ![Password modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_1-en.webp) @@ -40,7 +39,7 @@ The module-specific ribbon functions will be explained below. - **Open**: Opens the object marked in list view and provides further information about the record in the reading pane. - **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). -- **Reveal**: The function **Reveal** can be used for all records that have a password field. The +- **Reveal**: The function **Reveal** supports all records that have a password field. The passwords in the reading pane will be revealed. In the example, the passwords have been revealed and can be hidden again with the **Hide** button. @@ -49,10 +48,10 @@ The module-specific ribbon functions will be explained below. ### Actions - **Notifications**: Defining notifications enables a constant flow of information about any type of - interaction. The issuing of notifications is carried out in the module designed for this purpose. + interaction. The issuing of notifications is performed in the module designed for this purpose. - **Duplicate**: Duplicating creates an exact copy of the record in a new tab. - **Move**: Moves the record marked in list view to another organisational structure. -- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch +- **Toggle** **Favorite**: The selected record is marked as a favorite. You can switch between all records and favorites at any time. - **Quick view**: A modal window opens for the selected record for 15 seconds and displays all available information **including the value of the password**. @@ -60,7 +59,7 @@ The module-specific ribbon functions will be explained below. ### Permissions -- **Permissions**: The drop-down menu can be used to set both password permissions and also form +- **Permissions**: The dropdown menu lets you set both password permissions and also form field permissions. This method only allows the manual setting of permissions for data (see authorization concept) @@ -86,7 +85,7 @@ Conveniently working with passwords is only possible via the efficient usage of via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with (unsecure) entries via "copy & paste". -- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open +- **Open web page**: If an URL is saved in the record, this menu option lets you directly open it. - **Applications**: If applications have been linked to records, they can be directly opened via the "start menu". @@ -98,18 +97,22 @@ via RDP, SSH, general Windows applications or websites. This makes it possible t ![external link](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_5-en.webp) -**CAUTION:** If several sessions are opened on a client, an external link is always called in the +:::warning +If several sessions are opened on a client, an external link is always called in the first session. +::: - **History**: This icon opens the history for those records selected in list view in a new tab. Due to the comprehensive recording of historical versions of passwords, it is now possible to compare several versions with one another. -- **Print**: This option can be used to open the print function. -- **Export**: It is possible to export all the selected records and also the data defined by the +- **Print**: This option lets you open the print function. +- **Export**: You can export all the selected records and also the data defined by the filter to a .csv file. -- **Change form**: It is possible to change the form used for individual records. "Mapping" of the - previous form fields can be directly carried out in the process. +- **Change form**: You can change the form used for individual records. "Mapping" of the + previous form fields can be directly performed in the process. - **Settings**: The password settings are described in a separate section. -NOTE: The password module is based on the module of the same name in the Web Application. Both +:::note +The password module is based on the module of the same name in the Web Application. Both modules have a different scope and design. However, they are almost identical to use. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md index 66989e5558..7c171c258e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -6,12 +6,12 @@ sidebar_position: 70 # Recycle Bin -This option allows you to view and permanently delete deleted passwords to which you are entitled. +This option lets you view and permanently delete deleted passwords to which you are entitled. ## Procedure for deleting passwords To put passwords into the recycle bin there are 2 possible procedures. Select the passwords you want -to delete and click on **Move to bin (1)** or right-click on the passwords and select **Move to +to delete and click **Move to bin (1)** or right-click the passwords and select **Move to bin(2)**. ![bin_2](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/bin_2.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md index f9080a3f71..9ee7586774 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Revealing passwords -## What is involved in revealing passwords? +## Revealing passwords overview Not all information is encrypted by the MSSQL database in Netwrix Password Secure for performance reasons. Only the password itself (=secret) is encrypted with the help of the used encryption @@ -29,7 +29,7 @@ means the user can view the value of the password using the "reveal" function. ## Revealing passwords – diagram -In this context, it is important to note that the word "reveal" does not really accurately describe +In this context, the word "reveal" doesn't really accurately describe this process. It creates the **incorrect** impression that the client already has the password and only needs to reveal it. However, the processes running in the background until the password are revealed are much more complex and will thus be described below. @@ -40,21 +40,21 @@ revealed are much more complex and will thus be described below. Even though you would assume the opposite, at the start a masked password (\*) is neither available on the client nor the server in plain text! The password is stored as part of the MSSQL database in -a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it is not -currently possible either on the server or the client to view the password. If you mark a record, -the password is not available at all on the client and is encrypted on the server before it is +a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it isn't + possible either on the server or the client to view the password. If you mark a record, +the password isn't available at all on the client and is encrypted on the server before it is revealed. ### The encrypted password is requested Pressing the "reveal"- button triggers the process for requesting the password. A request is sent to -the server to apply for the encrypted password to be released. The server itself does not possess +the server to apply for the encrypted password to be released. The server itself doesn't possess the required key (private key) to decrypt the password. Therefore, it can only deliver the **encrypted value**. ### Checking the permissions -Whether the request sent in step 2 is approved is defined in the authorization concept. Once the +Whether the request sent in step 2 is approved is defined in the authorization concept. After the request has been received, the server checks whether the user possess the required rights. It also checks the possible existence of other security mechanisms such as a seal or password masking. If the necessary requirements for releasing the password have been met, the server now sends the diff --git a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md index 903b67f780..e2c887442b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Roles -## What are roles? +## Roles overview Each employee in a company is ultimately a member of a department and / or part of a particular function level. These departments or groups are mapped within Netwrix Password Secure using the role @@ -55,25 +55,29 @@ present in a company is the starting point for the success of Netwrix Password S design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all the requirements of all project participants have been met. -## Why are there no groups? +## Roles instead of groups Netwrix Password Secure enforces the avoidance of unnecessary structures through the role concept. A -group-in-group nesting is not supported – and is not necessary at all. The resultant increase in +group-in-group nesting isn't supported – and isn't necessary at all. The resultant increase in performance as well as increased overview promotes efficiency and effectiveness. The elegant interplay of organisational structures, roles, and granular filter options can cover all customer-specific scenarios. -NOTE: This architecture makes nesting of roles obsolete. +:::note +This architecture makes nesting of roles obsolete. +::: ## Overview of members for a role As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with -permissions but without membership of the role are not taken into account. +permissions but without membership of the role aren't taken into account. ![role overview](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) -NOTE: The roles module is based on the +:::note +The roles module is based on the [Roles module](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md index cbd4dd26ae..806054cd15 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Account -## What is an account? +## Account overview -Users can configure all user-specific information in their account. It should be noted that if the +Users can configure all user-specific information in their account. If the [Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) process is used, user data will always be taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. @@ -21,35 +21,45 @@ All of the information in the contact and address sections can be defined under areas of the profile overlap with the **management of users.** This information is explained in [Managing users](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). -NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this +:::note +No changes can be made to users that were imported from AD using Master Key mode. In this case, all information will be imported from AD. +::: #### Editing user image A new image can be added or the existing one replaced or deleted by clicking on the profile image. -NOTE: No changes can be made to users that were imported from AD with the aid of Master Key mode. If +:::note +No changes can be made to users that were imported from AD with the aid of Master Key mode. If an image has been saved in AD, it will be used here. +::: #### Change password -It is recommended that the user password is changed on a regular basis. If you want to use a new -password, it is necessary to enter the existing password in advance. The strength of the password -will be directly displayed. +The user password is changed on a regular basis. To use a new +password, you must enter the existing password in advance. The strength of the password +is directly displayed. -NOTE: Users who were imported from AD with the aid of Master Key mode log in with the domain +:::note +Users who were imported from AD with the aid of Master Key mode log in with the domain password. Therefore, no password can be configured in this case. +::: -NOTE: The strength of the user password can be stipulated by administration through the issuing of +:::note +The strength of the user password can be stipulated by administration through the issuing of password rules. +::: -NOTE: If a user changes his or her password, all sessions that are still open are automatically +:::note +If a user changes his or her password, all sessions that are still open are automatically terminated. +::: #### Multifactor authentication Multifactor authentication provides additional protection through a second login authentication -using a hardware token. The configuration is carried out via the ribbon in the “Security” section. +using a hardware token. The configuration is performed via the ribbon in the “Security” section. See also in [Multifactor authentication](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) @@ -57,7 +67,7 @@ See also in #### Configure autologin -This option can be used to automate the login to Netwrix Password Secure. For setup, just enter the +This option lets you automate the log in to Netwrix Password Secure. For setup, enter the password twice and save it. The autologin is linked to the hardware and thus will not work on a different computer. If you @@ -71,11 +81,15 @@ User right - Can manage autologin -**CAUTION:** The automatic login should be handled as a process critical to security. It is -important to note that all data can be accessed, for example, if you forget to lock the computer. +:::warning +The automatic login should be handled as a process critical to security. It is +important to all data can be accessed, for example, if you forget to lock the computer. +::: -NOTE: For security reasons, the autologin is only valid for 180 days and then needs to be +:::note +For security reasons, the autologin is only valid for 180 days and then needs to be subsequently renewed. +::: #### Reset settings @@ -84,6 +98,6 @@ etc. to the default values. #### Start offline synchronization -If you have made changes to the database and do not want to wait for the next automatic +If you have made changes to the database and don't want to wait for the next automatic synchronization, an offline synchronization can also be started manually. The synchronization runs in the background and is indicated by a status bar in the footer as well as by the icon. More… diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md index 07d7869388..d6e435b9f4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/administration.md @@ -13,11 +13,11 @@ purely informative in character and thus no configurations can be made here. ![installation_with_parameters_120](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_120.webp) -The session view starts in the currently active module in a separate tab. +The session view starts in the active module in a separate tab. #### Locked users -All currently locked users can also be retrieved. There are two scenarios here: +All locked users can also be retrieved. There are two scenarios here: 1. User name correct, password incorrect: The user name is displayed 2. User name incorrect: The client is displayed @@ -31,7 +31,7 @@ case can be seen. Password rules can be defined for both user passwords and also for WebViewer exports that then need to be fulfilled. In the following example, a user password must correspond to the “default password” -rule in order to be valid +rule to be valid ![Standard password rule](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_122-en_677x129.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md index 4b64cbaac9..379b0b4444 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export.md @@ -6,18 +6,20 @@ sidebar_position: 80 # Export -## What is an export? +## Export overview An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and automated [System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from Netwrix Password Secure in this manner. -**CAUTION:** Please note that extracting passwords is always associated with a weakening of the +:::warning +that extracting passwords is always associated with a weakening of the security concept. The informative value of the logbook will suffer when data is exported because the revision of this data will no longer be logged. This aspect needs to be taken into account particularly in conjunction with the Netwrix Password Secure -[Export wizard](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +[Export wizard](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result isn't separately secured by a password. +::: The export function is accessed via the Main menu/Export. There are two fundamental types of export – the WebViewer export and the export wizard. However, the latter is divided into four @@ -39,7 +41,7 @@ rights ![Export in the ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) -In this example, the marked role IT employee does not have the required permissions to export the +In this example, the marked role IT employee doesn't have the required permissions to export the record. In contrast, the IT manager does have the required permissions. In addition, the administrator possesses all rights, including the right to export. @@ -51,6 +53,8 @@ User right - Can export -NOTE: If a record is exported, this user right and also the corresponding permissions for the record +:::note +If a record is exported, this user right and also the corresponding permissions for the record must be set. The user right defines whether a user can generally export data, while the permissions for the record define which records can be exported. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md index 3da7f42246..eb66951c00 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -6,18 +6,18 @@ sidebar_position: 20 # Export wizard -## What export wizards are there? +## Available export wizards There are a total of four different export wizards. ![installation_with_parameters_74_548x283](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_74_548x283.webp) The functionality of these wizards only differs based on the data to be exported. A distinction is -made between passwords, organisational structures, forms and applications. **As all four wizards are +made between passwords, organisational structures, forms, and applications. **As all four wizards are handled in the same way, the following section will only describe the password export wizard.** The remaining three wizards function in the same way. -## What is the password export wizard? +## Password export wizard overview This wizard allows records to be exported in standard.csv format. In contrast to the [HTML WebViewer export](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is @@ -38,7 +38,7 @@ The export wizard can be accessed in a variety of different ways: The password export wizard can be started via the ribbon in two ways. **Selected passwords** exports only those passwords marked in list view, whereby **Passwords based on the filter** uses the -currently defined filter settings as the criteria. + defined filter settings as the criteria. The wizard @@ -47,12 +47,12 @@ corresponding preview is also provided. ![installation_with_parameters_76](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_76.webp) -Once the wizard has been completed, the desired export is created and saved to the defined storage +After the wizard has been completed, the desired export is created and saved to the defined storage location. -**CAUTION:** It is important to once again point out the sensitive nature of this export function +**CAUTION:** once again point out the sensitive nature of this export function that could have critical consequences from a security perspective. As the required permissions for this export are generally only granted to users/roles with higher positions in the hierarchy, this -subject is even more relevant from a security perspective: It is possible to export all passwords +subject is even more relevant from a security perspective: You can export all passwords for which a user has the required permissions. Administrators could thus (intentionally or unintentionally) cause more damage per se. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index 1c56da98c4..b416b92549 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -6,7 +6,7 @@ sidebar_position: 10 # HTML WebViewer export -## What is a HTML WebViewer export? +## HTML WebViewer export overview The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the @@ -16,7 +16,7 @@ has the corresponding permissions are exported. They are displayed in a current ## Data security -- Naturally, the HTML WebViewer file is **encrypted** +- the HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords @@ -97,7 +97,9 @@ stick, external HDD, …). The **HTML file** can be opened in a standard browser **Netwrix Password Secure – HTML WebViewer / Login** when started. The **database** and the **user name** are predefined. The user \*password is used for the login. -**CAUTION:** The login mask is blocked for a period of time if the password is incorrectly entered! +:::warning +The login mask is blocked for a period of time if the password is incorrectly entered. +::: 1. Database: Predefined 2. User: Predefined @@ -110,7 +112,9 @@ name** are predefined. The user \*password is used for the login. After logging in to Netwrix Password Secure, the overview page for the \*HTML- WebViewer \* with the passwords is displayed. -NOTE: Use the password search function in the event of more than 20 passwords! +:::note +Use the password search function if there are more than 20 passwords. +::: 1. Displayoftherecords(max.20) 2. Detailedinformationontheselectedrecord @@ -122,10 +126,12 @@ NOTE: Use the password search function in the event of more than 20 passwords! #### Closing the HTML WebViewer overview -You can log out by clicking on **Logout**. In the event of a longer period of inactivity, the user +You can log out by clicking **Logout**. After a longer period of inactivity, the user will be **automatically logged out after a set period of time has expired (time until logout).** -NOTE: You have been logged out due to inactivity. +:::note +You have been logged out due to inactivity. +::: The browser will then show the **Netwrix Password Secure– HTML WebViewer / Login** again and also -the reason for being logged out. It is possible to log in again. +the reason for being logged out. You can log in again. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md index 9f19ee94e9..0c4212170a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Extras -## What are Extras? +## Extras overview -Netwrix Password Secure provides a diverse range of supporting features that do not directly provide +Netwrix Password Secure provides a diverse range of supporting features that don't directly provide added value but mostly build on existing approaches and expand their functionalities. They are work-saving features that in total simplify the process of working with Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md index ed40a0c82a..81b6af4a5e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Image management -## What is image management? +## Image management overview All logos and icons are managed in the image management. They can then be linked to the corresponding data records. The images are then displayed in the Basic view as well as in the list @@ -21,8 +21,10 @@ The following options are required: - Can upload new password images - Can manage password images -NOTE: It is important that the setting “Ask for Favicon-Download “ is only considered, if the right -“Can upload new password images “ has been activated! +:::note +It is important that the setting “Ask for Favicon-Download “ is only considered, if the right +“Can upload new password images “ has been activated. +::: #### Managing Icons/Logos @@ -30,7 +32,7 @@ There are two ways to upload icons. 1. By creating or saving the dataset. -In order to import favicons directly when saving the data set, the following preconditions must be +To import favicons directly when saving the data set, the following preconditions must be met: - Setting “Ask Favicon-Download “ is activated. @@ -40,7 +42,9 @@ If these preconditions are met, the stored URL is checked for the favicon when s record. If a favicon is found, it will be imported into the database and displayed in the data record in future. -NOTE: If there are several deposited, always use the first one. +:::note +If there are several deposited, always use the first one. +::: 2. Manual filing @@ -49,7 +53,7 @@ possibility to store icons and logos manually. ![Image management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) -Click on the + symbol to open the mask for creating images. +Click the + symbol to open the mask for creating images. ![add image](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_108-en.webp) @@ -62,9 +66,11 @@ Click on the + symbol to open the mask for creating images. - **Applications**: URL stored in the application -> attached tags -> application name - ![icon_open_folder](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/icon_open_folder.webp) - This symbol can be used to upload locally saved icons and logos. + This symbol lets you upload locally saved icons and logos. -NOTE: Please note that the icons and logos are not stored locally, but in the database. +:::note +that the icons and logos aren't stored locally, but in the database. +::: ## Conditions diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md index 6388c732b4..166ec73a58 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Password generator -## What is the password generator? +## Password generator overview -The complexity of passwords is generally determined by their randomness. In order to be able to rely +The complexity of passwords is generally determined by their randomness. To be able to rely 100% on the fact that the passwords are randomly generated, an algorithm for generating passwords is indispensable. The password generator performs this function and is completely integrated into the software. @@ -24,7 +24,7 @@ The password generator can be opened in different ways: ![Password generator](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_83-en.webp) -- **When creating new records:** Once the password field has been selected in the reading pane, the +- **When creating new records:** After the password field has been selected in the reading pane, the password generator can then be directly opened in the “Form field” tab via the ribbon. Passwords generated here can be directly entered into the password field for the new record using the “Adopt” button. Alternatively: The password generator can also be accessed on the right in the @@ -33,7 +33,7 @@ The password generator can be opened in different ways: ## Functionality The Character section is used to define the character groups that should form part of the password. -This section can also be used to exclude (special) characters. Once the password length has been +This section can also be used to exclude (special) characters. After the password length has been defined, a preview of a password that corresponds to the configured criteria is displayed on the bottom edge of the password generator. The “shuffle function” can be activated via the icon on the right next to the password preview. This will generate a new password in accordance with the defined @@ -42,7 +42,7 @@ criteria. #### Phonetic passwords This type of password can be recognised by the fact that it is relatively easy to remember (they are -“readable”) but do not have any association to terms found in dictionaries. Only the number of +“readable”) but don't have any association to terms found in dictionaries. Only the number of syllables and the total length are defined in this case. Options that can be set are how the syllables are @@ -52,7 +52,7 @@ separated and whether to use LeetSpeak. Password rule -Already defined[Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the +Already defined [Password rules](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md) simplify the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md index 0af1b5fa65..5335c5a08a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password rules -## What are password rules? +## Password rules overview It is generally recommended that passwords should consist of at least 12 different characters, be complex and be automatically created. Rules set guidelines that can be made binding for users – @@ -26,7 +26,7 @@ User right ## Managing password rules If “Password rules” is selected under Main menu/Extras, the available password rules will appear in -a separate tab in the currently active module. +a separate tab in the active module. ![installation_with_parameters_98](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) @@ -39,14 +39,14 @@ configuration for this rule: to contain according to this rule. The required Password quality is an internal measure of security, which is calculated for this rule. This value always lies between 1 (very unsecure) and 100 (maximum security). -- **Categories:** A password can consist of a total of four categories. It is possible to define +- **Categories:** A password can consist of a total of four categories. You can define which of these categories to use and also how many of them to use. - **Forbidden characters**: It is also possible to exclude some special characters. These characters need to be entered in the list without separators. - **Forbidden passwords:** Some passwords and the user name can also be added to the list of forbidden passwords - **Preview rules:** When new rules are created, an example password is generated that conforms to - the configured rules. This is only the case for passwords with a minimum length of 3 characters! + the configured rules. This is only the case for passwords with a minimum length of 3 characters. ## Using password rules @@ -57,7 +57,7 @@ Once password rules have been defined, they can be productively used in two diff When a password field is defined in a form, one of the defined password rules can be set as the default. This means that the default will always be used when a new password is created. In this -way, it is possible to ensure that the required level of complexity is maintained for certain +way, you can ensure that the required level of complexity is maintained for certain passwords. ![installation_with_parameters_99](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_99.webp) @@ -70,13 +70,15 @@ field is used for this purpose. ## Defining standard rules for user passwords -If Master Key mode is not being used, users can change their passwords in Netwrix Password Secure. +If Master Key mode isn't being used, users can change their passwords in Netwrix Password Secure. The administrator can define the password strength required for these passwords by using standard password rules. ## Visibility -The password rules themselves are not subject to any permissions. All defined rules are therefore +The password rules themselves aren't subject to any permissions. All defined rules are therefore available to all users. The rules are managed from the Main menu. -NOTE: Users can only manage the rules if they have the appropriate user right +:::note +Users can only manage the rules if they have the appropriate user right +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md index e2ba5eac4d..4b75395572 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/reports.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Reports -## What are reports? +## Reports overview Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix Password Secure. Similar to selectively configurable @@ -19,7 +19,9 @@ the creation of a report. This process can also be automated via ![reports](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) -NOTE: Reports only ever contain information for which the user has the required permissions. +:::note +Reports only ever contain information for which the user has the required permissions. +::: A separate tab for managing existing reports and creating new reports can be opened in the current module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the @@ -29,7 +31,7 @@ contents are always the same. The filter on the left has no relevance in relation to reports. Although reports can also be “tagged” in theory, filtering has no effect on the reports. In -[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), there are currently three +[List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), there are three configured report requests shown. #### Creating a report request @@ -37,11 +39,11 @@ configured report requests shown. New report requests can be created in list view via the ribbon or also the context menu that is accessed using the right mouse button. The form for creating a new report request again opens in a separate tab. Alongside a diverse range of variables, the report type can be defined using a -drop-down list. There are currently dozens of report types available. +dropdown list. There are dozens of report types available. ![installation_with_parameters_80](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) -The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a +The filter lets you define the scope of the report e.g. to focus on a certain OU or a selection of tags. Once saved, the report will now be shown in the list of report requests. ###### Manually create reports @@ -53,5 +55,5 @@ displayed in the default web browser if desired. Automated sending of reports via system tasks -In general, reports are not manually created but are automatically sent to defined recipients. This +In general, reports aren't manually created but are automatically sent to defined recipients. This is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md index d2755fbdfc..3218fff171 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Seal templates -## What are the seal templates? +## Seal templates overview The configuration of [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be @@ -18,14 +18,18 @@ and very fast. ![Seal templates](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_101-en.webp) -NOTE: A separate tab opens in the active module in order to edit the default templates +:::note +A separate tab opens in the active module to edit the default templates +::: ## Creating templates -**CAUTION:** The right Can manage seal templates is required +:::warning +The right Can manage seal templates is required +::: When creating seals, the seal can be saved as a template using the wizard. All templates saved in -this way are listed in the overview of the seal templates. Furthermore, it is possible to edit +this way are listed in the overview of the seal templates. Furthermore, you can edit existing templates directly or create new ones via the button in the ribbon. This is done in the same way as the seal assistant. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index 61492bba8b..472e12343e 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -6,11 +6,11 @@ sidebar_position: 10 # EmergencyWebViewer -## What is an Emergency WebViewer export? +## Emergency WebViewer export overview -Safeguarding data is essential and this should be carried out using +Safeguarding data is essential and this should be performed using [Backup management](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due +However, a backup isn't sufficient in some cases e.g. if a backup can't be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -21,26 +21,30 @@ the core system of the backup mechanism. ## Creation of the file and key The **Emergency WebViewer Export** is created in Netwrix Password Secure as a -**[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +**[System tasks](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task lets you guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The associated key is only created once at the beginning and needs to be saved. The current version of the **HTML file** can only be decrypted using this **key**. -**CAUTION:** The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto -a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! +:::warning +The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto +a secure medium (USB stick, HDD, CD/DVD, ...) and kept in a secure location. +::: ## Data security -• Naturally, the HTML WebViewer file is encrypted +• the HTML WebViewer file is encrypted • The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) • The file can only be encrypted using the **PrivateKey.prvkey** file -**CAUTION:** The export right for the passwords is not required for the Emergency WebViewer Export! +:::warning +The export right for the passwords isn't required for the Emergency WebViewer Export. +::: ## Required rights @@ -55,9 +59,9 @@ The **Emergency WebViewer Export** creates two associated files. 1. The file **Emergency WebViewer.html** is created on the computer executing the task 2. The associated key **PrivateKey.prvkey** is created on the client. -## Calling up the Emergency WebViewer Export +## Opening the Emergency WebViewer Export -The Emergency WebViewer Export is set up as a **system task**. It can be called up in the main menu +The Emergency WebViewer Export is set up as a **system task**. It can be opened in the main menu under **Extras -> System Tasks**. ![installation_with_parameters_90_831x487](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_90_831x487.webp) @@ -69,7 +73,7 @@ Clicking on New opens a new window and the **Emergency WebViewer Export** can be ![installation_with_parameters_91_578x390](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_91_578x390.webp) -It is not possible to use the **Emergency WebViewer Export** with an **Active Directory user.** +It isn't possible to use the **Emergency WebViewer Export** with an **Active Directory user.** ![installation_with_parameters_92_467x103](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_92_467x103.webp) @@ -89,12 +93,14 @@ in accordance with the requirements. 5. **Executing server (optional)** Address (IP) of the additional server 6. **Tags** Freely definable characteristics of records -**CAUTION:** The private key for the Emergency WebViewer must be saved before the system task can be -saved! +:::warning +The private key for the Emergency WebViewer must be saved before the system task can be +saved. +::: ## Displaying the Emergency WebViewer Export tasks -Once the configuration has been completed, the **system task** is displayed in the current module in +After the configuration has been completed, the **system task** is displayed in the current module in the **System Tasks** tab. The user has the option of checking the data here @@ -109,9 +115,13 @@ the password backup. 1. Emergency WebViewer.html 2. PrivateKey.prvkey -**CAUTION:** The file Emergency WebViewer.html is saved on the server executing the task. The +:::warning +The file Emergency WebViewer.html is saved on the server executing the task. The +::: -**CAUTION:** key PrivateKey.prvkey needs to be securely saved by the user!\* +:::warning +key PrivateKey.prvkey needs to be securely saved by the user!\* +::: The **Emergency WebViewer Export** is used in the same way as the **WebViewer export**. The **passwords** are displayed in a current browser. The passwords are accessed in the **Emergency @@ -119,8 +129,10 @@ WebViewer Export** with the **user password** and the **key** saved for the user function is used to select the **key (PrivateKey.prvkey)** and also to check its **validity**. If all data has been correctly entered, it is then possible to log in. -NOTE: The current user needs to log in using their password. If an incorrect password is entered, +:::note +The current user needs to log in using their password. If an incorrect password is entered, access is temporarily blocked. +::: Login data @@ -145,7 +157,7 @@ The following data is displayed in the overview: Overview data: -1. Display of the currently available records +1. Display of the available records 2. Detailed information on the selected record 3. Search, logout, timeout until logout 4. Copy password to clipboard @@ -159,7 +171,9 @@ closed by clicking on **Logout**. If the user is **inactive** for **60 seconds**, he is automatically **logged out** and the **login** is displayed with additional information. -NOTE: You have been logged out due to inactivity +:::note +You have been logged out due to inactivity +::: The user can log in again using the **password** and **key** as described above. After successfully logging in, the **Emergency WebViewer Export overview** is displayed again. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md index 7433e80cc0..3dc0e52a4d 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -6,10 +6,10 @@ sidebar_position: 40 # System tasks -## What are system tasks? +## System tasks overview Netwrix Password Secure supports administrators and users by automating repetitive tasks. These are -represented as system tasks. Predefined tasks can thus be carried out at freely defined intervals. +represented as system tasks. Predefined tasks can thus be performed at freely defined intervals. ![System Tasks](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_85-en.webp) @@ -25,9 +25,9 @@ User right - Can manage Emergency WebViewer export system tasks - Can manage WebViewer export system tasks -## What can be automated? +## Automation capabilities -There are currently four different work processes that can be automated using system tasks: +There are four different work processes that can be automated using system tasks: - **HTML WebViewer export:** Exports a freely definable selection of records in an AES-256 encrypted HTML file. The file is saved in the form of notifications. @@ -36,7 +36,7 @@ There are currently four different work processes that can be automated using sy - **Network service scan:** Searches for service accounts on the network at defined cycles - **Active Directory synchronization:** The comparison with Active Directory can also be automated via system tasks. This requires an active directory profile to be created in advance. It is - important to note that only the Master Key profile can be automatically compared. + important to only the Master Key profile can be automatically compared. ## Creating system tasks @@ -46,11 +46,11 @@ selected from the four above-mentioned work processes. ![installation_with_parameters_86](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_86.webp) -Naturally, the four work processes also share some similarities in their configuration. +the four work processes also share some similarities in their configuration. - **Status:** The system task is normally activated and then starts immediately after it has been saved according to the defined intervals. If the system task is deactivated here, it is still - saved but is not yet activated. + saved but isn't yet activated. - **Next run:** This setting describes when the system task will be performed or when it was already performed for the first time (if this task was already created and is now being edited) - **Interval:** The interval at which the system task should be executed is defined here. All @@ -86,13 +86,15 @@ Active Directory synchronization Emergency WebViewer export - The Emergency WebViewer export creates an encrypted HTML file that contains all passwords. In an - emergency, the data required to get the system up and running again can be accessed in this file. + emergency, the data required to restore the system can be accessed in this file. -NOTE: Tags could be defined for individual tasks – yet they have no relevance and can also not be +:::note +Tags could be defined for individual tasks – yet they have no relevance and can also not be used as filter criteria in the system tasks. +::: Status -A corresponding note will be displayed to indicate if a task is currently being executed. +A corresponding note will be displayed to indicate if a task is being executed. ![installation_with_parameters_88](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_88.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md index 421a9d28a8..f525d758ab 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -6,9 +6,9 @@ sidebar_position: 60 # Tag manager -## What is the tag manager? +## Tag manager overview -All existing tags can be viewed, edited and deleted directly in the tag manager. This can be +All existing tags can be viewed, edited, and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the group [Extras](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/extras.md). diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md index 51f8c4cfc6..ff6910e0d7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/general_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # General settings -## What are general settings? +## General settings overview The **general settings** relate to users. Thus, each user can customize the software to their own needs. The following options can be configured: @@ -24,8 +24,8 @@ restarted. Starting the application minimised in the notification area -You can start the client minimized if you wish to run Netwrix Password Secure in the background. You -will be able to access it through the notification area. +You can start the client minimized to run Netwrix Password Secure in the background. You +can then access it through the notification area. Minimise the application on closing diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md index 37b0c314de..a49dc0d05f 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/import.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Import -## What is an import? +## Import overview If another password management tool was used before Netwrix Password Secure, these data can be imported into Netwrix Password Secure. The formats .csv and especially Keepass (.xml) are supported. @@ -40,23 +40,25 @@ Settings 1. The settings are used to firstly define the level in the hierarchy for saving the imported structure. As can be seen in the example, the import will take place in the main organisational unit. One of the existing organisational units can also be defined as a parent instance via the - drop-down menu. + dropdown menu. 2. The slider defines whether the imported structures should be imported as an organisational unit or as a tag. If the slider is fully moved to the left, only tags are created. If it s moved to the right, all objects are imported as an organisational structure. In addition, every object can be configured separately via the context menu that is accessed using the right mouse button. It is also possible to ignore folders. -NOTE: No folders exist in Netwrix Password Secure. For this reason, it is necessary to define +:::note +No folders exist in Netwrix Password Secure. For this reason, you must define whether a folder is saved as an organisational structure or as a tag during the import. The same process is also used for the migration. +::: Assignment of the form fields ![installation_with_parameters_61](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_61.webp) The third step is to assign the forms from the file to be imported to already existing forms. As -form fields may also have different names, the assignment process must be carried out manually via +form fields may also have different names, the assignment process must be performed manually via drag & drop. Depending on which form was selected on the top line, form fields from the list on the right can now be assigned to the form fields to be imported via drag & drop. It is also possible to create new forms. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md index 769c9c539f..3b0080e0ee 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Main menu -## What is the Main menu/Backstage? +## Main menu and Backstage overview -All settings that are not linked to a particular module are defined in the Backstage (main menu). +All settings that aren't linked to a particular module are defined in the Backstage (main menu). This makes it easy to access the settings at any time and in any module. ![Main menu](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md index cf524ad8cc..1df01c0965 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -107,8 +107,10 @@ column. The rights are grouped according to categories to provide a better overv | Can manage Emergency WebViewer export system tasks | | | Can manage WebViewer export system tasks | | -NOTE: There is a version selection box in the user rights. The options that were newly added in the +:::note +There is a version selection box in the user rights. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md index d59b1a129b..965ae7a34a 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -6,11 +6,11 @@ sidebar_position: 50 # User rights -## What are user rights? +## User rights overview In the user rights, access to functionalities is configured. Amongst tother things, this category includes both the visibility of individual [Client Module](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md), as -well as the use of the import, export or management of rights templates functions. A complete +well as the use of the import, export, or management of rights templates functions. A complete listing is directly visible in the user rights. ## Administration of user rights @@ -20,7 +20,7 @@ thus require a disproportionate amount of care and maintenance. In the same way [Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some -functionalities, on the other hand, should be available to all users. In order to do this, Netwrix +functionalities, on the other hand, should be available to all users. To do this, Netwrix Password Secure offers a three-step concept. ![installation_with_parameters_111](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_111.webp) @@ -38,14 +38,18 @@ one of the following three ways: it in the client settings. How a user receives a user right is irrelevant. The only important thing is that the user actually -receives a required right in one of the three ways mentioned above. It is recommended that you link +receives a required right in one of the three ways mentioned above. you link user rights to roles and, if necessary, supplement them with global user rights. -**CAUTION:** In addition to personal and global user rights (as opposed to settings), user rights -are assigned via roles and not via organisational units! +:::warning +In addition to personal and global user rights (as opposed to settings), user rights +are assigned via roles and not via organisational units. +::: -NOTE: Only those user rights that the current user possesses themselves can be issued. However, all +:::note +Only those user rights that the current user possesses themselves can be issued. However, all rights can be removed. +::: ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -69,7 +73,7 @@ the desired configuration. This process is based as usual on the List Special attention should be given to the right Is database administrator. This right has the following effects: -- The user can also issue rights that he does not possess himself. +- The user can also issue rights that he doesn't possess himself. - The user can only have their rights removed by other database administrators. - The user can unlock other users on the Server Manager. - The user can also remove other users from the rights if they have the owner right. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md index 374f18d86f..cf5f950840 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -160,8 +160,10 @@ The settings are grouped according to categories to provide a better overview | Clear clipboard on minimising | | | Clipboard gallery | | -NOTE: There is a version selection box in the settings. The options that were newly added in the +:::note +There is a version selection box in the settings. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md index d03c2ec1a9..1732b4ae8b 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # User settings -## What are user settings? +## User settings overview There are many functions within Netwrix Password Secure that can be adapted to the needs of users. It is also possible to define various parameters for optical representations. This can be inherited @@ -33,8 +33,10 @@ one of the following three ways: 3. Global settings apply to all users of a database without exception. You can configure them in the client settings. -**CAUTION:** In addition to personal and global settings (as opposed to authorizations), settings -are not assigned via roles, but via organisational units! +:::warning +In addition to personal and global settings (as opposed to authorizations), settings +aren't assigned via roles, but via organisational units. +::: ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -53,7 +55,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th ![inherit permissions](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_117-en.webp) -The “Settings” button in the ribbon allows you to see the settings for both organisational units and +The “Settings” button in the ribbon lets you see the settings for both organisational units and users. The many setting options can be restricted by the known [Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) mechanisms. @@ -64,13 +66,14 @@ The diagram shows the settings for the user “Jones”. The search has been fil by the organisational unit “IT”. The top two options have no value in the column. This is because this parameter has been defined at user level. -NOTE: The inheritance for individual settings can be deactivated in the ribbon! +:::note +The inheritance for individual settings can be deactivated in the ribbon. +::: ## Security levels Option groups were created in the global settings to ensure that users can control only those -settings for which they hold permissions. Categorising security levels from 1 to 5 allows you to -combine similar options and thus make them available to the users. +settings for which they hold permissions. Categorising security levels from 1 to 5 lets you combine similar options and thus make them available to the users. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index 81c8cfbada..3639256022 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Dashboard and widgets -## What are dashboards and widgets? +## Dashboards and widgets overview In case of large installations, the amount of information provided by Netwrix Password Secure may seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily @@ -21,11 +21,15 @@ configured separately. In the above example, three widgets are enabled and provi current notifications, password quality, and user activity. The **maximum number of possible widgets** is managed in the[User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md). -NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > +:::note +You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. +::: -NOTE: The display of the dashboard is basically uncritical since the user can only see the data on +:::note +The display of the dashboard is basically uncritical since the user can only see the data on which he is also entitled. +::: #### Relevant settings @@ -45,7 +49,7 @@ and editing widgets is only possible in this mode. ![Adding and removing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_51-en.webp) -Use the drop-down menu to select the widget to be added \* (1) . **Then add the widget to the +Use the dropdown menu to select the widget to be added \* (1) . **Then add the widget to the dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can be added can be configured in the user settings. In editing mode, any widget can be directly removed from the dashboard via the button on the upper right edge. The processing mode is ended by saving @@ -61,7 +65,7 @@ switch to the \* widget content tab \* in the ribbon. ![Customizing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_53-en.webp) Separate variables can be customized for each widget. This example shows how often users have had -passwords displayed. Naturally, the variables are distinct for each widget since other information +passwords displayed. the variables are distinct for each widget since other information could be relevant. Widget event @@ -76,7 +80,7 @@ filtered “live” and displayed in real-time. ## Arranging widgets -In the edit mode, the layout of the widgets is user-defined. Drag & drop allows you to place a +In the edit mode, the layout of the widgets is user-defined. Drag & drop lets you place a widget in the corresponding position on the dashboard (left, right, top, or bottom). ![Arranging widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_55-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index 4775c589b8..a1ae942223 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -39,18 +39,18 @@ for this example. ## Filter tab in the ribbon The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md). Here, it is -possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear -all currently applied filters. +possible e.g. to expand the configured filter criteria, save the filter, or clear +all applied filters. ![installation_with_parameters_20](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_20.webp) #### Saving, editing, and deleting filters -In many cases, it is recommended to store defined filters. In this way, it is possible to make +In many cases, it is recommended to store defined filters. In this way, you can make efficient use of filter results from previous searches. The button **“Save filter”** directly prompts you to assign a meaningful name to this filter. The filter is saved according to the -criteria currently configured in the filter. This filter is now listed in the selection menu and can -now be selected. Note that a selected filter selection is immediately applied to the filter but is +criteria configured in the filter. This filter is now listed in the selection menu and can +now be selected. A selected filter selection is immediately applied to the filter but is not automatically executed. The filter must be used for this purpose. Both the button in the ribbon, so also the counterpart in the filter, lead to the same result here. @@ -58,7 +58,7 @@ so also the counterpart in the filter, lead to the same result here. Deleting and overwriting existing filters is identical in the procedure. The filter, which has been marked in the selection field, is always deleted. If an existing filter is to be overwritten, the -name of the filter is retained and is overwritten with the filter criteria currently configured in +name of the filter is retained and is overwritten with the filter criteria configured in the filter. ————————— @@ -105,7 +105,7 @@ is still unmanageable despite the fact that filters has been appropriately defin Negations are defined directly in the checkbox of an element within a filter group. Without negations, you can only search e.g. for a tag. Negations make the following queries possible: -”Deliver all records that have the tag “Development” but are not tagged with “Important”! +“Deliver all records that have the tag “Development” but aren't tagged with “Important”. -**CAUTION:** In order to effectively use negations, it is important that “and links” are always -enabled. Otherwise operations with negations cannot be modelled mathematically. +**CAUTION:** to effectively use negations, it is important that “and links” are always +enabled. Otherwise operations with negations can't be modelled mathematically. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md index f8a301c2dc..15d6e95f58 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -6,16 +6,18 @@ sidebar_position: 10 # Display mode -## What display modes exist? +## Available display modes -In addition to the already described [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure -view. This alternative view enables you to filter solely on the basis of the organisational -structure. Although this type of filtering is also possible in standard filter view, you are able to +In addition to the already described [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md), you can switch to structure +view. This alternative view lets you filter solely on the basis of the organisational +structure. Although this type of filtering is also possible in standard filter view, you can directly see the complete organisational structure in structure view. -NOTE: As there are no longer any folders in Netwrix Password Secure version 9, the structure view -can not mirror all of the functionalities of the folder view in version 7. However, the structure +:::note +As there are no longer any folders in Netwrix Password Secure version 9, the structure view +can't mirror all of the functionalities of the folder view in version 7. However, the structure view has been modelled on the folder view to make the changeover from the previous version easier. +::: ![installation_with_parameters_15](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_15.webp) @@ -29,9 +31,9 @@ associated with the display mode: ![installation_with_parameters_16](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) -- **Display mode:** It is possible to define whether the standard filter, structure filter or both +- **Display mode:** You can define whether the standard filter, structure filter or both are displayed. If the last option is selected, you can switch between both views. -- **Jump to filter on quick search:** If you are using structure view, it is possible to define +- **Jump to filter on quick search:** If you are using structure view, you can define whether the system should automatically jump to the standard filter if you click the quick search (top right in the client) - **Display mode status when starting the program:** This setting defines which display mode is diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md index c66d4e1ae4..7f4044c0f7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Filter -## What is a filter? +## Filter overview The freely configurable filters of the PSR client provide all methods for easy retrieval of stored -data. The filter criteria are always adapted according to the module in which you are currently -located. When you select one or several search criteria, and click on “Apply filter”, the results +data. The filter criteria are always adapted according to the module in which you are +located. When you select one or several search criteria, and click “Apply filter”, the results will be displayed in the list view. If necessary, this process can be repeated as desired and further restrictions can be added. @@ -24,7 +24,7 @@ The following option is required for editing filters: ![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_10-en.webp) -## Who is allowed to use the filter? +## Filter permissions The filter is an indispensable working tool because of the possibility to restrict existing results according to individual requirements. Consequently, all users can use the filter. It is, of course, @@ -36,7 +36,7 @@ if he has the read permission for that form. **CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the frequency of use. This process is -not critical to security, since tags do not grant any permissions. They are merely a supportive +not critical to security, since tags don't grant any permissions. They are merely a supportive measure for filtering. ## Application example @@ -50,7 +50,7 @@ authorization. ![editing criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_11-en.webp) -As you can see, 133 records are not really manageable. In most situations you will need to reduce +As you can see, 133 records aren't really manageable. In most situations you will need to reduce the number of records by adding filters. **Adding filter criteria** @@ -59,8 +59,8 @@ The filter **organization** can be applied directly to the authorizations to res records according to the authorizations granted. In this case, the logged-on user holds rights for various areas. However, it would like to see only those records which are assigned to the **Own passwords** area within the organisational structure. In addition, there should be further -restrictions, which could be formulated as in the following sentence: “Deliver all records from my -own passwords that were created with the form **password** and which contain the expression **2016** +restrictions, which could be formulated as in the following sentence: “Deliver all records from the +Own passwords area that were created with the form **password** and which contain the expression **2016** and the tag **Administrator**. ![Adding filter criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_12-en.webp) @@ -68,7 +68,7 @@ and the tag **Administrator**. As can be seen, the filter delivers the desired results. The extent to which the filter criteria match the three remaining data sets is assigned in colour. -**CAUTION:** When filtering with several criteria, such as forms, content and tags, all filter +**CAUTION:** When filtering with several criteria, such as forms, content, and tags, all filter criteria must be complied with. It is therefore a logical “AND operation”. Other possible methods for linking criteria are described in detail in the Advanced Filter Settings. @@ -94,5 +94,5 @@ the database. **CAUTION:** The effectiveness of the filter is closely linked to data integrity. Only when data is kept clean, efficient operation with the filter is ensured. It is important that employees are trained in the correct handling of the filter tool as well as when creating the records. Workshops -show the best success rate in this context. If you require further information, contact us under -mail to: sales@passwordsafe.de. +show the best success rate in this context. For further information, contact Netwrix at +sales@passwordsafe.de. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md index 70040b8c79..1b7983d5ae 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md @@ -6,16 +6,16 @@ sidebar_position: 30 # List view -## What is the list view? +## List view overview The list view is located centrally in the Netwrix Password Secure client, and is a key element of -daily work. There are also list views in Windows operating systems. If you click on a folder in +daily work. There are also list views in Windows operating systems. If you click a folder in Windows Explorer, the contents of the folder are displayed in a list view. The same is true in Netwrix Password Secure version 9. -However, instead of folders, the content of the list view is defined by the currently applied +However, instead of folders, the content of the list view is defined by the applied filter. \* This always means that the list view is the result of a filtered filter \*. For the -currently marked record in list view, all existing form fields are output to the reading pane. With + marked record in list view, all existing form fields are output to the reading pane. With the two tabs “All” and “Favourites, the filter results can be further restricted. ![List view](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) @@ -23,10 +23,12 @@ the two tabs “All” and “Favourites, the filter results can be further rest At the bottom of the list view, the number of loaded records and the time required for this are shown. -NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is +:::note +For more than 100 list elements, only the first 100 records are displayed by default. This is to prevent excessive database queries where the results are unmanageable. In this case, it makes sense to further refine the filter criteria. By pressing the “All” button in the header of the list view, you can still manually switch to the complete list. +::: ## Searching in list view @@ -47,12 +49,12 @@ the detailed list view, similar to the procedure in Microsoft Outlook. All form ## Favourites -Regularly used records can be marked as favourites. This process is carried out directly in the +Regularly used records can be marked as favourites. This process is performed directly in the [Ribbon](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. ![Favourite](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) -You can filter for favourites directly in the list view. For this purpose, simply switch to the +You can filter for favourites directly in the list view. For this purpose, switch to the “Favourites” tab ![installation_with_parameters_30](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) @@ -65,15 +67,17 @@ more precise details. ![installation_with_parameters_31](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) -NOTE: The information visible underneath the password name is taken from the info field for the +:::note +The information visible underneath the password name is taken from the info field for the associated form and will be explained separately +::: ## Workingwith records All records that correspond to the filter criteria are now displayed in list view. These can now be opened, edited, or deleted via the ribbon. Many functions are also available directly from the context menu. You can do this by right-clicking the record. Multiple selection is also possible. To -do this, simply highlight the desired objects by holding down the Ctrl key. +do this, highlight the desired objects by holding down the Ctrl key. ![installation_with_parameters_32](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) @@ -85,7 +89,8 @@ separate tab, the list view is completely hidden ![editing dataset](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) -NOTE: Working with data records depends of course on the type of the data record. Whether passwords, -documents or organisational structures: The handling is partly very different. For more information, -please refer to the respective sections on the individual +:::note +Working with data records depends of course on the type of the data record. Whether passwords, +documents, or organisational structures: The handling is partly very different. Refer to the respective sections on the individual [Client Module](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/client_module.md) +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md index e62783a4ef..2f9ef60c08 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -34,7 +34,7 @@ operating concept ensures efficient work and a minimum of training time. ## TABs Tabs offer yet another option within the to present related information in a separate area. This tab -navigation enables you to display, quickly access and switch between relevant information. The +navigation lets you display, quickly access and switch between relevant information. The results for a filter with specific criteria can thus be retained without the original result being overwritten @@ -78,7 +78,7 @@ information. ## Orientation -It is possible to change the alignment of the following objects: +You can change the alignment of the following objects: - [Active Directory link](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - [Applications](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/applications/applications.md) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md index ea4814196c..70f8657fb7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/print.md @@ -6,11 +6,11 @@ sidebar_position: 70 # Print -#### What can the print function do? +#### Print function capabilities It is often necessary to print out data stored in Netwrix Password Secure for documentation purposes. The Print function is available in numerous areas of Netwrix Password Secure for this -purpose. It is possible to print out records such as e.g. passwords or also information about +purpose. You can print out records such as e.g. passwords or also information about organisational units and much more. #### Relevantrights @@ -37,20 +37,22 @@ The print function is available in the following modules: #### Using the print function -The print function can be called up via the ribbon. +The print function can be opened via the ribbon. ![installation_with_parameters_44](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_44.webp) -Firstly, it is necessary to select whether you want to print a table or a detailed view. The amount +Firstly, you must select whether you want to print a table or a detailed view. The amount of data can also be defined. The individual menu items are described in detail further down in this section. After making your selection, the data is firstly prepared for printing. Depending on the amount of data, this may take a few minutes. The print preview is then opened. ![print password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_45-en.webp) -NOTE: The print preview accesses the functions of the printer driver. Depending on the printer or +:::note +The print preview accesses the functions of the printer driver. Depending on the printer or driver being used, the appearance and functions offered by the print preview may vary. The individual functions will thus not be described in detail here. +::: The printing process is ultimately started via the **print preview**. It is also possible to save the view or adjust the layout before printing. @@ -74,7 +76,7 @@ The data is printed here in table form. #### Tableview (current filter) -All currently **filtered** records will be printed out here. In this example, all seven records are +All **filtered** records will be printed out here. In this example, all seven records are thus printed out. ![filtered password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_48-en.webp) @@ -83,14 +85,16 @@ They are printed out – as described above – in table form. #### Detailed view (current selection) -This option also prints out the currently selected records. However, a detailed view is printed out +This option also prints out the selected records. However, a detailed view is printed out in this case. ![print filtered passwords](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_49-en.webp) #### Detailed view (current filter) -This function can be used to print out all filtered records in detailed view as described above. +This function lets you print out all filtered records in detailed view as described above. -NOTE: It should be noted that the amount of data generated via this function can quickly become very +:::note +The amount of data generated via this function can quickly become very large. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md index 27c4e3d631..5bdb3b1706 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Reading pane -## What is the reading pane? +## Reading pane overview The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you @@ -32,18 +32,18 @@ well as the [Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) are displayed. -**CAUTION:** It should be noted that the details area cannot be used for editing records! Although +**CAUTION:** The details area can't be used for editing records! Although it displays all of the data, editing is only possible if the record has been opened. 2. Footer area -In the footer area of the reading pane, it is possible to display various information for the -currently selected record. The button can be activated via the button provided. It is hidden by +In the footer area of the reading pane, you can display various information for the + selected record. The button can be activated via the button provided. It is hidden by default. ![Footer area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_36-en.webp) -The logbook, linked documents, history, notifications and password resets can be accessed separately +The logbook, linked documents, history, notifications, and password resets can be accessed separately here via the tabs. The individual elements can be viewed with a double-click, as well as by using the quick view (space bar). Double clicking always opens a separate tab, the quick view merely opens a modal window diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md index 1575524ec3..ccac88cafd 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/ribbon.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Ribbon -## What is the ribbon? +## Ribbon overview The ribbon is the central control element of Netwrix Password Secure version 9. It is available in all modules. Netwrix Password Secure is almost always operated via the ribbon in the header area of @@ -14,14 +14,14 @@ the PSR client. ![Ribbon](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_5-en.webp) -The features available within the ribbon are dynamic, and are based on the currently available +The features available within the ribbon are dynamic, and are based on the available actions. Various actions can be performed, depending on which object is selected. The module selected also affects the features that are available in the ribbon. Of course, the most important actions can also be controlled via the context menu (right mouse button). ![Ribbon - Item](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon-1-en.webp) -This mainly affects the very often used features such as opening, deleting or assigning tags. +This mainly affects the very often used features such as opening, deleting, or assigning tags. However, a complete listing of the possible actions is always only possible directly in the ribbon. This ensures that the context menu can be kept lean. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md index c408931d9d..6dd9320fb6 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md @@ -6,27 +6,29 @@ sidebar_position: 60 # Search -## What is search? +## Search overview -With the help of the search, it is possible to find data stored in the database efficiently +With the help of the search, you can find data stored in the database efficiently according to selected criteria. Basically, there are 2 search modes: 1. Quick search In the upper right section of the ribbon, there is a search field, which scans the module that is -currently open. This is a full-text search that scans all fields and tags except the password field. + open. This is a full-text search that scans all fields and tags except the password field. ![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) The fast search is closely linked to the [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also separate search terms using -spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, +spaces, for example, **Cook Daniel**. This search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. The sequence is irrelevant. If the ordering needs to be taken into account, the search term must be -enclosed in quotation marks: **“Cook Daniel”**. The search is not case sensitive. No distinction is +enclosed in quotation marks: **“Cook Daniel”**. The search isn't case sensitive. No distinction is made between upper and lower case. -NOTE: You can access quick search directly via \* Ctrl + Q\*! +:::note +You can access quick search directly via \* Ctrl + Q\*. +::: Negations in the quick search @@ -40,7 +42,7 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis With the list search in the header of the [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every list. Scans only -the currently filtered results. Password fields are not searched. The search is live, so the result +the filtered results. Password fields aren't searched. The search is live, so the result is further refined with every additional character that is entered. Automatic “highlighting” takes place in yellow colour. @@ -49,4 +51,6 @@ place in yellow colour. A direct database query is performed when the filter is executed. The list search only searches within the query already made. -NOTE: The list search is hidden by default and can be activated with “Ctrl + F” +:::note +The list search is hidden by default and can be activated with “Ctrl + F” +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md index e5f9aa2813..b13a3c14ae 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md @@ -6,15 +6,17 @@ sidebar_position: 50 # Tags -## What are tags? +## Tags overview -The tag system is ubiquitous in Netwrix Password Secure. It can be used to classify and describe +The tag system is ubiquitous in Netwrix Password Secure. It lets you classify and describe almost every object. An object can have several such tags. These are always displayed in the header area of the data record. Optionally, tags can be provided with colours or a description. They determine the aesthetics of Netwrix Password Secure, and are optically a great help, in order not to loose the overview even in case of large amounts of data. -NOTE: Tags have no permissions. Any user can use any tag! +:::note +Tags have no permissions. Any user can use any tag. +::: ## Relevant rights diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md index 094f7faf90..b6d32ff557 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -15,7 +15,7 @@ Netwrix Password Secure generally differentiates between multiple methods for se 3. Using predefined rights - In the manual setting of permissions, the desired permissions are directly configured for each - record. Automatic processes and inheritance are **not** used in this case. + record. Automatic processes and inheritance aren't used in this case. - Both the use of predefined rights and also the inheritance from organisational structures are based on the **automated reuse** of already granted permissions according to previously defined rules. @@ -25,6 +25,8 @@ permissions?** ![manual vs automated settings](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated-setting-of-permissions-1-en.webp) -NOTE: Inheritance from organisational structures is defined by default in the system. This can be +:::note +Inheritance from organisational structures is defined by default in the system. This can be configured in the settings. The relevant setting is “Inherit permissions for new objects (without permission template)”. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 95441490b0..874cc682ef 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -35,7 +35,7 @@ created records. The following values can be configured: -Off: Permissions from OUs are not inherited organisational unit: When creating new objects, +Off: Permissions from OUs aren't inherited organisational unit: When creating new objects, permissions are set in accordance with the defined rights for the target organisational unit. This setting is active by default. organisational unit and user: As well as inheriting permissions for organization units, the configured permissions for the user are now also inherited when creating @@ -56,8 +56,8 @@ Increase or reduce permissions: The permissions for the passwords are retained a increased or reduced by the change. Overwrite permissions: The permissions for the passwords are completely overwritten. This means that all permissions for a password are firstly removed and then the new permissions for the organisational unit are inherited. Cancel inheritance: The permissions -are not inherited but are only changed in the organisational unit. \*The permissions are only -inherited by existing passwords within the organisational unit. Therefore, the permissions are not +aren't inherited but are only changed in the organisational unit. \*The permissions are only +inherited by existing passwords within the organisational unit. Therefore, the permissions aren't inherited downwards throughout the entire structure. Example case This example shows the creation of a new record in the organisational structure @@ -79,7 +79,7 @@ record just created are now shown. ## Conclusion -The permissions for the “storage location” are simply used when creating new objects. Two conditions +The permissions for the “storage location” are used when creating new objects. Two conditions apply here: The value “organisational unit” must be selected in the settings for the inheritance of permissions diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index 60a54252ea..5657933b85 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Manual setting of permissions -## What is the manual setting of permissions for records? +## Manual permission settings for records In contrast to the [Automated setting of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the -manual approach does not utilize any automatic processes. This method of setting permissions is thus -carried out separately for every record – this process is not as recommended for newly created data. +manual approach doesn't use any automatic processes. This method of setting permissions is thus +performed separately for every record – this process isn't as recommended for newly created data. If you want to work effectively in the long term, the automatic setting of permissions should be used. However, the manual setting of permissions is generally used when editing already existing records. @@ -29,9 +29,11 @@ the permissions in the list view: ![different ways to access the permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-1-en.webp) -NOTE: The icon on the right of the reading pane shows the information whether the record is personal +:::note +The icon on the right of the reading pane shows the information whether the record is personal or public. In case of personal data records, the user that is logged on is the only one who has -permissions! +permissions. +::: The author is created with all permissions for the record. As described in the [Permission concept and protective mechanisms](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now @@ -53,7 +55,7 @@ Ctrl/Shift + left mouse button. By default, all added users or roles receive only the “Read” permission on the record. The “Read” permission at the beginning is sufficient to view the fields of the data record and to use the -password. "Write" permission allows you to edit a data record. **The permission “Authorize” is +password. "Write" permission lets you edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for the[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). @@ -61,7 +63,7 @@ the[Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconcept ## Transferring permissions -A simple right-click on a user can be used to copy and transfer permission configurations of users +A simple right-click a user lets you copy and transfer permission configurations of users or roles to others in the context menu. In this context, the use of permission templates is also very practical. In the “Template” area of ​​the ribbon, you can save configured permissions, including all users, and reuse them for other records. @@ -69,7 +71,7 @@ including all users, and reuse them for other records. ![preset menu](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-5-en.webp) The transfer of permissions and their reuse can be an important building block to create and -maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize +maintain entitlement integrity. This method can't rule out misconfigurations, but it will minimize the risk significantly. Of course, the correct configuration of these templates is a prerequisite. ## The add permission @@ -90,5 +92,7 @@ itself, as well as by users with the permission “Is database administrator”. The owner permission prevents other users who have the “Authorize” permission from removing someone with the owner permission from the record. -**CAUTION:** The owner permission does not protect a record from being deleted. Any user who has -deletion permission can delete the record! +:::warning +The owner permission doesn't protect a record from being deleted. Any user who has +deletion permission can delete the record. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index 0a39ed6221..eade7025d4 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -6,10 +6,10 @@ sidebar_position: 20 # Multiple editing of permissions -## How to edit multiple permissions? +## Edit multiple permissions As part of the manual modification of permissions, it is also possible to edit multiple records at -the same time. Various mechanisms can be used to select the records to be edited. You are able to +the same time. Various mechanisms let you select the records to be edited. You can select the records in [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) or you can use the filter as part of the multiple editing function. Both scenarios are described below. @@ -26,7 +26,7 @@ existing permissions will **not be overwritten**. ## Selecting the records -In list view, Shift or Ctrl + mouse click can be used to select multiple records. Permissions can +In list view, Shift, or Ctrl + mouse click lets you select multiple records. Permissions can also be granted for these records via the selection. The marked records are displayed in a different color. 6 records are marked in the following image. @@ -40,8 +40,10 @@ changes. ![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-2-en.webp) -NOTE: As the already granted permissions for the selected records may differ, it is not possible to +:::note +As the already granted permissions for the selected records may differ, it isn't possible to display the permissions here. +::: ## Adding permissions @@ -53,12 +55,14 @@ receives all permissions. ## Reducing permissions / removing users and roles from the permissions -If you want to remove permissions, it is also necessary to add the user or the desired role to be +To remove permissions, add the user or the desired role to be edited. Clicking on **Reduce permissions** now means that permissions will be removed. This is indicated by the :material-minus-circle-outline: symbol. The selected permissions will be removed. -NOTE: If the **read** permission is to be removed for a user or role, the user will be completely +:::note +If the **read** permission is to be removed for a user or role, the user will be completely removed from the permissions. +::: ## Examples @@ -69,33 +73,35 @@ contrast, Mr. Brewery receives all permissions: The read permission will be removed for Mr. Steiner. As removing the read permissions means that no other permissions exist for the record, Mr. Steiner is completely removed from the permissions. The -authorize, move, export and print permissions are being removed from Mr. Brewery. Assuming that he -previously had all permissions, he will then have read, write and delete permissions remaining: +authorize, move, export, and print permissions are being removed from Mr. Brewery. Assuming that he +previously had all permissions, he will then have read, write, and delete permissions remaining: ![edit rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-4-en.webp) ## Batch processing using a filter -In some cases it is necessary to edit the permissions for a very large number of records. On the one +In some cases you must edit the permissions for a very large number of records. On the one hand, a maximum limit of 1000 records exists and on the other hand, handling a very large number of -records via list view is not always the best solution. The **Batch processing using a filter** mode +records via list view isn't always the best solution. The **Batch processing using a filter** mode has been developed for this purpose. This is directly initiated via the ribbon. ![Batch processing using a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-5-en.webp) -In the subsequent dialogue, you define whether you want to expand, reduce or completely overwrite +In the subsequent dialogue, you define whether you want to expand, reduce, or completely overwrite existing permissions. If you select **expand or reduce** at this stage, the same logic as for **editing via list view** is used. No permissions will thus be overwritten. In the option **overwrite permissions**, the existing permissions are removed and then replaced by the newly defined permissions. -**CAUTION:** It is important to proceed with great caution when overwriting permissions because this +:::warning +proceed with great caution when overwriting permissions because this function can quickly lead to a large number of records becoming unusable. +::: ![permissions adapted on a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-6-en.webp) -The filter itself defines the selection criteria for the records to be edited. The currently +The filter itself defines the selection criteria for the records to be edited. The configured filter will be used as default. The records that will be affected by the changes are also not displayed in this view. Only the number of records is displayed. In the following example, 9 passwords are being edited to add the read permission the role "Sales". @@ -104,20 +110,24 @@ passwords are being edited to add the read permission the role "Sales". ## Seals and password masking -Sealed or masked records cannot be edited using batch processing. If these types of passwords are +Sealed or masked records can't be edited using batch processing. If these types of passwords are selected, a dialogue will be displayed when carrying out batch processing to inquire how these records should be handled. ![security warning because of sealed or masked passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-8-en.webp) -It is possible to select whether the affected records are skipped or whether the seal or password +You can select whether the affected records are skipped or whether the seal or password masking should be removed. If the **remove** option is selected, the process needs to be confirmed again by entering a PIN. ![security warning](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-9-en.webp) -**CAUTION:** The removal of seals and password masking cannot be reversed! +:::warning +The removal of seals and password masking can't be reversed. +::: -NOTE: Depending on the number of records, editing records may take a long time. This process is -carried out in the background for this reason. A hint will indicate that the permissions process has +:::note +Depending on the number of records, editing records may take a long time. This process is +performed in the background for this reason. A hint will indicate that the permissions process has been completed. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md index 8f8ccc8392..03dd1df6a1 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -12,8 +12,10 @@ Once they have been configured, permissions can be constantly reused. The functi permissions as a template** in the ribbon is used for this purpose. The templates are globally available and can also be used for other records. -NOTE: When saving templates, always select a name that will also allow it to be safely +:::note +When saving templates, always select a name that will also allow it to be safely differentiated from other templates if you have a large number of right templates. +::: Nevertheless, the use of right templates merely reduces the amount of work and still envisages the manual setting of permissions. Automatic process for the issuing of permissions also exist in diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index 2297a44571..ace0e598c6 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Permission concept and protective mechanisms -## What is the permission concept? +## Permission concept overview -With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands +Netwrix Password Secure version 9 provides the right solution to all conceivable demands placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/roles.md) are a -great way to efficiently manage multiple users without losing the overview. We've created multiple -methods to manually or automatically manage your permissions. More information can be seen in the +great way to efficiently manage multiple users without losing the overview. Multiple +methods exist to manually or automatically manage your permissions. More information can be seen in the chapter [Multiple editing of permissions](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) @@ -22,11 +22,15 @@ The interrelationships between all of these elements are illustrated in the foll ![Authorisation concept](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_1-en.webp) -NOTE: Applying some form of permissions is **obligatory**. Applying a protective mechanism is +:::note +Applying some form of permissions is **obligatory**. Applying a protective mechanism is **optional**. +::: -NOTE: The configuration of visibility is a technical part of the permissions process. However, this +:::note +The configuration of visibility is a technical part of the permissions process. However, this mechanism has a “protective character” and is thus listed under protective mechanisms. +::: ## Basic mechanics of the permission concept @@ -51,7 +55,7 @@ is, of course, a good idea to manage these roles in accordance with your company role “Administrators” can therefore be provided with more extensive authorizations than, for example, the role “Sales Assistance”. This role-based inheritance allows the organization to maintain the overview in a larger corporate structure as well as a simple procedure when adding new -employees. Instead of having to entitle him individually, this is simply added to his role. +employees. Instead of having to entitle him individually, the user is added to the appropriate role. ![Permission only for users or roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_2-en.webp) @@ -60,11 +64,12 @@ only to grant rights individually to employees in exceptional cases. The unplann personnel must also be taken into account in such concepts. Working with roles defuses such risks significantly. -NOTE: +:::note +::: ``` -Permissions are always granted to only one user or role! +Permissions are always granted to only one user or role. ``` @@ -76,7 +81,8 @@ been authorized for the role. ![Membership in roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_3-en.webp) -NOTE: +:::note +::: ``` @@ -95,21 +101,22 @@ illustrates this with an example of two users. - **User 1** is a member of the role, and is therefore authorized for all records that are assigned to the role. However, it has only “read rights” for the role itself. This means, it can see the - role, but cannot “Edit, move, or delete” it. + role, but can't “Edit, move, or delete” it. - **User 2** has all rights for the role. It can add additional users to the role by means of - “authorize”. The crucial point, however, is that it is not a member of the role. It cannot, + “authorize”. The crucial point, however, is that it isn't a member of the role. It can't, therefore, see any records for which the role is authorized. In practice, the first user would be a classic user that is assigned, for example, to the Sales role by the administrators, and can view the records accordingly. The second user could be one of those administrators. This user has extensive rights for the role. It can edit it, and add users to it. -However, it cannot see any data that is assigned to sales. It lacks membership in the role. +However, it can't see any data that is assigned to sales. It lacks membership in the role. -NOTE: +:::note +::: ``` -As a member of a role, it must have at least the “read” right for the role! +As a member of a role, it must have at least the “read” right for the role. ``` @@ -124,15 +131,15 @@ configuration of a role will be illustrated using two users. The configuration i - The user “Holste” is a member of the role and can, therefore, access those records for which the role has permissions. He has the obligatory read right for the role, which is the basic - requirement in order to be a member of the role. Which exact rights it has to the data record is + requirement to be a member of the role. Which exact rights it has to the data record is not defined within the role! This is set out in the following section. -- The user “Administrator” has all rights to the role, but is not a member! Thus, it cannot see any +- The user “Administrator” has all rights to the role, but isn't a member! Thus, it can't see any records that are authorized for the role. However, it has all rights to the role and can therefore print, assign other users to the role, and delete them. ![explanation of the authorization through a role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_6-en.webp) This example clearly shows the advantages of the concept. The complete separation of administrative -users from regular users brings significant advantages. Of course, one does not necessarily exclude -the other. An administrator can, of course, have full access to the role and also be a member in it! +users from regular users brings significant advantages. Of course, one doesn't necessarily exclude +the other. An administrator can, of course, have full access to the role and also be a member in it. The boundaries between the two often overlap, and can be freely defined in Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index 699c7782ce..f3f0cce393 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -6,16 +6,16 @@ sidebar_position: 30 # Predefining rights -## What are predefined rights? +## Predefined rights overview [Permissions for organisational structures](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) -can be carried out separately for every record. Although this method enables you to very closely -control every intended permission structure, it is not really efficient. On the one hand, there is +can be performed separately for every record. Although this method lets you very closely +control every intended permission structure, it isn't really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who -should also receive permissions to access data are forgotten. In addition, many users should not +should also receive permissions to access data are forgotten. In addition, many users shouldn't even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration -of predefined rights, please also refer to the sections +of predefined rights, also refer to the sections [Working with predefined rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their [Scope of validity for predefined rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). @@ -38,7 +38,7 @@ following example specifically focuses on an IT department. The following 3 hier In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the O[Organisational structure](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -module, we now select those OUs (departments) for which rights should be predefined and select +module, select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. ![button of predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-1-en.webp) @@ -67,14 +67,14 @@ and **Firewall** have also been defined below. ![Standard template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-4-en.webp) -A **default template group** can be defined directly next to the drop-down menu for selecting the +A **default template group** can be defined directly next to the dropdown menu for selecting the template group (green arrow). This is always pre-configured when you select “IT” as the OU to save records. ## Issuing tags for predefining rights In the same way that permissions are defined within right templates, it is also possible to -automatically set **tags**. Their configuration is carried out in the same way as issuing +automatically set **tags**. Their configuration is performed in the same way as issuing [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) for records. ![tags for predefining rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md index b9616e4527..f0b89eb072 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -25,7 +25,7 @@ Nevertheless, the four user rights related to “predefining rights” are expla selection function is displayed or not when creating new records. If this right has not been granted, the user is thus not able to see for which roles and users the user rights are being defined. -- **Can remove members from rights templates:** Roles defined within the rights templates cannot be +- **Can remove members from rights templates:** Roles defined within the rights templates can't be removed without this right. If this right has not been granted, the roles defined in the templates are always authorized for records in this organisational structure. If the user right is activated: The user can remove the roles via the “x” icon: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md index a9788ab0e2..584d543601 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -8,7 +8,7 @@ sidebar_position: 30 In general, all of the predefined rights for an organisational structure are applied to all underlying objects. These objects could be passwords, forms, form fields documents, users, -applications or also other nested organisational structures in the hierarchy. In the following +applications, or also other nested organisational structures in the hierarchy. In the following example, the rights template **IT general** has been defined for the organisational unit **IT**. ![rights template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_1-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index 0fc0f1becd..e6d77675b5 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -44,7 +44,7 @@ associated permissions: | Red | Authorize | Other rights also exist that are, however, not separately indicated by a color. The overview in the -ribbon can be used to see whether the “move”, “export” and “print” rights are set or not. The +ribbon lets you see whether the “move”, “export” and “print” rights are set or not. The permissions for the selected role/user are always displayed – in this case for the role “IT management”. @@ -56,13 +56,15 @@ The [Manual setting of permissions](/docs/passwordsecure/9.3/configuration/advan the configuration of rights for both existing and also new records. The option of [Predefining rights](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every record, a “preset” is defined once for each -organisational structure. Once this has been done, it is sufficient in future to merely select the +organisational structure. After this has been done, it is sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This -process is particularly advantageous for those users who should not set their permissions +process is particularly advantageous for those users who shouldn't set their permissions themselves. ![predefined rights diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_4-en.webp) -**CAUTION:** The configuration of permissions can be carried out manually or automatically as -described. If you want to change previously set permissions later, this has to be done manually. -Retrospectively defining rights is not possible. +:::warning +The configuration of permissions can be performed manually or automatically as +described. To change previously set permissions later, you must do so manually. +Retrospectively defining rights isn't possible. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 31cb339a38..0b3c4a08b0 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Password masking -## What is password masking? +## Password masking overview -The safest passwords are those that you do not know. Password masking follows this approach. It +The safest passwords are those that you don't know. Password masking follows this approach. It prevents the password from being shown, while allowing the use of the automatic sign-on. You can apply it via the button of the same name in the ribbon. @@ -29,7 +29,9 @@ for the record is required to apply or remove the masking. Users who have the ** permission** for a record can continue to use the record without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. -NOTE: Password masking can only be applied to records with an existing password! +:::note +Password masking can only be applied to records with an existing password. +::: ## Applying password masking @@ -48,20 +50,26 @@ button in the ribbon for that purpose. Ensure that the password field is highlig The special feature when setting or editing masking via the form field permissions is that you can individually select users to whom masking will be applied. In the following example, masking has -been specified only for the role of “trainees”, although the “IT” role does not have the **authorize +been specified only for the role of “trainees”, although the “IT” role doesn't have the **authorize permission** either. In addition to the name of the role or the user, the icon symbolizes the fact that visa protection applies to trainees. ![example password masking](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_3-en.webp) -NOTE: Use the icon in the ribbon to apply password masking to all users who have read permission on -the record, but not the **authorize permission**. If you wish to specify more precisely for which +:::note +Use the icon in the ribbon to apply password masking to all users who have read permission on +the record, but not the **authorize permission**. If you want to specify more precisely for which users the password masking should be applied, this is also possible via the form field permissions. +::: -NOTE: It is important to note that the login mask for records with password masking will be "sent +:::note +the login mask for records with password masking will be "sent automatically", even if the setting **Browser Extensions: Automatically send login masks** has been deactivated. +::: -**CAUTION:** The password masking only applies to those users who are authorized at the time of +:::warning +The password masking only applies to those users who are authorized at the time of attachment to the record. If a record has the password masking and a user get´s authorized the record is **not protected** for this user. The password masking should then be removed and reset. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index b3faa425c3..38ed56b92c 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -6,16 +6,16 @@ sidebar_position: 40 # Protective mechanisms -## What are protective mechanisms? +## Protective mechanisms overview The primary goal of Netwrix Password Secure is to ensure data security at all times. The -authorization concept is naturally the most important component when it comes to granting users the +authorization concept is the most important component when it comes to granting users the intended level of permissions for accessing data. Specifically, this makes it possible to make certain information only available to selected employees. Nevertheless, it is still necessary to -have protective mechanisms above and beyond the authorization concept in order to handle complex +have protective mechanisms above and beyond the authorization concept to handle complex requirements. -- [Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly +- [Visibility](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) isn't separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. @@ -23,8 +23,7 @@ requirements. possible to grant users or roles temporary access to data. - [Password masking](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. -- To link the release of highly sensitive access data to a double-check principle, it is possible to - use [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a +- To link the release of highly sensitive access data to a double-check principle, you can use [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a granular level and is always adaptable to individual requirements. The following diagram shows a summary of how the existing protective mechanisms are integrated into @@ -42,21 +41,24 @@ in more detail below. ## Visibility as a basic requirement It should always be noted that **visibility** is always a basic requirement for applying further -protective mechanisms. A record that is completely hidden from a user (= no read permission) can -naturally not be given any further protective mechanisms. +protective mechanisms. A record that is completely hidden from a user (= no read permission) can't be given any further protective mechanisms. -NOTE: The visibility of a record is always the basic requirement for applying further protective +:::note +The visibility of a record is always the basic requirement for applying further protective mechanisms +::: ## Combining multiple protective mechanisms In principle, there are a diverse range of possibilities for combining the above-mentioned protective mechanisms. Temporary access to a “masked” record is possible just as having a “masked” -record which is additionally secured by a double-check principle is also possible. **Nevertheless, -it should be noted that temporary permissions in combination with seals always pose a risk.** If +record which is additionally secured by a double-check principle is also possible. **However, +temporary permissions in combination with seals always pose a risk.** If releasing a seal requires approval from a person who only possesses or possessed temporary -permissions or will only possess them in future, this could naturally conflict with the configured +permissions or will only possess them in future, this could conflict with the configured release criteria. -**CAUTION:** The combination of seals and temporary permissions is not recommended if the user with +:::warning +The combination of seals and temporary permissions isn't recommended if the user with permissions to issue a release has only been given temporary permissions. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index 674cdd9552..0f3cc20e29 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Release mechanism -## What is the release mechanism? +## Release mechanism overview A sealed password will not be released until the number of approvals required in the seal has been granted. Releases can be granted by anyone who has been defined as having the required permissions @@ -16,25 +16,28 @@ release request to the final grant of the release and the breaking of the seal. ## Users and roles in the release mechanism As noted in the previous sections, seals always restrict the right of a user to view a specific -password. Even if the configuration is usually done at the level of the role, each user is naturally -responsible for his own request when carrying out the release. Even if a seal is defined for a role, +password. Even if the configuration is usually done at the level of the role, each user is responsible for his own request when carrying out the release. Even if a seal is defined for a role, technically separate seals are created for each individual member of the role. -NOTE: Requests or releases are only valid for the respective user! +:::note +Requests or releases are only valid for the respective user. +::: -**CAUTION:** If a user is a member of several roles of a seal, the "stronger" right is always +:::warning +If a user is a member of several roles of a seal, the "stronger" right is always applied. Release rights have a priority over read rights +::: ## 1. Requesting a release -In order to release a seal for sealed passwords, this must be requested from the user with the +To release a seal for sealed passwords, this must be requested from the user with the required permissions to issue the release. Within the Netwrix Password Secure client, this can be done via the buttons **Reveal** and **Seal** in the ribbon, as well as via the **Icon in the password field** of the data record in the reading pane. ![seal protection](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_1-en.webp) -A modal window opens, which can be used to request the seal. The reason for the entry will be +A modal window opens, which lets you request the seal. The reason for the entry will be displayed to the users with the required permissions to issue the release. ![start seal process](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md index 88f6a6cf3d..9d27d21def 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Seal overview -## What is the seal overview? +## Seal overview Users with the required permissions to issue the releases receive access to the current state of the existing seals at any time via the seal overview. The overview is accessible via the ribbon as well @@ -52,6 +52,6 @@ breaking the seal after a security query. Viewing the password is irrelevant. On be manually reset by the icon to the right of the broken seal column. The state “Sealed” is restored. -**CAUTION:** It makes no sense to re-seal already visible passwords. The user was able to view the -password. Therefore, it is not monitorable whether the password has been saved, for example, by -screenshot. In such cases, a new password is the only way to guarantee 100% password security! +**CAUTION:** It makes no sense to re-seal already visible passwords. The user could view the +password. Therefore, it isn't monitorable whether the password has been saved, for example, by +screenshot. In such cases, a new password is the only way to guarantee 100% password security. diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index e39c9c212c..a90368afd9 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Seals -## What are seals? +## Seals overview Passwords are selectively made available to the different user groups by means of the [Authorization and protection mechanisms](/docs/passwordsecure/9.3/configuration/webapplication/authorization_and_protection_mechanisms.md). @@ -26,22 +26,26 @@ The following option is required to add a seal. ## Required permissions -Firstly, the user must have the **authorize permission** for the record in order to create seals. +Firstly, the user must have the **authorize permission** for the record to create seals. The read permission to all users and roles that are contained in the seal is also required. The exact configuration of password masking and permissions for records is described in detail in the Authorization concept section. -## What exactly is sealed? +## Sealed content -Technically speaking, the password itself is not sealed. It is the permission to see a password +Technically speaking, the password itself isn't sealed. It is the permission to see a password field that is protected by a seal. This allows for the most sensitive configurations, in which one group can use the password without restrictions, but the same password is sealed for other users. The wizard assists users in applying seals, as well as in future maintenance. -**CAUTION:** The complete data set is never sealed! Only the permission to view a password is +:::warning +The complete data set is never sealed! Only the permission to view a password is protected by a seal. +::: -**CAUTION:** Be Aware" Only records that are protected with a password can be sealed! +:::warning +Be Aware" Only records that are protected with a password can be sealed. +::: ## Seal wizard @@ -71,10 +75,12 @@ release are displayed in blue. ![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_3-en.webp) -NOTE: All users and roles for which the data set is not sealed and which are not authorized for +:::note +All users and roles for which the data set isn't sealed and which aren't authorized for release are displayed in green. These can use the data record independently of the seal. +::: -To avoid having to perform any configuration manually, roles and users are copied directly from the +To avoid having to perform any configuration manually, roles, and users are copied directly from the authorizations of the data record. Compare with the "permissions" for the record (can be viewed via the ribbon). @@ -83,9 +89,11 @@ the ribbon). Supervisors should issue the releases for their employees. Therefore, the checkbox also follows the existing authorizations. The following **scheme** is used: -NOTE: All users and roles that have the **authorize permission** to the record are "authorized to -issue a release" for the seal by default. All users and roles that do not have the **authorize +:::note +All users and roles that have the **authorize permission** to the record are "authorized to +issue a release" for the seal by default. All users and roles that don't have the **authorize permissions** to the record are copied directly into the "Sealed for" column. +::: Here is a closer look at the permissions of the role **Administrators** on the record: @@ -96,33 +104,39 @@ Here is a closer look at the permissions of the role **Administrators** on the r Although standard authorizations are used as a basis for the sealing concept, these can be adapted. The number of releases generally required is as configurable as the required number of releases from a role. In the following example, the seal has been extended so that a total of three release -authorizations are required in order to release the seal **(Multi-eye principle)**. The role of the +authorizations are required to release the seal **(Multi-eye principle)**. The role of the administrators has been marked in the mandatory column. This means that it must grant at least one release. In summary: A total of three releases must be made, whereby the group of administrators must grant at least one release. ![edit seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_6-en.webp) -In order to be not only dependent on existing authorizations on the data set, other users can also +To be not only dependent on existing authorizations on the data set, other users can also be added to the seal. The role accounting under "sealed for" has been added below. ![define permission for the seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_7-en.webp) -NOTE: When a role or a user is added to a seal, these users also receive permissions on the record +:::note +When a role or a user is added to a seal, these users also receive permissions on the record according to the authorization granted in the seal. A role that is added under "Sealed for" receives the **Read permission** on the record. When you add authorization permissions, these will include the **Read**, **Write**, **Delete**, and **Authorize** permission. +::: -**CAUTION:** All the roles that were once added to the seal can no longer be removed via the seal -logic. This is only possible directly via the authorizations of the data record! +:::warning +All the roles that were once added to the seal can no longer be removed via the seal +logic. This is only possible directly via the authorizations of the data record. +::: -NOTE: It is possible to seal records for a user who is also authorized to issue a release. In this -constellation, it is important to ensure that at least one other user is authorized to issue a +:::note +You can seal records for a user who is also authorized to issue a release. In this +constellation, ensure that at least one other user is authorized to issue a release. In principle, you should never be able to issue a release for yourself. +::: #### 3. Advanced settings -Advanced seal settings allow you to adjust the multi-eye principle. Both the time validity of a +Advanced seal settings let you adjust the multi-eye principle. Both the time validity of a release request as well as a granted release can be configured. Multiple break defines whether after the breaking of a seal by a user, other users may still break it. @@ -130,9 +144,9 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal -Before closing the wizard, it is possible to save the configuration for later use in the form of a +Before closing the wizard, you can save the configuration for later use in the form of a template. [Seal templates](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be -optionally provided with a description for the purpose of overview. +optionally provided with a description for easier identification. ![save seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index 8c1ab52484..1b5af268f7 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Temporary permissions -## What are temporary permissions? +## Temporary permissions overview -So far, we have covered permissions that were valid for an unlimited period. However, a permission +So far, the previous sections covered permissions that were valid for an unlimited period. However, a permission can also be granted in advance with a time restriction. Examples are users who stay in the company for a limited time, such as interns or trainees. @@ -33,8 +33,10 @@ permissions: - **Green:** The temporary permission is active. - **Red:** The time period for the temporary permissions has already expired. -NOTE: Temporary permissions can also be assigned to multiple roles and users at the same time. You -can select multiple users and roles as usual with Ctrl/Shift + left mouse button! +:::note +Temporary permissions can also be assigned to multiple roles and users at the same time. You +can select multiple users and roles as usual with Ctrl/Shift + left mouse button. +::: ## Special features of the authorization system @@ -43,5 +45,7 @@ configurations. Conceivable constellations include a situation when the only use only has temporary permissions. When these permissions expire, there is no longer any user with full permissions. To prevent this happening, users with temporary permissions are handled differently. -**CAUTION:** There must always be one user who has the “authorize” right to a record, who does not +:::warning +There must always be one user who has the “authorize” right to a record, who doesn't only have temporary permissions. +::: diff --git a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index b224f8dbc1..e07be7a2f5 100644 --- a/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md +++ b/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -10,24 +10,24 @@ sidebar_position: 10 The use of a [Filter](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility of the records is closely -interwoven with the existing permissions structure. Naturally, a user can always only see those +interwoven with the existing permissions structure. a user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into -consideration when handling records. [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) are not +consideration when handling records. [Tags](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/tags.md) aren't subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record -as personal – yet each user will naturally only be able to find their own personal records. +as personal – yet each user will only be able to find their own personal records. ## Creating independently working environments The possibility of separately defining the visibility of individual objects is one of the special features within the Netwrix Password Secure authorization concept. Irrespective of whether handling -records, documents, organisational structures, roles or forms: it is always possible to define +records, documents, organisational structures, roles, or forms: it is always possible to define whether a user or a role possesses a read permission to the object or not. The permissions for each of these objects can be defined separately via the ribbon in the permissions dialogue. This approach enables the creation of independently existing departments within a database. The permissions structure for the SAP form can be seen below. It shows that only the sales manager and the -administrators are currently permitted to create new records of type SAP. +administrators are permitted to create new records of type SAP. ![example permissions on a form](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility-en.webp) @@ -35,6 +35,8 @@ In general, each department can independently use forms, create passwords and ma this way. Especially in very sensitive areas of a company, this type of compartmentalization is often required and also desired. -NOTE: An alternative also supported by Netwrix Password Secure is for each department to set up +:::note +An alternative also supported by Netwrix Password Secure is for each department to set up their own MSSQL database. However, this physical separation requires considerably more administration work than the above-mentioned separation of data based on permissions and visibility. +::: diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md index 4fa7aecf05..ec945eb02d 100644 --- a/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Autofill Add-on -## What is the Autofill Add-on? +## Autofill Add-on overview The Autofill Add-on is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in @@ -28,7 +28,9 @@ User rights The right **Can create web applications** is required for creating new web applications\* -NOTE: The agent can control multiple databases at the same time +:::note +The agent can control multiple databases at the same time +::: #### Functionality @@ -38,7 +40,7 @@ The functionality of the Autofill Add-on is illustrated in the following diagram RDP and SSH sessions(![1](/images/passwordsecure/9.2/configuration/autofill_add-on/1.webp) -) are not automatically started via the Autofill Add-on. Applications are created for this purpose +) aren't automatically started via the Autofill Add-on. Applications are created for this purpose in the Netwrix Password Secure client. The creation and use of these connections is explained in detail in the corresponding section. @@ -53,13 +55,15 @@ following types of connections exist: cases, the Autofill Add-on takes over the communication between the application server and the Windows applications. -NOTE: For entering data on websites, the record must contain at least the following fields: User +:::note +For entering data on websites, the record must contain at least the following fields: User name, password, URL. +::: #### Conclusion As the Autofill Add-on is directly connected to the application server, login data can also be entered without the main client. Exceptions are the RDP and SSH connections. These are forced to remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the -client with the two limitations mentioned. Naturally, all of the steps completed are still entered +client with the two limitations mentioned. all of the steps completed are still entered in the logbook and are always traceable. diff --git a/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md b/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md index f41c588795..242ac18987 100644 --- a/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md +++ b/docs/passwordsecure/9.3/configuration/autofilladdon/configuration_autofill_add-on.md @@ -18,19 +18,21 @@ makes all of the databases configured on the client available. It is also possib profiles as usual so that the connection data for certain databases can be used efficiently in the future. -NOTE: The agent accesses the same configuration file as the client. All changes to profiles will +:::note +The agent accesses the same configuration file as the client. All changes to profiles will thus also affect the client. New profiles can thus also be created via the Autofill. +::: #### Context menu functionality -After successfully logging in, the Autofill Add-on firstly runs in the background. Right click on +After successfully logging in, the Autofill Add-on firstly runs in the background. Right click the icon in the system tray to open the context menu. ![icon options](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_130-en.webp) - **Disconnect**: Connect to database/disconnect from database. (All connections are shown for multiple databases) -- **Login** enables you to log into another database +- **Login** lets you log into another database - **Disable/Enable agent** allows you the option of temporarily disabling automatic login - A diverse range of variables can be defined via the **Settings** - **Reload all Data** diff --git a/docs/passwordsecure/9.3/configuration/basicview/basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md index bca147482d..efce69f5ba 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/basic_view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/basic_view.md @@ -8,9 +8,9 @@ sidebar_position: 30 ![light-client-en](/images/passwordsecure/9.2/configuration/basic_view/light-client-en.webp) -## What is the Basic view about? +## Basic view overview -The Basic view is a lean tool for every end user. It guarantees quick and easy access to the daily +The Basic view is a lean tool for every end user. It provides quick access to the daily needed passwords. Although the Basic view has a limited range of functions, it can be operated intuitively and without previous knowledge or training by any user. The Basic view is designed for up to 50 passwords. The Basic view introduces to professional password management. It is also the @@ -21,8 +21,8 @@ ideal tool for the daily handling of passwords. ## Requirements & required rights You don’t need any special permission to use the Basic view. However, the handling of the Basic -views can be set via rights and settings. Read more in chapter -[To do for Administration](/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md). +views can be set via rights and settings. See +[To do for Administration](/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md) for configuration details. #### Installation diff --git a/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md index 0f58657d3a..e7b60493e8 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/checklist_of_the_basic_view.md @@ -18,8 +18,7 @@ URL** 2. Set display of the Basic view or Advanced view -The setting **Display passwords in Basic view & display passwords in Advanced view** allows you to -configure the display of both clients. The passwords can be displayed with an icon, logo or in text +The setting **Display passwords in Basic view & display passwords in Advanced view** lets you configure the display of both clients. The passwords can be displayed with an icon, logo, or in text form. 3. Are users in the right organisational unit? diff --git a/docs/passwordsecure/9.3/configuration/basicview/password_management.md b/docs/passwordsecure/9.3/configuration/basicview/password_management.md index fc468a0f2c..34e1ebe775 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/password_management.md +++ b/docs/passwordsecure/9.3/configuration/basicview/password_management.md @@ -9,20 +9,24 @@ sidebar_position: 60 ## Creating passwords This chapter deals with the main functionality of Basic view, namely the secure storage and -management of passwords. It should be noted that a password can be stored in different ways. +management of passwords. A password can be stored in different ways. -NOTE: The required settings and rights are given by the in-house administration. Further information +:::note +The required settings and rights are given by the in-house administration. Further information can be found here: To do for the administration +::: #### Create with application -**Prerequisite:** An existing application is available. It does not matter whether this is an SSO, +**Prerequisite:** An existing application is available. It doesn't matter whether this is an SSO, web, RDP, or SSH application. ![create password](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-password-en.webp) -NOTE: Managing and creating the corresponding applications is the responsibility of the in-house +:::note +Managing and creating the corresponding applications is the responsibility of the in-house administration. How to create an application can be read here and in the following chapters. +::: Clicking on the existing application opens a window that asks for the user name and password. @@ -60,7 +64,7 @@ Then the whole process is completed by clicking the "Finish" button. ## Changing and deleting passwords -In order to change or delete passwords you should stay on the corresponding tile with the mouse +To change or delete passwords you should stay on the corresponding tile with the mouse cursor. The control button will appear. When you click the button, you will be offered the "Edit" and "Delete" options, among others. diff --git a/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md b/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md index 0879e953db..d64bcc4065 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/start_and_login_basic_view.md @@ -30,7 +30,7 @@ There are 2 possibilities here: ![image4](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/image4.webp) -**CAUTION:** Please ask your administrator if you are not sure which login details apply to you! +**CAUTION:** Ask your administrator if you aren't sure which login details apply to you. #### Change to the web view of the Basic view @@ -41,12 +41,12 @@ As soon as the login was successful, you are now either: or - in the Web Application. To switch from the Web Application to the Basic view web view, you have to - click on your profile name. There you will be offered the option **"Switch to the Basic view"**. + click your profile name. There you will be offered the option **"Switch to the Basic view"**. ![switch to lightclient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/switch-to-lc-wc-en.webp) The Basic view web view is in no way inferior to the Basic view. The same functions are given except -for the download of the favicons (icon, symbol or logo used by web browsers to mark a website in a +for the download of the favicons (icon, symbol, or logo used by web browsers to mark a website in a recognizable way). ![LightClient in WebClient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/wc-lc-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/basicview/tab_system.md b/docs/passwordsecure/9.3/configuration/basicview/tab_system.md index 142059e7fd..f9ea413ae1 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/tab_system.md +++ b/docs/passwordsecure/9.3/configuration/basicview/tab_system.md @@ -6,9 +6,9 @@ sidebar_position: 50 # Tab system -## What is the tab system? +## Tab system overview -The tab system helps to structure the passwords in order to manage and find them more easily. For +The tab system helps to structure the passwords to manage and find them. For this purpose, several tabs can be created and switched between them with a click. ![tabs LightClient](/images/passwordsecure/9.2/configuration/basic_view/tab_system/tabs-lc-en.webp) @@ -34,7 +34,7 @@ The public tabs can be shown and hidden as needed. The X closes the current tab. ![close tab](/images/passwordsecure/9.2/configuration/basic_view/tab_system/close-tab-en.webp) -A public tab can be displayed again with a simple click on the +. +A public tab can be displayed again with a simple click the +. ![select organisational unit](/images/passwordsecure/9.2/configuration/basic_view/tab_system/select-ou-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md index ddbeb82e9d..83f43cd307 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -42,10 +42,10 @@ required: Text, user name, password, URL. DefaultFormImpossiblePlausibility -When creating a password for an application, there is a field which is not displayed. Therefore, the +When creating a password for an application, there is a field which isn't displayed. Therefore, the plausibility in fields should be checked. NoValidOrganisation Is only relevant for the web view of the Basic view. It is activated if you want to create a -password using the add-on and the user does not have an OU in which to create it. +password using the add-on and the user doesn't have an OU in which to create it. diff --git a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md index b5253b7db6..db6aaf3e79 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md +++ b/docs/passwordsecure/9.3/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -8,12 +8,14 @@ sidebar_position: 10 ## Conditions for using the Basic view -The Basic view allows end users to easily manage their passwords in Netwrix Password Secure without -any training or prior knowledge. In order to ensure proper operation, the administration has to make +The Basic view allows end users to manage their passwords in Netwrix Password Secure without +any training or prior knowledge. To ensure proper operation, the administration has to make a few preparations first. This will be further discussed in the following. -NOTE: To make the Basic view transition as easy and smooth as possible for the user, the +:::note +To make the Basic view transition as easy and smooth as possible for the user, the administration can orient towards this checklist. +::: #### Relevant rights and settings @@ -43,14 +45,14 @@ There are several ways to provide/create passwords in the Basic view. #### Predefined passwords Predefined passwords have already been created on the FullClient. Basic view users must at least -obtain the right to read a record in order to use the password. +obtain the right to read a record to use the password. ![installation_with_parameters_154](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_154.webp) #### Creating passwords via applications -In order to use applications on the Basic view, the administration must first create them on the -FullClient. By clicking on the application, the end user can easily generate secure passwords. To be +To use applications on the Basic view, the administration must first create them on the +FullClient. By clicking on the application, the end user can generate secure passwords. To be able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter @@ -60,7 +62,7 @@ Further information on this topic can be found in the chapter #### Creating passwords via applications without applications -Please consider the following rights and settings so that Basic view users can create new passwords. +consider the following rights and settings so that Basic view users can create new passwords. User rights: diff --git a/docs/passwordsecure/9.3/configuration/basicview/view.md b/docs/passwordsecure/9.3/configuration/basicview/view.md index 8c8b27209d..e5eb725f63 100644 --- a/docs/passwordsecure/9.3/configuration/basicview/view.md +++ b/docs/passwordsecure/9.3/configuration/basicview/view.md @@ -10,7 +10,7 @@ sidebar_position: 40 The Basic view interface is arranged in tiles. If a logo/icon has been stored for a password in the image management, this can optionally be displayed with the associated data record. If the logo of -the password is not available, a reduced Outlook view is displayed. +the password isn't available, a reduced Outlook view is displayed. 1. view of a Basic view button with stored logo @@ -24,7 +24,7 @@ the password is not available, a reduced Outlook view is displayed. ![sql-server-log](/images/passwordsecure/9.2/configuration/basic_view/view/sql-server-log.webp) -Click on the tile to open the application. +Click the tile to open the application. ![SSO LightClient](/images/passwordsecure/9.2/configuration/basic_view/view/sso-lc-en.webp) @@ -47,18 +47,18 @@ When you click the button, the following options become visible: - Move to bin (the selected record can be deleted.) - -Copy username (the username of the selected record will be copied to the clipboard). - -Copy password (the password of the selected record will be copied to the clipboard). -- Typing assistance (Use this view to easily type out passwords) +- Typing assistance (Use this view to type out passwords) - -Refresh (The record will be updated.) -You can only perform the above operations if you are sufficiently authorized. Please point this out -to your in-house administrator if this is not the case for you. +You can only perform the above operations if you are sufficiently authorized. point this out +to your in-house administrator if this isn't the case for you. **CAUTION:** You can only execute the mentioned operations if you are sufficiently authorized. -Please point this out to your in-house administrator if this is not the case for you. +point this out to your in-house administrator if this isn't the case for you. ## Image management Usually, the setup of logos/icons in the i**mage management** is done by the in-house -administration. You can learn more about this in the FullClient +administration. See the FullClient [Image management](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md index 0bc1f16d00..5e9ab9bd97 100644 --- a/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md +++ b/docs/passwordsecure/9.3/configuration/browseraddons/applications_add-on.md @@ -6,11 +6,11 @@ sidebar_position: 10 # Applications -## What are applications? +## Applications overview Data can be entered on many websites without further configuration. The website is scanned in order to find data entry fields in which the user name and password can then be entered. No further steps -are thus necessary. For websites where data cannot be entered directly, it is necessary to create an +are thus necessary. For websites where data can't be entered directly, you must create an application manually. These applications correspond to working guidelines that precisely define which information should be entered into which target field. The full script that describes the assignment is called an “**application**”. @@ -18,7 +18,7 @@ assignment is called an “**application**”. ![registration with and without application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_142-en.webp) The diagram starts with the user navigating to a website. The application server is then checked to -see whether a record has been saved for this website for which the currently registered user also +see whether a record has been saved for this website for which the registered user also has the required permissions. If this is the case, the information required for the login is sent to the Browser Extension in encrypted form. The password is only decrypted in the add- on shortly before it is entered. There are two ways in which the information is entered: **Data entry without @@ -33,17 +33,17 @@ websites that would fit the page. It is only necessary for the hostname includin such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted to the first user name field that can be found on the page. The password is also entered into the first password field found on the page. If automatic login has been activated in the settings, this -is also carried out by clicking the login button. +is also performed by clicking the login button. #### Data entry with application -It is not possible to automatically recognise the fields that must be filled on some websites. An +It isn't possible to automatically recognise the fields that must be filled on some websites. An application needs to be created in these cases. If more than two fields need to be transferred, it is also necessary to create an application. In this context, “application” means instructions that are used to enter information into the fields. It thus assigns fields in the record to the associated fields on the website. This mapping process only needs to be configured once. The applications is responsible for entering data in the fields on the website from then on. In the -following example, the data entry process is carried out from the client. Naturally, this is also +following example, the data entry process is performed from the client. this is also possible via [Browser Add-ons](/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) @@ -53,10 +53,12 @@ hostname including the domain suffix (“.de” or “.com”) to match. ## Creating applications -**CAUTION:** The user right Can add new web applications is required in order to create applications +:::warning +The user right Can add new web applications is required to create applications +::: -If the login mask on a website cannot be automatically completed, it is necessary to manually create -an application. To create an application, the desired website is first called up. The add-on is then +If the login mask on a website can't be automatically completed, you must manually create +an application. To create an application, the desired website is first opened. The add-on is then started via the relevant icon. The menu item “Create application\* can be found here ![create application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_144-en.webp) @@ -67,21 +69,20 @@ A modal window now opens. The actual application is now created here. The following options are available: -- **Advanced options** allows you to define a delay separately for each field when entering the +- **Advanced options** lets you define a delay separately for each field when entering the data. This is sensible when the process of entering the data would otherwise not run smoothly on sluggish websites. -- The **Move** setting can be used to change the position of the modal window if it covers the login +- The **Move** setting lets you change the position of the modal window if it covers the login window -To capture, click on the first field to be filled on the website. It will be directly added to the +To capture, click the first field to be filled on the website. It will be directly added to the list in the modal window. For better identification, fields that belong together are marked in colour. ![choosed application field](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_146-en.webp) The field type (e.g. INPUT) and the field label are displayed in the field itself. In addition, an -action is proposed which fits the field type, such as e.g. entering the user name. The action can -naturally be adjusted if required. Once all fields have been captured, the system checks whether the +action is proposed which fits the field type, such as e.g. entering the user name. The action can be adjusted if required. Once all fields have been captured, the system checks whether the actions are correct. Finally, the application can be saved. ![example for a application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_147-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md b/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md index 933e5b0da3..0b0df3bbd5 100644 --- a/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md +++ b/docs/passwordsecure/9.3/configuration/browseraddons/browser_add-ons.md @@ -10,10 +10,10 @@ Passwords can also be used in the browser using the browser add-on. You can sear the add-on, transfer them to the clipboard or enter them in the input mask of the website automatically. The automatic login may require applications. -In order to provide the data, the add-on needs a connection to the database. This can be set up +To provide the data, the add-on needs a connection to the database. This can be set up directly in server mode. -Currently, add-ons are available for the following browsers: +, add-ons are available for the following browsers: - Microsoft Edge - Google Chrome @@ -24,11 +24,11 @@ Currently, add-ons are available for the following browsers: ## Installation -Please find more information about the installation on: Installation Browser Add-ons +find more information about the installation on: Installation Browser Add-ons ## Connection via server mode -If the installation of the browser extension has been carried out, the user can now open the desired +If the installation of the browser extension has been performed, the user can now open the desired browser. A window appears in which the security of the connection is confirmed. Pairing is performed with a simple click. A new icon will also be displayed in the desired browser from this point onwards: @@ -43,7 +43,7 @@ The server mode must know which database profile it is connected to. There are t up a database profile: First, the database profile can be created manually. Therefore, he following information is -required: IP address, Web Application URL and database name. Please note that /api is appended to +required: IP address, Web Application URL and database name. That /api is appended to the end of the IP address. ![database profil](/images/passwordsecure/9.2/configuration/browseradd-ons/manual-database-profile-en.webp) @@ -61,8 +61,10 @@ The server mode offers the following advantages: - No terminal service is required in terminal server operation -**CAUTION:** Please note that SSO applications only work via Autofill Add-on. If you are in server -mode and the Autofill Add-on has not been started, SSO applications do not work! +:::warning +that SSO applications only work via Autofill Add-on. If you are in server +mode and the Autofill Add-on has not been started, SSO applications don't work. +::: After successful connection, the number of data records available for the current Internet page is displayed on the icon. @@ -72,7 +74,7 @@ displayed on the icon. ## Settings All settings that relate to the add-on are made centrally on the client. The user settings system -can be used to enter them globally per organisational unit or per user. The following options have a +lets you enter them globally per organisational unit or per user. The following options have a direct impact on the add-ons and can be found in the SSO category: - Browser add-ons: Automatically send login masks ensures that the login is automatically completed @@ -84,13 +86,17 @@ direct impact on the add-ons and can be found in the SSO category: The default browser option also has an impact on the add-ons. This setting defines the browser in which the websites are opened from the client. -NOTE: It is important to note that the login mask for records with password masking will be ”sent +:::note +the login mask for records with password masking will be ”sent automatically\*, even if the setting Browser add-ons: Automatically send login masks has been deactivated. +::: ## Working with add-ons -NOTE: A record can only be used for entering data if it has a form field of type "URL". +:::note +A record can only be used for entering data if it has a form field of type "URL". +::: The subscript number mentioned in the previous section is only available with active logins and therefore already says a lot about the “Number of possible entries”. For example, if the number “2” @@ -104,9 +110,9 @@ Secure – as described in the following section. ## Search and navigation -It is currently assumed that the user has to navigate manually to the website on which they want to -automatically enter login data. This way of working is possible but is not convenient enough. The -add-on can be used in a similar way to bookmarks. The search field can be used to search for the +It is assumed that the user has to navigate manually to the website on which they want to +automatically enter login data. This way of working is possible but isn't convenient enough. The +add-on can be used in a similar way to bookmarks. The search field lets you search for the record in the database. The prerequisite is again that the record contains a URL. ![Record usage](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-records-usage-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md b/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md index 076a3fcd74..5481c31839 100644 --- a/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md +++ b/docs/passwordsecure/9.3/configuration/browseraddons/how_to_save_passwords.md @@ -8,7 +8,9 @@ sidebar_position: 20 This chapter describes how to store passwords via add-on. -**CAUTION:** You can only save passwords in server mode! +:::warning +You can only save passwords in server mode. +::: ## New access data @@ -35,7 +37,7 @@ already known dataset. - **Save password**: The password will be exchanged without opening the Web Application. - **check changes**: The Web Application is opened and you are logged in. The previous password has - been replaced by the new one. However, the storage must be carried out manually. + been replaced by the new one. However, the storage must be performed manually. ![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_152-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md index 1bc304c41e..8aa0072a3a 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_android.md @@ -17,7 +17,7 @@ Netwrix Password Secure App must be enabled. #### Autofill The login data is entered as soon as the app finds a corresponding mask on a web page or in an app. -In some masks the process starts automatically, in others it is necessary to type in the first +In some masks the process starts automatically, in others you must type in the first field. There are two possible scenarios. @@ -29,19 +29,21 @@ There are two possible scenarios. No password found -If no password is found that matches the app or the website called up, the desired password must +If no password is found that matches the app or the website opened, the desired password must first be selected. Exactly one password found -If there is a data set that contains exactly the URL that is called up, the corresponding password -can be suggested. A simple click on the password is then sufficient to pass the data to the website +If there is a data set that contains exactly the URL that is opened, the corresponding password +can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Multiple passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate on the app before +:::note +Depending on the current state, it may be necessary to authenticate on the app before selecting or confirming the password to be entered. The database then has to be unlocked via the password or Touch ID first. +::: diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md index bf098c6a41..4cc5031825 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -6,14 +6,14 @@ sidebar_position: 10 # Autofill in iOS -The most important comfort feature of the Netwrix Password Secure app is probably the autofill. With +The most important comfort feature of the Netwrix Password Secure app is the autofill. With autofill, the credentials from the Netwrix Password Secure app are transferred directly to the login screens. This works both with websites in the browser and with other apps. #### Requirements -In order to ensure automatic registration, a few prerequisites must be met. First of all, the -automatic registration must be set up in the settings. If the **iOS keychain** is not needed, it +To ensure automatic registration, a few prerequisites must be met. First of all, the +automatic registration must be set up in the settings. If the **iOS keychain** isn't needed, it should be deactivated. This makes handling a bit easier. Finally, a database connection must exist and access to passwords must be possible. @@ -29,11 +29,11 @@ Dialog Depending on the configuration and scenario, the dialog for entry can have different characteristics: -- First, one or more passwords are displayed that match the current page or app. These can be +- First, one, or more passwords are displayed that match the current page or app. These can be selected and entered with a click. - It is also possible to open the dialog for selecting a password. If no password is found, this dialog is displayed directly. -- Finally, the iOS keychain can also be opened. If this function is not needed, it can be +- Finally, the iOS keychain can also be opened. If this function isn't needed, it can be deactivated. The corresponding option will then no longer be offered. No password found @@ -43,14 +43,16 @@ selected. Exact password found -If there is a data record that contains exactly the URL that is called up, the corresponding -password can be suggested. A simple click on the password is then sufficient to pass the data to the +If there is a data record that contains exactly the URL that is opened, the corresponding +password can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Several passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate to the app before +:::note +Depending on the current state, it may be necessary to authenticate to the app before selecting or confirming of the password to be entered. The database then has to be unlocked via the password, Touch ID or Face ID. +::: diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md index 3f7642b534..1e844f15fc 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/mobile_devices.md @@ -6,22 +6,24 @@ sidebar_position: 70 # Mobile devices -## The new Netwrix Password Secure Mobile App – mobile and simple! +## The new Netwrix Password Secure Mobile App -With version 8.10 we have created the perfect complement to the client: **The Netwrix Password -Secure Mobile App!** +Version 8.10 introduced the perfect complement to the client: **The Netwrix Password +Secure Mobile App.** With its **convenient** interface, the Netwrix Password Secure Mobile App offers the perfect -prerequisite for every user to find their way around **quickly** and **easily**. +prerequisite for every user to find their way around **quickly**. For detailed documentation of the **Netwrix Password Secure Mobile App** -NOTE: Please note that as of version 8.10.0, the previous version 7 App is no longer compatible. +:::note +that as of version 8.10.0, the previous version 7 App is no longer compatible. +::: -#### Security is our ambition +#### Security is the ambition No matter whether you work with a smartphone or a tablet, you benefit from the highest possible -security on all iOS and Android devices. All passwords are not only available on the mobile device, +security on all iOS and Android devices. All passwords aren't only available on the mobile device, but can also be automatically transferred to websites. So you can use highly complex and therefore secure passwords and don’t have to remember them anymore. The Netwrix Password Secure Mobile App thus combines security and convenience. In addition, the use of a local database ensures that @@ -34,7 +36,7 @@ more extensive and detailed in the specially created **documentation**. ### Password management -The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can not only be +The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can't only be stored securely but also structured conveniently. ### SSO diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md b/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md index 05bafbdea5..238e831fc3 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/passwords_mobileapp.md @@ -17,7 +17,7 @@ usually used by more than one user. Prerequisites -The following prerequisites must be met in order to create new global passwords: +The following prerequisites must be met to create new global passwords: - User right **Can create new passwords** - **Add right** to the corresponding organizational unit @@ -37,8 +37,8 @@ The following user rights are required to create personal passwords: #### Create passwords -When creating a new record, it is necessary to know whether it is a personal or a global password. -Because according to this criterion you should select the appropriate tab and click on the + located +When creating a new record, you must know whether it is a personal or a global password. +Because according to this criterion you should select the appropriate tab and click the + located in the upper right corner. ![create new password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/create-new-password-ma-en.webp) @@ -47,18 +47,18 @@ After that, select the required **form**. ![select form](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/select-form-ma-en.webp) -Then, once you have filled in all the relevant information of the selected form, one click on +Then, after you have filled in all the relevant information of the selected form, one click **Save** is enough to create the password. ![new entry MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-en.webp) #### Editing passwords -To edit a password, click on the corresponding password and select the pencil icon. +To edit a password, click the corresponding password and select the pencil icon. ![editing password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-2-en.webp) -As soon as you click on the pencil icon again in the new window, in the so-called read-only view, +As soon as you click the pencil icon again in the new window, in the so-called read-only view, you can edit all existing fields. ![edit passwordfield MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-passwordfield-ma-en.webp) @@ -67,7 +67,7 @@ you can edit all existing fields. #### Delete -Passwords can currently only be deleted via the Full- or Web Application. +Passwords can only be deleted via the Full- or Web Application. #### Tags @@ -77,7 +77,7 @@ Tags can be added or removed both when creating and editing a password. It is also possible to create a completely new tag. -This is possible by searching in the tag selection in the search field for a tag that does not +This is possible by searching in the tag selection in the search field for a tag that doesn't already exist. You will then be offered the option of creating this previously non-existent tag. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md b/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md index 2267b13359..02df5170b4 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/securitymd.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Security -#### Your security is our ambition +#### Your security is the ambition Security is a top priority for Netwrix Password Secure - right from the conception stage, it sets the course for all further developments. Of course, security was also taken into account during the development of the Netwrix Password Secure app and the latest technologies were used. The following -encryption techniques and algorithms are currently used: +encryption techniques and algorithms are used: Global @@ -20,7 +20,7 @@ Global - End to end encrypted (like all Netwrix Password Secure App Clients) - No direct connection to Netwrix Password Secure Server required. Connection is via web server. - MDM (Mobile Device Management) support -- Passwords can be used offline when server access is not available +- Passwords can be used offline when server access isn't available - Fast incremental data synchronization - Easy connection between Netwrix Password Secure Mobile Apps and the server via QR code - Easy navigation between private and shared passwords @@ -32,7 +32,7 @@ Global iOS -- Full support of FaceID and TouchID for passwordless login to the Netwrix Password Secure Mobile +- Full support of FaceID and TouchID for passwordless log in to the Netwrix Password Secure Mobile app. - Password AutoFill support. Passwords are automatically entered in other apps and Safari. (No copy/paste or typing) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md index 5bcbe95af7..89f5143eae 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md @@ -16,7 +16,7 @@ via the three dots at the very top left of the screen. These will be briefly exp Hide personal tab -In some use cases personal passwords are not needed on the mobile device. If this is the case you +In some use cases personal passwords aren't needed on the mobile device. If this is the case you can hide the tab with the personal passwords. Show all passwords in search tab @@ -44,13 +44,15 @@ How to synchronize with the main database is configured here. The following opti - **Any type of connection:** as long as there is a connection, synchronization will take place. No matter if it is a WLAN connection or a connection via the mobile network. - **Only for WLAN connection:** Synchronization only takes place if there is a connection via WLAN. -- **Disabled:** It is not synchronized +- **Disabled:** It isn't synchronized -NOTE: Costs may be incurred for synchronization via the mobile network! +:::note +Costs may be incurred for synchronization via the mobile network. +::: Synchronize now -Starts the synchronization. This can also be started outside the settings at any time by simply +Starts the synchronization. This can also be started outside the settings at any time by swiping down. More information can also be found in the chapter [Synchronization](/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md). diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md index ec2263d832..ee94e1ed27 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Linking the database -First, an existing database must be linked to the Netwrix Password Secure app in order to finally +First, an existing database must be linked to the Netwrix Password Secure app to finally synchronize the data. During linking, an encrypted database is created on the mobile device, which provides the data even without a network connection. @@ -14,9 +14,9 @@ There are two ways to create a link. #### Manual linking -If the database is to be linked manually, the dialog for creating the link is first called up via +If the database is to be linked manually, the dialog for creating the link is first opened via the + in the top right-hand corner. Here the address of the Web Application is entered and confirmed -with a click on Connect. +with a click Connect. ![Create link](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/create-link-ma-en.webp) @@ -39,8 +39,8 @@ find the corresponding QR code in the Backstage under Account: ![QR-code](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/link-via-qr-code-en.webp) -Then click on the button for the QR code in the app. In the following dialog, the QR code is simply -photographed from the monitor. The mobile database is now created directly in the background and +Then click the button for the QR code in the app. In the following dialog, photograph the QR code +from the monitor. The mobile database is now created directly in the background and linked to the database on the server. In the next step, you can give the database profile a meaningful name and log in directly: @@ -48,7 +48,7 @@ meaningful name and log in directly: LightUser -Using the Light view, the user must click on their user account and click on the **Account** option +Using the Light view, the user must click their user account and click the **Account** option ![Account LightClient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-2-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md index 58f2a534f1..31d8404fa9 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Setting up autofill -The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. +The most important comfort feature of the Netwrix Password Secure App is the autofill, i.e. the possibility to enter access data directly into the input mask. The autofill must first be set up or configured. @@ -16,7 +16,7 @@ In the settings, first select the item Passwords & Accounts and then Automatical as Auto-fill is activated, all options for filling in login windows are offered. Here one then selects Netwrix Password Secure. -RECOMMENDED: We recommend deactivating the **keychain (iOS)** as well as any other apps offered to +RECOMMENDED: Netwrix recommends deactivating the **keychain (iOS)** as well as any other apps offered to prevent misunderstandings in usage. ![password options](/images/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/password-options-en.webp) @@ -29,5 +29,5 @@ app is activated. In addition, you must define in the settings under Show via other apps that Netwrix Password Secure may be shown via other apps. -RECOMMENDED: We recommend to use only Netwrix Password Secure for automatic registration and to +RECOMMENDED: Netwrix recommends to use only Netwrix Password Secure for automatic registration and to deactivate all other apps here. This prevents possible misunderstandings in the operation. diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md index 9fde565ded..b813925a30 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/synchronization.md @@ -12,13 +12,13 @@ automatically synchronized in the background. Synchronization logic -First of all, it is important to note how the synchronization has been configured in the +First of all, note how the synchronization has been configured in the [Settings](/docs/passwordsecure/9.3/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This is done via https port 443, which must be enabled on -the server side. Once the prerequisites have been met, there are the following triggers for +the server side. After the prerequisites have been met, there are the following triggers for synchronization: -- A login to the app takes place +- A log in to the app takes place - Swipe down in the app - The synchronization is started in the settings of the app. - A data record is changed in one of the two databases diff --git a/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md b/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md index c805f54acd..14f70109bd 100644 --- a/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md +++ b/docs/passwordsecure/9.3/configuration/mobiledevices/tabs.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Tabs -Once you have successfully logged in, you will find yourself in the view where all the user's +After you have successfully logged in, you will find yourself in the view where all the user's passwords are located. ![all passwords in mobile app](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/all-passwords-ma-en.webp) @@ -15,7 +15,7 @@ Here you have the following options: Action menu -With a click on +With a click ![three-points-en](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/three-points-en.webp) the action menu is opened. diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md index 6386dc5542..42e7d761f3 100644 --- a/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/9.3/configuration/offlineclient/offline_client.md @@ -6,9 +6,9 @@ sidebar_position: 90 # Offline Add-on -## What is the Offline Add-on? +## Offline Add-on overview -The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure +The Offline Add-on lets you work without an active connection to the Netwrix Password Secure server. If the corresponding setting has been configured ([Setup and sync](/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be automatically synchronized according to freely definable cycles. This ensures that you can always @@ -20,7 +20,7 @@ Facts - The database is encrypted using AES-128 or SHA-256. A so-called “platform default” is used for this purpose - In addition, RSA encryption processes are used -- More on this subject…::https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx +- For more details, see the [Microsoft SQL Server Compact documentation](https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx) #### Installation @@ -37,20 +37,20 @@ account with regards to its operation: - There is no dashboard - Only the password module is available -- The filter is not available. Records are found using the +- The filter isn't available. Records are found using the [Search](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the [Autofill Add-on](/docs/passwordsecure/9.3/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on ![Offline Client](/images/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) -#### What data is synchronised? +#### Synchronised data [Seals](/docs/passwordsecure/9.3/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) enhance the security concept in Netwrix Password Secure to include a double-check principle that can be defined in fine detail. This means that releases for protected information are linked to the -positive authentication of one or more users. Naturally, it is not possible to issue these releases -when the server is not connected. For this reason, sealed records are not synchronized and thus do +positive authentication of one or more users. it isn't possible to issue these releases +when the server isn't connected. For this reason, sealed records aren't synchronized and thus do not form part of offline databases. Otherwise, all records for which the user has the **export right** are synchronised. diff --git a/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md index 8cca0edbc9..8499ed1c07 100644 --- a/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md +++ b/docs/passwordsecure/9.3/configuration/offlineclient/setup_and_sync.md @@ -8,15 +8,15 @@ sidebar_position: 10 ## Setting up the offline database -It is important to ensure that the right requirements have been met before setting up the Offline +Ensure that the right requirements have been met before setting up the Offline Add-on. The following configurations need to be defined in both the Server Manager and also the user rights/user settings. Requirements To set up offline databases, this option must be activated in the Server Manager first. This process -is carried out separately for each database in the database view in the Server Manager in the -“General settings” (right click on the database). This is also possible to do when the database is +is performed separately for each database in the database view in the Server Manager in the +“General settings” (right click the database). This is also possible to do when the database is initially created. ![Properties](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) @@ -34,21 +34,23 @@ server connection can be defined in the user rights. Creating an offline database -The synchronization with the offline database can generally be carried out automatically. However, -**the first synchronization must be carried out manually**. The synchronization is started via the +The synchronization with the offline database can generally be performed automatically. However, +**the first synchronization must be performed manually**. The synchronization is started via the Main menu/Account. ![account-en](/images/passwordsecure/9.2/configuration/offlineclient/setup/account-en.webp) -NOTE: The offline databases are stored locally under the following path: %appdata%\MATESO\Password +:::note +The offline databases are stored locally under the following path: %appdata%\MATESO\Password Safe and Repository Client\OfflineDB +::: An offline database must be created per user and client for each online database. This makes it possible to use several offline databases with an Offline Add-on. #### Synchronization -In order to keep the data always consistent, the offline database must be synchronized regularly. +To keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is @@ -74,13 +76,13 @@ As soon as the synchronization is completed, this is indicated by a hint. Offline mode can be configured and personalized using the four settings mentioned: - **Offline synchronization after saving a record**: The synchronization of the offline database is - completed directly after saving a record. It is important to note that this only applies to those - records that are saved by the user who is logged in. Changes made by another user do not trigger - any synchronization! + completed directly after saving a record. this only applies to those + records that are saved by the user who is logged in. Changes made by another user don't trigger + any synchronization. - **Offline synchronization after login:** If this option is active, the offline database is synchronized after each restart of the client. - **Automatic synchronization after an interval**: This setting is used to define the interval at - which a synchronization of the offline database will be periodically carried out. The default + which a synchronization of the offline database will be periodically performed. The default value is 30 minutes. - **Path where the offline database should be saved**: If this field is left empty, the system default is used. Otherwise, the storage location for the offline database can be entered directly. diff --git a/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md b/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md index a95dcf50cc..e6793482b2 100644 --- a/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md +++ b/docs/passwordsecure/9.3/configuration/sdkapi/sdk__api.md @@ -6,8 +6,8 @@ sidebar_position: 80 # SDK / API -API: This interface can be used to "address Netwrix Password Secure externally" in order to, for -example, read data for other programs. The API can only be accessed via our wrappers (SDK) using C# +API: This interface lets you "address Netwrix Password Secure externally" to, for +example, read data for other programs. The API can only be accessed via the wrappers (SDK) using C# and JavaScript. In the JavaScript version of the API, all enums can be found under the global object "PsrApiEnums". @@ -26,9 +26,9 @@ Server, i.e. `app-server01:11016`, must be used directly. ## Login -If you do not log in to the system in advance, it is not possible to use the API. The first +If you don't log in to the system in advance, it isn't possible to use the API. The first parameter for the login method is the desired database, followed by the user name and password. It -is important to note that all methods for running the API that initiate a server call are +is important to all methods for running the API that initiate a server call are implemented asynchronously. “Task” objects are returned in C# and “Promise” objects are returned in JavaScript. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md b/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md index 7b9ed245bc..71859e3d9b 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Basic configuration -## What is basic configuration? +## Basic configuration overview Within the basic configuration, the connection to the SQL server or to the databases is defined. The -basic configuration appears the first time the Server Manager is started and can be called up at any +basic configuration appears the first time the Server Manager is started and can be opened at any time in the basic configuration. ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_188-en.webp) @@ -22,10 +22,10 @@ A special wizard is available to carry out the configuration: #### Service address -The service address of the SQL server can be selected via the drop-down menu. It is mandatory to +The service address of the SQL server can be selected via the dropdown menu. It is mandatory to select the adapter via which the Server Manager can also access the SQL server. -The loopback address 127.0.0.1 should not be used here. +The loopback address 127.0.0.1 shouldn't be used here. #### Service user @@ -33,8 +33,10 @@ Service user This setting is used to define the service user, which is needed to service as well as the backup service. The “Use local system” setting starts the services with the local system account. -**CAUTION:** The defined service user **needs local administrator** rights to properly configure the +:::warning +The defined service user **needs local administrator** rights to properly configure the server and create databases. +::: #### SQL configuration instance @@ -43,12 +45,13 @@ simplicity, you can copy the server name from the login window of the SQL server ![installation_with_parameters_190](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_190.webp) -If the option “Service user” is selected, enter the user that logs on to the SQL Server. Please note -that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are +If the option “Service user” is selected, enter the user that logs on to the SQL Server. that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are sufficient if the database is created manually on the SQL server and is only accessed here. Enter the name of the configuration database under “Database”. -NOTE: Refer to the system requirements for server section for more information about the users. +:::note +Refer to the system requirements for server section for details about the users. +::: #### Expert mode @@ -68,8 +71,10 @@ The SSL connection certificate can also be configured under this item to protect connection. By default, a certificate is generated by the Server Manager. However, you can also choose your own. Further information can be found directly in the section provided for this purpose. -**CAUTION:** Exchanging or overwriting an existing certificate may cause warnings to the clients if -the certificate is not trusted by each client. +:::warning +Exchanging or overwriting an existing certificate may cause warnings to the clients if +the certificate isn't trusted by each client. +::: Allow host mode @@ -84,5 +89,7 @@ the database on the SQL server here. The following is cached: - The structure of the organisational units - All settings -NOTE: If this option is changed, the server needs to be restarted so that the change can take +:::note +If this option is changed, the server needs to be restarted so that the change can take effect. +::: diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md index 54b98bde4e..47f4288ee2 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md @@ -10,7 +10,7 @@ Various different certificates are used to guarantee the security of Netwrix Pas certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important that they are carefully backed up. -## What certificates are used? +## Certificates in use The individual certificates are described in the following sections: @@ -20,7 +20,7 @@ The individual certificates are described in the following sections: - [Discovery service certificates](/docs/passwordsecure/9.3/configuration/servermanager/certificates/discovery_service_certificates.md)s - [Password Reset certificates](/docs/passwordsecure/9.3/configuration/servermanager/certificates/password_reset_certificates.md) -## Calling up the certificate manager +## Opening the certificate manager There are two ways to open the certificate manager. The certificates for each specific database can be managed via the ribbon: @@ -32,8 +32,10 @@ In the **Main menu**, it is also possible to start the certificate manager for a ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) -NOTE: Operation of the certificate manager is always the same. The only difference is whether the +:::note +Operation of the certificate manager is always the same. The only difference is whether the certificates are displayed for each database or for all databases. +::: #### Checking existing certificates @@ -52,7 +54,7 @@ information. The overview will initially only display those certificates that are being used and are thus required. Clicking on **All** will also display the no longer required certificates. For example, it is possible that outdated certificates exist on the machine due to a test installation. These -certificates can be easily deleted via the corresponding button in the ribbon. +certificates can be deleted via the corresponding button in the ribbon. ![certificates-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) @@ -67,8 +69,10 @@ The relevant certificates will be backed up by clicking on export. A password fi issued here. If a storage location has not yet been entered via the settings, you are firstly asked to enter it. -NOTE: SSL connection certificates are not included in this process and are also not backed up. These +:::note +SSL connection certificates aren't included in this process and are also not backed up. These certificates can be recreated if necessary. +::: #### Settings @@ -80,5 +84,5 @@ addition, the storage location is defined in the settings. #### Backing up certificates -If you want to automatically back up the certificates on a cyclical basis, this can be done via the +To automatically back up the certificates on a cyclical basis, use the backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/database_certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/database_certificates.md index 5b3065bfeb..72392cf29a 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/database_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/database_certificates.md @@ -6,26 +6,32 @@ sidebar_position: 20 # Database certificates -## What is a database certificate? +## Database certificate overview A unique certificate is created for each database. This has the name **psrDatabaseKey**: ![installation_with_parameters_207](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_207.webp) -The database certificate **does not encrypt the database.** Rather, it is used for the encrypted +The database certificate **doesn't encrypt the database.** Rather, it is used for the encrypted transfer of passwords from the client to the server in the following cases: - Creation of a WebViewer via a task - Creation of an AD profile protected by a master key - Login of users imported from AD in Master Key mode -NOTE: The database certificate cannot be replaced by your own certificate. +:::note +The database certificate can't be replaced by your own certificate. +::: -NOTE: The expiry date for the database certificate is not checked. The certificate thus does not +:::note +The expiry date for the database certificate isn't checked. The certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that the certificate -is also transferred! +:::warning +If the database is being moved to another server, it is essential that the certificate +is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/discovery_service_certificates.md index 5a518088be..5929180ee9 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/discovery_service_certificates.md @@ -6,19 +6,25 @@ sidebar_position: 40 # Discovery service certificates -## What is a discovery service certificate? +## Discovery service certificate overview If a discovery service is created, a corresponding certificate is also created: ![installation_with_parameters_202](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_202.webp) -NOTE: The discovery service certificate cannot be replaced by your own certificate. +:::note +The discovery service certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the discovery service have an expiry date. However, this is not checked. -The certificate thus does not need to be renewed. +:::note +The certificates for the discovery service have an expiry date. However, this isn't checked. +The certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is **essential that the discovery +:::warning +If the database is being moved to another server, it is **essential that the discovery service certificate is also transferred!** +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/master_key_certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/master_key_certificates.md index 6022c03417..b255c20198 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/master_key_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/master_key_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Master Key certificates -#### What is a Master Key certificate? +#### Master Key certificate overview If Active Directory is accessed via [Masterkey mode](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), @@ -16,13 +16,19 @@ Active Directory: Domain: ![installation_with_parameters_208](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_208.webp) -NOTE: The Master Key certificate cannot be replaced by your own certificate. +:::note +The Master Key certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for Master Key mode have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for Master Key mode have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that the Master Key -certificate is also transferred! +:::warning +If the database is being moved to another server, it is essential that the Master Key +certificate is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/nps_server_encryption_certificate.md index b9957af890..62b5d6714a 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/nps_server_encryption_certificate.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/nps_server_encryption_certificate.md @@ -11,7 +11,9 @@ be added automatically. ![NPWS Server Encryption](/images/passwordsecure/9.2/configuration/server_manager/certificates/nps-server-encryption_1014x771.webp) -This certificate is important if you will activate an offline license. In future there will be more -features for which this certificate is relevant. +This certificate is required for offline license activation. Additional features that use this +certificate may be added in future releases. -RECOMMENDED: **Please export this certificate separately!!!** +:::warning +Export this certificate separately. Store it in a secure location outside of the server. +::: diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/password_reset_certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/password_reset_certificates.md index 12fd4f8ecb..37293afd73 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/password_reset_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Password Reset certificates -## What is a Netwrix Password Secure certificate? +## Netwrix Password Secure certificate overview If a [Password Reset](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, a corresponding certificate is created. This ensures that the passwords are transferred in encrypted @@ -14,13 +14,19 @@ form. ![password-reset](/images/passwordsecure/9.2/configuration/server_manager/certificates/password-reset.webp) -NOTE: The Password Reset certificate cannot be replaced by your own certificate. +:::note +The Password Reset certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the Password Reset have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for the Password Reset have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: -**CAUTION:** If the database is being moved to another server, it is essential that all Password -Reset certificate is also transferred! +:::warning +If the database is being moved to another server, it is essential that all Password +Reset certificate is also transferred. +::: #### Exporting and importing the certificate diff --git a/docs/passwordsecure/9.3/configuration/servermanager/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.3/configuration/servermanager/certificates/ssl_connection_certificates.md index c678790049..5638b4f0a3 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/certificates/ssl_connection_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 10 # SSL connection certificates -## What is an SSL connection certificate? +## SSL connection certificate overview The connection between clients and the server is secured via an SSL certificate. The **latest encryption standard TLS 1.2** is used here. It is also possible to create a certificate via the @@ -15,18 +15,22 @@ installed must trust the certificate. Otherwise, the following message will appear when the client is started: -**This connection is not trusted!** +**This connection isn't trusted!** -The connection to the server is not considered secure. +The connection to the server isn't considered secure. ![not_trusted_certificates](/images/passwordsecure/9.2/configuration/server_manager/certificates/not_trusted_certificates.webp) -NOTE: Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, +:::note +Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, and has been extended to include TLS 1.2 +::: -**CAUTION:** The service user creates the databases. A separate certificate is also generated for +:::warning +The service user creates the databases. A separate certificate is also generated for each database. Therefore, the service user must be a local administrator or a domain administrator, as otherwise they would have no rights to save data in the certificate store. +::: #### Structure of certificates @@ -40,7 +44,9 @@ certificate with the alternative applicant. Therefore, the Netwrix Password Secu stores all IP addresses for the server, as well as the hostname. When creating your own certificate, this information should also be saved under the alternative applicant. -NOTE: All information (including the IP address) are stored as DNS name. +:::note +All information (including the IP address) are stored as DNS name. +::: #### Using the Netwrix Password Secure certificate @@ -50,8 +56,10 @@ certificate is saved locally under: Local computer -> own certificates -> certificates -NOTE: The certificate is valid from its creation up to the year 9999 – and is thus valid almost -indefinitely. For this reason, it is not necessary to note any expiry date. +:::note +The certificate is valid from its creation up to the year 9999 – and is thus valid almost +indefinitely. For this reason, it isn't necessary to note any expiry date. +::: Distributing the Netwrix Password Secure certificate @@ -64,7 +72,7 @@ The certificate can be both rolled out and distributed using group guidelines. Manually importing the Netwrix Password Secure certificate -If the Netwrix Password Secure certificate is not rolled out, it is also possible to manually import +If the Netwrix Password Secure certificate isn't rolled out, it is also possible to manually import the certificate. To do this, firstly open the certificate information. In the warning notification, the Show server certificate button is available for this purpose. In the following dialogue, select the option Install certificate… @@ -82,18 +90,22 @@ selected. Finally, the installation needs to be confirmed once again. -NOTE: The user logged in to the operating system requires rights to create certificates +:::note +The user logged in to the operating system requires rights to create certificates +::: #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the -[Basic configuration](/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md). Please note that a server +[Basic configuration](/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md). That a server certificate for SSL encryption is used here. The CA must be configured so that all clients trust the -certificate. It is necessary to adhere to the certification path. +certificate. You must adhere to the certification path. -**CAUTION:** When configuring, you must ensure that the clients can access the CA lock lists +:::warning +When configuring, you must ensure that the clients can access the CA lock lists +::: Wildcard certificates -Wildcard certificates are not supported. In theory, it should be possible to use them but we cannot +Wildcard certificates aren't supported. In theory, it should be possible to use them but Netwrix can't help with the configuration. You can use wildcard certificates at your own responsibility. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/creating_databases.md b/docs/passwordsecure/9.3/configuration/servermanager/creating_databases.md index 6ba623e945..5736a007ee 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/creating_databases.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/creating_databases.md @@ -10,10 +10,10 @@ sidebar_position: 40 [https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0)[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0) -## What are databases? +## Databases overview Databases contain all information on users, records, documents, etc. The changes to objects in -Netwrix Password Secure will also become part of the MSSQL database. Naturally, the regular creation +Netwrix Password Secure will also become part of the MSSQL database. the regular creation of backups to secure this data should always have the highest priority. The **MSSQL** relational database management system is used in Netwrix Password Secure version 9. @@ -26,7 +26,7 @@ ribbon. The individual tabs of the wizard are explained below: Database server -The first tab can be used to manually select the database server. By default, the value defined in +The first tab lets you manually select the database server. By default, the value defined in the Advanced settings is preset. A user can also be entered or the service user can be selected instead. @@ -38,7 +38,7 @@ databases. Data -This setting can be used to define whether a template should be used. The template will provide the +This setting lets you define whether a template should be used. The template will provide the database with ready-made forms and dashboard settings that make it easier to get started. The user can select from English and German templates. However, it is also possible to proceed without a template – you will then start with a completely empty database. If you have a backup from Password diff --git a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_firewall.md b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_firewall.md index 8aaed30693..ffa4dbc8d2 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_firewall.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_firewall.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Database firewall -## What is the database firewall? +## Database firewall overview -The database firewall enables you to regulate access to the database. A whitelist policy is used for +The database firewall lets you regulate access to the database. A whitelist policy is used for this process. Firewall rules are used to allow access to the database in individual cases. #### Activating the firewall @@ -27,7 +27,7 @@ The rules already set are displayed in the section on the right. The icons ![+](/images/passwordsecure/9.2/configuration/server_manager/database_properties/+.webp) and ![-](/images/passwordsecure/9.2/configuration/server_manager/database_properties/-.webp) -can be used to add or also delete rules. Rules can be edited by double clicking on them. +lets you add or also delete rules. Rules can be edited by double clicking on them. ![firewall rule](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_230-en.webp) @@ -41,10 +41,12 @@ The following possibilities exist: - The setting Grant access defines whether access is allowed or blocked. This is symbolised by a corresponding icon. -Naturally, the rules can also be combined. It is thus possible e.g that only one defined user can +the rules can also be combined. It is thus possible e.g that only one defined user can access one database from a certain IP address. -NOTE: The conditions are always combined using AND operators +:::note +The conditions are always combined using AND operators +::: If two or more rules overlap, the rule with the least rights will always be applied. For example, if a rule allows access from a range of IP addresses but another rule blocks a specific computer within @@ -68,8 +70,7 @@ is blocked using this rule. Blocking an individual user (Rule 3) -If you want to block a particular user (perhaps because they have left the company) then this is -also possible. +To block a particular user (perhaps because they have left the company), create a rule as shown. Computer-independent access for a user (Rule 4) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_properties.md b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_properties.md index 78c1c1d996..d951fe2fcb 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_properties.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_properties.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Database properties -The properties of a database can be opened by double-clicking on the database. No login to the +The properties of a database can be opened by double-clicking on the database. No log in to the database is required. ![installation_with_parameters_225](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_225.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/general_settings_admin_client.md b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/general_settings_admin_client.md index cf18266eb4..4749d4aef1 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/general_settings_admin_client.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/general_settings_admin_client.md @@ -6,7 +6,7 @@ sidebar_position: 10 # General settings -## What are general settings? +## General settings overview Within the general settings, surface settings regarding the colour scheme as well as the language used are configured. The password for logging in to the Server Manager can also be changed here. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/syslog.md b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/syslog.md index cdef69d3b5..31443911c4 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/syslog.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/syslog.md @@ -8,10 +8,10 @@ sidebar_position: 20 If desired, the server logs and also the **[Logbook](/docs/passwordsecure/9.3/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog -server. Double clicking on a database allows you to access its settings. The corresponding menu +server. Double clicking on a database lets you access its settings. The corresponding menu items can be found there. ![installation_with_parameters_232](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) -After activating the Syslog interface via the corresponding option, it is possible to configure the +After activating the Syslog interface via the corresponding option, you can configure the Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/advanced_settings.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/advanced_settings.md index 418044d227..ddfb736cd9 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/advanced_settings.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/advanced_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Advanced settings -## What are advanced settings? +## Advanced settings overview Global standard default values are specified in the advanced settings. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md index 0defce7bf3..d80354c671 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Automatic backup cleanup -It is possible to delete backups automatically after a certain period of time. This can be useful if +You can delete backups automatically after a certain period of time. This can be useful if you append date and time to the backups and thus generate new files daily. ![automatic cleanup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md index b2945e27e0..09aa8d0a33 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md @@ -8,9 +8,9 @@ sidebar_position: 10 #### Introduction -Regular backups of the data should always be part of every security concept. If you wish to create -backups directly on the SQL server, you should also include the Netwrix Password Secure databases. -If no central backups are carried out at the SQL level, you can create backup profiles using the +Regular backups of the data should always be part of every security concept. To create +backups directly on the SQL server, include the Netwrix Password Secure databases. +If no central backups are performed at the SQL level, you can create backup profiles using the Server Manager. The backups themselves will then be generated on the SQL Server. #### Difference between an incremental and full backup @@ -21,7 +21,7 @@ beginning will be saved. This saves both time and memory capacity. #### Backup concept -It is recommended that an incremental backup is run every hour. In addition, a full backup should be +An incremental backup is run every hour. In addition, a full backup should be created once a week. #### Managing the backup schedule @@ -36,7 +36,9 @@ the directory for the backups. ![new backup profile - base settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_257-en.webp) -NOTE: It must be a directory on the SQL server. +:::note +It must be a directory on the SQL server. +::: Now set the time interval for creating the backups. A preview on the right will show when the backups will be created in future. An end date can be optionally entered. @@ -45,8 +47,8 @@ backups will be created in future. An end date can be optionally entered. In the advanced settings, you can configure whether the backup should be activated directly. It is also possible to specify whether to create incremental backups. If the date and time are added to -the file name, a new backup is created with each run. If this is not done, the last backup is always -overwritten. The service user can be used to create the backup or a service user can be specified +the file name, a new backup is created with each run. If this isn't done, the last backup is always +overwritten. The service user lets you create the backup or a service user can be specified with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup @@ -59,13 +61,13 @@ Backup run The backups are executed by the SQL server in the background. If an error occurs, this is indicated in “orange” in the backup list. Information about any errors issued by the SQL server is displayed -under all backups. A backup will be automatically deactivated if it does not run 5x in a row. This -will be marked in the list in red. The schedule cannot be reactivated directly. You will need to +under all backups. A backup will be automatically deactivated if it doesn't run 5x in a row. This +will be marked in the list in red. The schedule can't be reactivated directly. You will need to open it and amend it. Other backup actions -A selected schedule can be deleted via the ribbon. The wizard for a schedule can be called up by +A selected schedule can be deleted via the ribbon. The wizard for a schedule can be opened by double-clicking on it to make any changes. In addition, a backup can be started directly via the ribbon at any time. The backup service must be running for this purpose. You can also display this in the history. @@ -79,7 +81,7 @@ existing databases. Firstly, select the required database. You can now select In If necessary, firstly enter login data for the user that logs in to the SQL server – although the service user is generally used here. Now select the backup file. All the backups contained in the -file will then be displayed. Now simply click on Restore to restore the backup to the existing +file will then be displayed. Click Restore to restore the backup to the existing database. ![Database restore](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_261-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_settings.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_settings.md index 6bc2bd279f..7a0ffc56ec 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_settings.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_settings.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Backup settings -## What are backup settings? +## Backup settings overview Within the backup settings the default values for the execution of backups can be defined. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md index e7afd1e38f..202162926e 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -6,33 +6,33 @@ sidebar_position: 30 # Disaster recovery scenarios -#### Finding a quick solution in the event of a disaster +#### Finding a quick solution after a disaster -In our experience, Netwrix Password Secure is usually installed in IT in a central location. If the +In the experience, Netwrix Password Secure is usually installed in IT in a central location. If the system fails, it must be possible to gain access to the passwords again as quickly as possible. This -section is designed to help you quickly find a solution in the event of a problem. +section is designed to help you quickly find a solution if a problem occurs. #### Prevention It is extremely important to create a sensible recovery plan and to make corresponding preparations. -Unfortunately, it is not possible to supply a finished recovery plan because it always needs to be +Unfortunately, it isn't possible to supply a finished recovery plan because it always needs to be created individually. The following points should be taken into account in this process: Creating backups -It is of course essential in the event of a disaster that you can access a backup that is as -up-to-date as possible. Therefore, it is necessary to regularly create +It is of course essential during a disaster that you can access a backup that is as +up-to-date as possible. Therefore, you must regularly create [Backup management](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -Who is responsible in the event of a disaster? +Who is responsible during a disaster? -The first thing to decide is who should take action in the event of a disaster. Corresponding +The first thing to decide is who should take action during a disaster. Corresponding deputies should also be defined. The responsible employee should have the corresponding rights within Netwrix Password Secure. Providing the required passwords -What passwords do those people responsible need in order to restore Netwrix Password Secure? +What passwords do those people responsible need to restore Netwrix Password Secure? - Domain password to log into the specific computer - Password for the Server Manager @@ -75,7 +75,7 @@ Solution: Install the database server on new hardware. If the server name changes as a result, the licence needs to be reactivated. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. If the SQL instance name changes, the connection to the -database server needs to be reconfigured on the application server. This is carried out via the +database server needs to be reconfigured on the application server. This is performed via the basic configuration. Any existing offline databases will continue to function properly. @@ -93,7 +93,7 @@ it may be that the licence can only be released again by Netwrix. The basic conf completed to restore the connection to the database server. If the server name changes, the database profile on the client needs to be amended. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 4 @@ -108,7 +108,7 @@ Restore the database from the backup. The basic configuration must be completed connection to the database server. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 5 @@ -119,5 +119,5 @@ As for Scenario 4 but the Active Directory is also not available. Solution: As described for scenario 4. If the user was imported in end-to-end mode, you can also log in -without an AD connection. Users imported in Masterkey mode cannot log in. Therefore, it is +without an AD connection. Users imported in Masterkey mode can't log in. Therefore, it is recommended that you create special, local emergency users for such cases. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md index da50be8937..96f6de3d2a 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # License settings -## What are license settings? +## License settings overview Licenses for the Netwrix Password Secure are managed within the license settings. In addition, all current license details are displayed in the window provided for this purpose. @@ -15,8 +15,9 @@ current license details are displayed in the window provided for this purpose. ## Licenses -**CAUTION:** Version 7 licenses cannot be used for Netwrix Password Secure version 9. “Please -contact us”: http: //www.passwordsafe.de to obtain a version 9 license. +:::warning +Version 7 licenses can't be used for Netwrix Password Secure version 9. Contact Netwrix at http://www.passwordsafe.de to obtain a version 9 license. +::: Licenses are linked via the Netwrix license server. Here are the details: @@ -27,7 +28,7 @@ Licenses are linked via the Netwrix license server. Here are the details: Ensure that this server is accessible. You may also use Proxy servers. The license is retrieved from the server and stored in the server configuration. The license will be checked every hour, and updated as required. The retention time is 30 days. If there is no internet connection, you can -continue to work for 30 days. If this period should cause problems, please contact us. +continue to work for 30 days. If this period should cause problems, contact Netwrix support. #### Integrating and managing licenses @@ -36,15 +37,19 @@ After purchase, you will receive the required license information in the form of Activate button to establish a connection to the license server. You can select the acquired licenses from a list. The license can be now used. -NOTE: Optionally, you may specify a proxy. By default, the proxy stored in the operating system is +:::note +Optionally, you may specify a proxy. By default, the proxy stored in the operating system is used. +::: -**CAUTION:** The licence is called up in the context of the service user. If you experience +:::warning +The licence is opened in the context of the service user. If you experience connection problems, the firewall and, if relevant, the proxy should be checked. +::: #### How to activate the license via license file -1. Transition the file attached to this email to the Netwrix Password Secure Server(s). +1. Transition the file attached to this email to the Netwrix Password Secure servers. 2. Open the Netwrix Password Secure Server Manager. 3. Open the main menu and select the License settings area. 4. Open the License file tab. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/main_menu.md b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/main_menu.md index a6207936a0..6217342a80 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/main_menu.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/main_menu.md @@ -6,11 +6,11 @@ sidebar_position: 90 # Main menu -## What is the main menu? +## Main menu overview The operation and structure of the Main menu/Backstage menu is the same for the [Main menu](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used -independently of the currently selected module. +independently of the selected module. - [General settings](/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/general_settings_admin_client.md) - [Backup settings](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/database_settings.md index 2eb061c0e9..9bdc579e64 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/database_settings.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/database_settings.md @@ -6,8 +6,8 @@ sidebar_position: 10 # Database settings -To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively -you can open the context menu with the right mouse button and click on "Properties". In the next +To open the settings of a database, select it and click "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click "Properties". In the next step you will be asked to enter your admin password. After that a window with the settings will open. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md index ffe601dbd5..a5b1dc7683 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md @@ -6,22 +6,22 @@ sidebar_position: 30 # HSM connection via PKCS # 11 -## What is the HSM connection? +## HSM connection overview The HSM connection ensures that the certificates can be outsourced to the HSM. This ultimately leads -to an increased protection because the certificates are not directly in the server’s access. The +to an increased protection because the certificates aren't directly in the server’s access. The connection is effected via PKCS # 11. #### Requirements -In order to be able to connect an HSM, the following conditions have to be met: +To be able to connect an HSM, the following conditions have to be met: - An executable HSM has to be available. - The PKCS # 11 drivers have to be installed on the application server. - The device is set up via the Administrator database on the Server Manager. -**CAUTION:** Please note, if an HSM is to be used, the database also has to be set up thoroughly. It -is currently not possible to transfer an existing database to an HSM. +**CAUTION:** If an HSM is to be used, the database also has to be set up thoroughly. It +isn't possible to transfer an existing database to an HSM. #### Hardware compatibility @@ -44,6 +44,6 @@ The installation is set up on the Server Manager via the database settings. As soon as the HSM is connected, all server keys are transferred to the HSM. This is the database certificate. If the AD has been connected in Masterkey mode, the masterkey will also be transferred to the HSM. Then the certificates are no longer stored in the certificate store of the application -server, but centrally managed by the HSM. All other keys are not stored on the HSM, but derived from +server, but centrally managed by the HSM. All other keys aren't stored on the HSM, but derived from the masterkeys. Therefore, Netwrix Password Secure rarely accesses the HSM, for example, at server startup or at the AD Sync. As a result, the load on the HSM can be kept low. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md index 311f022a43..0a0c6f962e 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Multifactor Authentication -## What is multifactor authentication? +## Multifactor authentication overview Multifactor authentication is used to secure the logon to the by an additional factor. The actual setup takes place in the client. The configured en can then be used by any user @@ -19,5 +19,7 @@ In the Databases module, select a database and open its settings via the ribbon. In the settings you define which second factors can be used. -NOTE: If you want to use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the +:::note +To use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the corresponding checkbox. +::: diff --git a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md index 8d92779b48..fa2fb8bcf3 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Session timeout Here you can set individually for each client when an inactive connection to the application server -is automatically terminated. Select the desired time period in the drop-down menu and save the +is automatically terminated. Select the desired time period in the dropdown menu and save the setting by clicking on **"Save"**. ![session timeout](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session-timeout-en.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/managing_databases.md b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/managing_databases.md index 108614f30a..d5836f34ec 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/managing_databases.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/managingdatabases/managing_databases.md @@ -15,13 +15,13 @@ button or also via the ribbon. ## Database settings -All database settings are saved in the database. It is necessary to log in to the database before -editing the settings. Any user that exists in the database can be used for this purpose. You can +All database settings are saved in the database. You must log in to the database before +editing the settings. Any user that exists in the database works for this purpose. You can always restore Global settings via the ribbon. Multifactor authentication -This area can be used to configure which services will be used for multi-factor authentication. The +This area lets you configure which services will be used for multi-factor authentication. The available services are: RSA Secure ID, SafeNet, YubiKey NEO, and YubiKey Nano. After selecting the required service, specify the respective access data. You must also configure various services. In this case, you can specify on the client which methods will be used by the individual users. @@ -40,9 +40,11 @@ If desired, the logbook, **notifications, session recordings** and also the **hi can be automatically cleaned up here. You merely have to enter how old the data needs to be before it is deleted. Logbook entries can be exported before the deletion process. -**CAUTION:** It is important to note that the logbook is also used for the filter functions. If the +:::warning +the logbook is also used for the filter functions. If the logbook is regularly cleaned up, it is possible that the full functions of the filter will no longer be available. +::: #### Database actions @@ -56,12 +58,12 @@ database. All locked users will be displayed in a list. The following is display - Number of login attempts - Expiry of the lock. The user can be unlocked by right-clicking on an entry. -A user can be locked manually using the corresponding button. It is necessary to select the user, +A user can be locked manually using the corresponding button. You must select the user, configure the expiration of the lock and specify a reason. Show / disconnect sessions -You can use the corresponding button to display all currently connected clients. After selecting a +You can use the corresponding button to display all connected clients. After selecting a session, the connection can be disconnected. Migration @@ -69,10 +71,12 @@ Migration Once a database has been selected, the can be started via the ribbon. This also allows multiple version 7 databases to be merged into one. -**CAUTION:** When the migration is started, the database is set to migration mode. For the duration -of the migration, it is not possible to log in to the database – users who are already logged in +:::warning +When the migration is started, the database is set to migration mode. For the duration +of the migration, it isn't possible to log in to the database – users who are already logged in will be sent a corresponding message. The sessions will, however, remain open so that users can continue working as soon as the migration is complete. +::: Certificates @@ -80,8 +84,8 @@ Management of the certificates is very important. This is described in the secti Display database users -This button can be used to call up statistics about the users in the respective databases. It shows -you which users are active in which database. Naturally, this list can also be exported. +This button lets you open statistics about the users in the respective databases. It shows +you which users are active in which database. this list can also be exported. #### Data backup diff --git a/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md b/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md index 50ab4adf26..71e7730692 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -18,8 +18,10 @@ In the new MSP version these have been replaced by the modules Customers (1) and In the MSP version, you will find the individual customer databases under the Customers module. -NOTE: The Backup module has been removed, because Netwrix Password Secure's own backup is not +:::note +The Backup module has been removed, because Netwrix Password Secure's own backup isn't suitable for environments with multiple customer databases. As a Managed Service Provider, you must back up your customer databases yourself using appropriate measures. +::: The Status and Web Application modules are identical in both versions. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/customers_module.md b/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/customers_module.md index 064b96752d..b6a6fd9932 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/customers_module.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/msp/changesintheadminclient/customers_module.md @@ -8,7 +8,7 @@ sidebar_position: 10 #### Creating a new customer -Creating a new customer is done via the Customers module (1). Here, click on New (2) in the upper +Creating a new customer is done via the Customers module (1). Here, click New (2) in the upper left corner. This applies both to customers in a test phase and to customers who are to be billed immediately. @@ -16,7 +16,7 @@ immediately. When creating a new customer, the customer name is specified under **General** (1). -If (2) is not checked, a test customer is created without billing. This is then a customer in the +If (2) isn't checked, a test customer is created without billing. This is then a customer in the test phase. If (2) is checked, a customer will be created who will be charged by Netwrix from the current month. @@ -36,7 +36,7 @@ to the on-prem version. ![License settings new customer](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/licence-new-customer-msp-en_1013x675.webp) After saving, the test customers are displayed under Test (1) and the customers to be billed under -Billed (2). When you click on a (test) customer, you will see the associated +Billed (2). When you click a (test) customer, you will see the associated information and activated options. By clicking the button Edit (3 + 4) you can make @@ -71,8 +71,8 @@ the statements of the last months (6) and a graphical representation of the cost #### Deactivating and reactivating a customer -Both test customers and customers to be billed can be deactivated, e.g. if a test customer cannot -continue testing until later or if a customer to be billed does not pay his invoice. When +Both test customers and customers to be billed can be deactivated, e.g. if a test customer can't +continue testing until later or if a customer to be billed doesn't pay his invoice. When deactivating, all data is retained and the customer can be completely restored. To deactivate a customer, select the database (1) and then Deactivate (2). diff --git a/docs/passwordsecure/9.3/configuration/servermanager/msp/msp.md b/docs/passwordsecure/9.3/configuration/servermanager/msp/msp.md index 62296b76f3..fb17f8aad3 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/msp/msp.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/msp/msp.md @@ -10,6 +10,6 @@ Whether you are a partner or an end user of Netwrix Password Secure - this help getting started with MSP and guide you safely through the configuration and operation of the software. -We are pleased that you have chosen Netwrix Password Secure for your password protection needs. +Thank you for choosing Netwrix Password Secure for your password protection needs. -We hope you enjoy discovering your new password manager! +Enjoy discovering your new password manager. diff --git a/docs/passwordsecure/9.3/configuration/servermanager/operation_and_setup_admin_client.md b/docs/passwordsecure/9.3/configuration/servermanager/operation_and_setup_admin_client.md index 4fc2f23079..40d557b624 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/operation_and_setup_admin_client.md @@ -13,8 +13,10 @@ The control elements such as the ribbon and the info and detail areas can be der section dealing with the client([Operation and Setup](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/operation_and_setup.md)). -NOTE: An initial password is required for the first login on Server Manager. The password is +:::note +An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. +::: #### Status module @@ -58,7 +60,7 @@ column headings. The period shown can be limited using . # Databases module Databases are managed in a dedicated module. All relevant information on the existing databases can -also be called up – completely without accessing the SQL server. +also be opened – completely without accessing the SQL server. ![Databases Admin Client](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/installation_with_parameters_252-en.webp) @@ -67,12 +69,12 @@ also be called up – completely without accessing the SQL server. 2. Database overview In the database overview, all databases listed alphabetically. This section can be minimised using -the arrow symbol on the top, left edge. Right-click on one of the databases to display a context +the arrow symbol on the top, left edge. Right-click one of the databases to display a context menu with all available functions. 3. Notification area -The Info area displays all the information about the database currently selected in the database +The Info area displays all the information about the database selected in the database overview. This information is ivided into the three subsections “Database summary, Data sets and Database tables”. @@ -84,7 +86,7 @@ List of recent backups. Can be sorted by date The database log is used to monitor and control the specific databases. All relevant actions for the selected database are displayed in a comprehensible manner in one list. The categorisation is -carried out in the same way as the server log according to the colours applied. +performed in the same way as the server log according to the colours applied. #### Backups module diff --git a/docs/passwordsecure/9.3/configuration/servermanager/server_manager.md b/docs/passwordsecure/9.3/configuration/servermanager/server_manager.md index b2c1407f2c..f1eea41662 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/server_manager.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/server_manager.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Server Manager -## What is the Server Manager? +## Server Manager overview The Server Manager takes care of the central administration of the databases as well as the configuration of the backup profiles. In addition, it provides the very important interface to the diff --git a/docs/passwordsecure/9.3/configuration/servermanager/settlement_right_key.md b/docs/passwordsecure/9.3/configuration/servermanager/settlement_right_key.md index 3f7d391a2a..9620742d21 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/settlement_right_key.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/settlement_right_key.md @@ -8,8 +8,8 @@ sidebar_position: 50 #### Problem Description -In the version 8.3.0.13378 passwords which cannot be decrypted for other users could be created. In -this case, individual users or even all users do not have the necessary legal key. If a user wants +In the version 8.3.0.13378 passwords which can't be decrypted for other users could be created. In +this case, individual users or even all users don't have the necessary legal key. If a user wants to reveal an affected password, the following message is displayed: ![installation_with_parameters_219_706x98](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_219_706x98.webp) @@ -63,7 +63,7 @@ should be adjusted. ###### Irreparable records (not repairable) -Irreparable passwords cannot be corrected automatically. Nevertheless, it may happen that passwords +Irreparable passwords can't be corrected automatically. Nevertheless, it may happen that passwords marked as irreparably can be corrected manually. First case @@ -80,7 +80,7 @@ current database again. Second case In the second case, there are users / roles who have the right key but not the right to claim. As -far as the number of irreparable passwords is limited, these can be used to check the form field +far as the number of irreparable passwords is limited, you can check the form field permissions manually. ![installation_with_parameters_224_762x90](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_224_762x90.webp) diff --git a/docs/passwordsecure/9.3/configuration/servermanager/setup_wizard.md b/docs/passwordsecure/9.3/configuration/servermanager/setup_wizard.md index bf618d3364..d8a1b1dfd8 100644 --- a/docs/passwordsecure/9.3/configuration/servermanager/setup_wizard.md +++ b/docs/passwordsecure/9.3/configuration/servermanager/setup_wizard.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Setup wizard -## What is the setup wizard? +## Setup wizard overview The setup wizard contains all relevant settings for setting up Netwrix Password Secure. The individual points can also be changed later on. Separate sections are available for each. @@ -20,12 +20,14 @@ and properly documented. It can be subsequently changed in the ![setup-wizard-ac-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) -NOTE: The initial password is “admin”. +:::note +The initial password is “admin”. +::: #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md) +This step can also be performed later “in the [License settings](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -48,7 +50,7 @@ can copy the server name from the login window of the SQL server. The user that will be used to create the database on the SQL Server is also specified. The user therefore needs **dbCreator** rights. Alternatively, you can use the service user for this purpose. -The “Advanced” button allows you to specify a **Connection String.** +The “Advanced” button lets you specify a **Connection String.** #### SMTP server @@ -58,7 +60,7 @@ later on. ![setup-wizard-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) -Once the data has been entered and successfully tested, the wizard can be completed by clicking on +After the data has been entered and successfully tested, the wizard can be completed by clicking on “Finish”. Security notes @@ -68,7 +70,9 @@ As soon as the setup wizard has been completed, two security notes will be displ module that need to be confirmed. -**CAUTION:** It is recommended that you only confirm the security notes when the corresponding point -has actually been carried out. It is absolutely essential to ensure that regular +:::warning +you only confirm the security notes when the corresponding point +has actually been performed. It is absolutely essential to ensure that regular [Backup management](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/backupsettings/backup_management.md) are created and the [Certificates](/docs/passwordsecure/9.3/configuration/servermanager/certificates/certificates.md) are backed up. +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md index a2f807a1b2..cc438e03a8 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/application.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Application -The following functions are currently available in the **Application module**: +The following functions are available in the **Application module**: Web & SAML applications: @@ -14,8 +14,10 @@ Web & SAML applications: - Manage - Delete -NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of +:::note +A detailed explanation of how to configure SAML can be found in the chapter “Configuration of SAML” +::: General functions: @@ -26,5 +28,7 @@ General functions: - Quick view - Connect password -NOTE: The Web Application module Applications is based on the client module of the same name +:::note +The Web Application module Applications is based on the client module of the same name “Applications”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md index 8a87958f40..8e74ce03b7 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/documents_web_application.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Documents -The following functions are currently available in the **Document module:** +The following functions are available in the **Document module:** - New New document can be added in the following ways: @@ -26,5 +26,7 @@ The following functions are currently available in the **Document module:** - Print - History -NOTE: The Web Application module **Documents** is based on the client module of the same name +:::note +The Web Application module **Documents** is based on the client module of the same name “Documents”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md index bbcc9fad6f..610483c1cf 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/forms_module.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Forms module -The following functions are currently available in the **forms module**: +The following functions are available in the **forms module**: - Add - Open @@ -19,5 +19,7 @@ The following functions are currently available in the **forms module**: - Print - Export -NOTE: The Web Application module **forms** is based on the client module of the same name. Both +:::note +The Web Application module **forms** is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md index 3308e1b963..47e604f3f5 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/logbook_web_application.md @@ -11,12 +11,14 @@ The **logbook module** exists of the following features: - Filter function - Quick view -NOTE: The Web Application module logbook is based on the same called client module logbook. Both +:::note +The Web Application module logbook is based on the same called client module logbook. Both modules differ in range and design. However, the handling is almost the same. +::: Differences to the logbook on the Client: -The following options are not available yet in the **Web Application**. If needed, you can use them +The following options aren't available yet in the **Web Application**. If needed, you can use them on the Client. - Documents diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md index 20bc47f9f0..a9278a74bf 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Organisational structure module -The following functions are currently available in the **organisational structure module**: +The following functions are available in the **organisational structure module**: - Adding/editing/deleting/authorizing users / organisational structures - Notifications @@ -18,8 +18,10 @@ The following functions are currently available in the **organisational structur - Changing passwords - Print -NOTE: The Web Application module organisational structure is based on the client module of the same +:::note +The Web Application module organisational structure is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## AD connection in the Web Application @@ -68,6 +70,6 @@ Now you can add the appropriate roles and users. You can add users and roles in different ways: - Add the appropriate roles and users at the toolbar under **Search and add**. -- Click on the loupe to see all the users and roles. +- Click the loupe to see all the users and roles. ![installation_with_parameters_165](/images/passwordsecure/9.2/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md index 5fb3565408..c9572a6b3e 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -6,11 +6,11 @@ sidebar_position: 10 # User management -## How are the users managed in the Web Application? +## User management in the Web Application The user management strongly depends on whether the Active Directory has been connected or not. In Master Key mode, the Active Directory remains the leading system. In all other modes, the user -administration is carried out via the organisational structure module. +administration is performed via the organisational structure module. #### Creating local users diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md index f2b835195d..fd2e7a73d5 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/password_module.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password module -The **Password Module** currently provides the following functions: +The **Password Module** provides the following functions: - Create - Delete @@ -50,6 +50,8 @@ The **Password Module** currently provides the following functions: - Export - WebViewer Export -NOTE: The Web Application module Password module is based on the module of the same name that is +:::note +The Web Application module Password module is based on the module of the same name that is located in the client. Both modules differ in scope and design, but are nevertheless almost identical in terms of operation. +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md index 55a5e66583..e70420247a 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/roles_module.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Roles module -The following functions are currently available in the **roles module:** +The following functions are available in the **roles module:** - Add - Delete diff --git a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md index 8facda3781..43b1e69401 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/tag_system.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Tag system -The tag system currently offers the following functions: +The tag system offers the following functions: - Add - Delete diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md index 394d9fdac9..6e3b981f47 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Filter or structure area -As is also the case on the client, it is possible to select between filter and structure. For this +As is also the case on the client, you can select between filter and structure. For this purpose, the following buttons are available on the navigation bar ![installation_with_parameters_169](/images/passwordsecure/9.2/configuration/web_application/operation/filter_or_structure/installation_with_parameters_169.webp) @@ -20,7 +20,7 @@ characteristics specific to the Web Application will be described here. Using the filter Operation of the “Web Application filter” barely differs from the operation of the client filter. It -is only necessary to note that the Clear filter and Apply filter buttons can be found above the +is only necessary to the Clear filter and Apply filter buttons can be found above the filter. The configuration settings can also be found directly above the Web Application filter. Configuring the filter diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md index 55ca383fb0..040f79460b 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/footer.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Footer -The footer displays various different information about the currently selected record in multiple +The footer displays various different information about the selected record in multiple tabs. It can be activated or deactivated using the small arrow on the far right. The footer is hidden by default. @@ -27,7 +27,7 @@ The history can also be displayed via a corresponding tab. 4. Documents -The documents tab can be used to access all linked documents. +The documents tab lets you access all linked documents. 5. Notifications diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md index 34f1e960c8..69c01b94e6 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/header.md @@ -20,7 +20,7 @@ As is also the case on the client, the filter or structure area can be displayed 3. Modules -As is also the case on the client, modules like passwords, organisational structures, roles and +As is also the case on the client, modules like passwords, organisational structures, roles, and forms can be managed here. 4. Quick search @@ -30,15 +30,15 @@ fields of the complete database except the password field. The tags are still se 5. Quick search -Upcoming tasks like export, import, print and so on are displayed here. +Upcoming tasks like export, import, print, and so on are displayed here. 6. Notifications -here you will be informed about incoming notifications. The notification can also be called up by +here you will be informed about incoming notifications. The notification can also be opened by clicking on it. 7. Account -The user who is currently logged in can be seen under account. You can log out by clicking on the -account. It is also possible to call up the settings in +The user who is logged in can be seen under account. You can log out by clicking on the +account. It is also possible to open the settings in [Account](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md index 4daef08c80..c5f516abe3 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md @@ -6,11 +6,11 @@ sidebar_position: 50 # List view -## What is list view? +## List view overview The central element of the navigation in the Web Application is list view, which clearly presents the filtered elements. As list view in the Web Application provides the same functions as list view -in the client, we refer you at this point to the +in the client, refer to the [List view](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/list_view.md) section. ![installation_with_parameters_176](/images/passwordsecure/9.2/configuration/web_application/operation/list_view/installation_with_parameters_176.webp) @@ -19,5 +19,5 @@ in the client, we refer you at this point to the The list view differs from that on the client in the following areas: -- List view cannot be individually configured +- List view can't be individually configured - There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md index bca395d731..1ef0d65045 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Menu -## What is the menu? +## Menu overview The ribbon on the client has been replaced by a menu on the Web Application. The menu thus represents the central operating element on the Web Application. The functions available within the -menu are dynamic and are based on the currently available actions. Different actions are possible -depending on which view is currently being used. +menu are dynamic and are based on the available actions. Different actions are possible +depending on which view is being used. #### Menu bar @@ -26,7 +26,7 @@ The size of the menu can be maximised using this button. 2. New -This option can be selected to call up the wizard for adding a new record. +This option can be selected to open the wizard for adding a new record. 3. Open @@ -52,7 +52,7 @@ to 1 to the sections of the ribbon on the client. ![Menu](/images/passwordsecure/9.2/configuration/web_application/operation/menu_bar/installation_with_parameters_175-en.webp) -In our example, the menu looks like this: +In the example, the menu looks like this: 1. New Item @@ -65,19 +65,21 @@ The actions can be used, for example, to mark the password as a Favourite or als 3. Permissions -This section does not offer any additional functions than simply opening the permissions. +This section doesn't offer any additional functions beyond opening the permissions. 4. Clipboard -This section can be used to copy all available fields to the clipboard. +This section lets you copy all available fields to the clipboard. 5. Start -A website can be called up here. +A website can be opened here. -NOTE: As already described, the menu is dynamic and thus appears in a variety of different forms. +:::note +As already described, the menu is dynamic and thus appears in a variety of different forms. However, the basic function is always the same: The menu bar contains the basis functions, while the advanced menu contains all functions. +::: 6. Extras diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md index 441ad58af3..d2559b5862 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -12,7 +12,7 @@ The navigation bar provides the following functions. 1. Filter -This function can be used to switch the view to the filter in the left section. You also have the +This function lets you switch the view to the filter in the left section. You also have the possibility to switch from filter to structure. 2. Tabs diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md index d5412b3bd2..c9116b4e42 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -6,13 +6,13 @@ sidebar_position: 20 # Settings -The settings are called up via the [Navigation bar](/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are +The settings are opened via the [Navigation bar](/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language -You can select German or English here by simply clicking on them. The change is made immediately and -does not require you to restart the browser. +You can select German or English here by clicking on them. The change is made immediately and +doesn't require you to restart the browser. #### Extras @@ -22,11 +22,11 @@ Here you have the possibility to manage templates for seals. Tag management -The tag management allows you to manage the tags. +The tag management lets you manage the tags. Image management -With the image management, you can manage your icons and logos easily and quickly. +With the image management, you can manage your icons and logos. ![image management](/images/passwordsecure/9.2/configuration/web_application/operation/navigation_bar/settings/installation_with_parameters_179-en.webp) @@ -58,7 +58,7 @@ The management of these settings is based on the client. Further information can global [User rights](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/userrights/user_rights.md) and [User settings](/docs/passwordsecure/9.3/configuration/advancedview/mainmenufc/usersettings/user_settings.md) -The following settings are not available on the Web Application: +The following settings aren't available on the Web Application: - Customizable window caption - Permitted document extensions @@ -67,4 +67,4 @@ The following settings are not available on the Web Application: Account -Here it is possible to change the password of the logged in user. +Here you can change the password of the logged in user. diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md index ae78273a68..ac4ba8e58b 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -6,7 +6,7 @@ sidebar_position: 10 # User menu -The user menu can be found in the upper right corner of the Web Application. A right click on the +The user menu can be found in the upper right corner of the Web Application. A right click the logged in user opens it. #### Options in the user menu @@ -23,15 +23,15 @@ In the bin you can manage your deleted passwords. Help -A click on help takes you directly to the Netwrix Password Secure documentation page. +A click help takes you directly to the Netwrix Password Secure documentation page. Switch to Basic view -What the Basic view is able to do in the web view can be inspected here. +What the Basic view can do in the web view can be inspected here. Lock -This locks the user who is currently logged in and only needs to enter his password to use the web +This locks the user who is logged in and only needs to enter his password to use the web client again. Log out diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md index ceb4af9fd8..e957c5f304 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/operation.md @@ -10,8 +10,10 @@ Operation of the Web Application has been based as far as possible on the operat Password Secure client. Nevertheless, there are some differences that need to be noted and they are described here. -NOTE: There is also a Basic view in the Web Application. Everything worth knowing can be found at +:::note +There is also a Basic view in the Web Application. Everything worth knowing can be found at the following link: web view Basic view +::: #### Login @@ -37,17 +39,19 @@ parameters are used here: - **database** for transferring the database nam - **username** for transferring the user name -The parameters are simply attached to the URL for the Web Application and separated from one another +The parameters are attached to the URL for the Web Application and separated from one another with a **&**. Example -You want to call up the Web Application under **https://psr_Web Application.firma.com.** In the +You want to open the Web Application under **https://psr_Web Application.firma.com.** In the process, you want the login mask to be directly filled with the database **Passwords** and the user name **Anderson**. The following URL is then used: **https://psr_Web Application.firma.com/authentication/ login?database=Passwords&username=Anderson** -NOTE: It is possible to only transfer the database. The user name is not absolutely necessary. +:::note +You can only transfer the database. The user name isn't absolutely necessary. +::: #### Structure @@ -61,11 +65,11 @@ The header provides access to some essential functions. 2. [Navigation bar](/docs/passwordsecure/9.3/configuration/webapplication/operation/navigationbar/navigation_bar.md) -It is possible to switch between module and filter view on the navigation bar. +You can switch between module and filter view on the navigation bar. 3. [Filter or structure area](/docs/passwordsecure/9.3/configuration/webapplication/operation/filter_or_structure_area.md) -As is also the case on the client, it is possible to select between filter and structure. +As is also the case on the client, you can select between filter and structure. 4. [Menu](/docs/passwordsecure/9.3/configuration/webapplication/operation/menu.md) @@ -73,7 +77,7 @@ The ribbon on the client has been replaced by a menu bar on the Web Application. 5. [List view](/docs/passwordsecure/9.3/configuration/webapplication/operation/list_view.md) -The records currently selected using the filter can be viewed in list view. +The records selected using the filter can be viewed in list view. 6. [Reading pane](/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md) diff --git a/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md index 79c5649d66..bb4b735ba9 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/operation/reading_pane_webclient.md @@ -6,10 +6,10 @@ sidebar_position: 60 # Reading pane -## What is the reading pane? +## Reading pane overview As with the list view, the reading pane on the Web Application is almost identical to that on the -client. Therefore, we also refer you here to the corresponding +client. Refer to the corresponding [Reading pane](/docs/passwordsecure/9.3/configuration/advancedview/operationandsetup/reading_pane.md) section. ![reading_pane](/images/passwordsecure/9.2/configuration/web_application/operation/reading_pane/reading_pane.webp) @@ -18,4 +18,6 @@ Various information is displayed on the header – as is the case with the clien tags for the records or information on whether the record is public or private. Password masking is also symbolised here. -NOTE: There are – as is usual in a browser – no context menus +:::note +There are – as is usual in a browser – no context menus +::: diff --git a/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md b/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md index 1e865a1aa2..b5f21c27e8 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/problems_with_the_server_connection.md @@ -23,5 +23,5 @@ Port 11016 TCP must be released on the application server. CORS not configured -Make sure that the CORS configuration has been implemented. Further information can be found in +Ensure that the CORS configuration has been implemented. Further information can be found in chapter Installation Web Application diff --git a/docs/passwordsecure/9.3/configuration/webapplication/web_application.md b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md index cede5c182c..cdda9d5b12 100644 --- a/docs/passwordsecure/9.3/configuration/webapplication/web_application.md +++ b/docs/passwordsecure/9.3/configuration/webapplication/web_application.md @@ -12,13 +12,13 @@ The previous WebAccess function has been replaced by the **Web Application” in Secure version** **8.3.0. The completely newly developed \*Web Application** will act as the basis for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be -constantly enhanced. All of the currently available functions can be viewed in the +constantly enhanced. All of the available functions can be viewed in the [Functional scope](/docs/passwordsecure/9.3/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/images/passwordsecure/9.2/configuration/web_application/installation_with_parameters_159.webp) **Netwrix Password Secure Web Application** enables platform-independent access to the database via -a browser. It is irrelevant whether you are using Microsoft Windows, macOS or Linux, it is only +a browser. It is irrelevant whether you are using Microsoft Windows, macOS, or Linux, it is only necessary for javascript to be supported. As the **Netwrix Password Secure Web Application** has a responsive design, it can also be used on all mobile devices such as tablets and smartphones. diff --git a/docs/passwordsecure/9.3/enduser/advancedview.md b/docs/passwordsecure/9.3/enduser/advancedview.md index 4a2f16458c..27e34c642e 100644 --- a/docs/passwordsecure/9.3/enduser/advancedview.md +++ b/docs/passwordsecure/9.3/enduser/advancedview.md @@ -8,13 +8,13 @@ sidebar_position: 50 Curious about how you can manage your team in Netwrix Password Secure? -Learn more about how to … +Discover how to … - Share passwords masked / only for a limited time (i.e. with working students or interns) - Separately authorize the disclosure of passwords - View the password quality and monitor all actions in your team - View the reasons given by your team members for revealing passwords in plain text -- And much more! +- And more -Simply contact your IT department for further information on the advanced view of Netwrix Password +Contact your IT department for further information on the advanced view of Netwrix Password Secure. diff --git a/docs/passwordsecure/9.3/enduser/browserextension.md b/docs/passwordsecure/9.3/enduser/browserextension.md index 69c596e1b5..8eb061446b 100644 --- a/docs/passwordsecure/9.3/enduser/browserextension.md +++ b/docs/passwordsecure/9.3/enduser/browserextension.md @@ -9,24 +9,26 @@ sidebar_position: 10 First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this also means that managing - and logging in with them - is easier and saves time! That's why you need the browser extension to save yourself the hassle of typing in passwords in future and to be logged -in to all your website accesses with just one click! +in to all your website accesses with one click. Step 1 – Is your browser extension already installed? You can find out by: - Looking for this icon next to the URL input field in your browser. See the icon in the top bar of - the screenshot below. + the following screenshot. - Opening the Password Secure Web App, logging in and scrolling down: If not installed yet, you can find the download link in the footer. See the Download Edge Extension link in the bottom center of - the screenshot below. + the following screenshot. ![downloadextension](/images/passwordsecure/9.2/enduser/downloadextension.webp) -NOTE: If you need more information about installing the browser extension, please visit the -following topic in our documentation: +:::note +If you need more information about installing the browser extension, visit the +following topic in the documentation: [Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) +::: -Step 2 – After downloading, the browser extension is simply dragged and dropped into the browser. -See the Get button in the upper-right section of the screenshot below. +Step 2 – After downloading, drag and drop the browser extension into the browser. +See the Get button in the upper-right section of the following screenshot. ![getextension](/images/passwordsecure/9.2/enduser/getextension.webp) @@ -35,15 +37,15 @@ to "add the extension". ![addextension](/images/passwordsecure/9.2/enduser/addextension.webp) -Step 4 – Please open or reload the web application of Netwrix Password Secure (see link in email +Step 4 – open or reload the web application of Netwrix Password Secure (see link in email from your administrator) to connect your user profile with the extension. See the lock icon in the -screenshot below. +following screenshot. ![extensionadded](/images/passwordsecure/9.2/enduser/extensionadded.webp) -Step 5 – Now click on this icon in your browser to open the browser extension. See the Adopt Select -**Adopt Web Application profile**. Done! +Step 5 – Now click this icon in your browser to open the browser extension. See the Adopt Select +**Adopt Web Application profile**. ![nodatabaseprofile](/images/passwordsecure/9.2/enduser/nodatabaseprofile.webp) -RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand! +RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand. diff --git a/docs/passwordsecure/9.3/enduser/cleanuppasswords.md b/docs/passwordsecure/9.3/enduser/cleanuppasswords.md index f97813b05b..33d48e2579 100644 --- a/docs/passwordsecure/9.3/enduser/cleanuppasswords.md +++ b/docs/passwordsecure/9.3/enduser/cleanuppasswords.md @@ -6,21 +6,21 @@ sidebar_position: 20 # Clean up Your Passwords -For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This +For a clean relocation of passwords, clean up all your passwords beforehand. This means to check which secrets are still up-to-date or if there are any duplicates you can remove -first! +first. ## Transer Data from Your Browser With Netwrix Password Secure, you now have the right tool to save and manage all your secrets handy -at one place and above all a safe alternative to browser-saved passwords! But how can you now +at one place and a safe alternative to browser-saved passwords. How can you now securely import them to your new solution? -Simply do this: +Do this: -Step 1 – Every time you login to a website now and your browser wants to autofill, this Password +Step 1 – Every time you log in to a website now and your browser wants to autofill, this Password Secure Pop-up will appear, asking you if you would like to save your secret in Netwrix Password -Secure. Just click **Create new**. See the screenshot below. +Secure. Click **Create new**. See the following screenshot. ![createnew](/images/passwordsecure/9.2/enduser/createnew.webp) @@ -36,34 +36,34 @@ above. ## Check for Weak Passwords -Your passwords do not automatically become secure after they have been transferred to Netwrix +Your passwords don't automatically become secure after they have been transferred to Netwrix Password Secure. No matter how well protected a password is - if it is easy for a hacker to guess, -they don't need access to the password manager to use it. This is why our solution automatically +they don't need access to the password manager to use it. This is why the solution automatically checks the strength of your password and much more. Step 1 – Paste your password in the password field. See the box to the right of the Password field -in the screenshot below. +in the following screenshot. ![passwordfield](/images/passwordsecure/9.2/enduser/passwordfield.webp) -Step 2 – If it is not classified as "strong" (green), we strongly recommend using the integrated -password generator to assign a new, secure password: Therefore, just click on the white password -generator icon to the right of the password field. See the Strong button in the screenshot above. +Step 2 – If it isn't classified as "strong" (green), Netwrix strongly recommends using the integrated +password generator to assign a new, secure password: Click the white password +generator icon to the right of the password field. See the Strong button in the preceding screenshot. -Step 3 – The password generator will open. A secure password is created automatically just click -“Apply”. (Learn more about the possibilities of our password manager in the next chapter.) +Step 3 – The password generator will open. A secure password is created automatically. Click +“Apply”. (The next chapter covers additional password manager capabilities.) ![passwordgenerator](/images/passwordsecure/9.2/enduser/passwordgenerator.webp) Step 4 – Now don't forget to replace your password in the target application as well. -**Great side effect!** The access data stored in your browser is no longer up to date and therefore -no longer a danger! You should also think about deleting these passwords from your browser +**Side effect:** The access data stored in your browser is no longer up to date and therefore +no longer a danger. You should also consider deleting these passwords from your browser permanently. ## Create Strong Passwords -The password generator offers three possibilities to create a secure password. To open it, click on +The password generator offers three possibilities to create a secure password. To open it, click “Create password” and then on the password generator icon right to the password field. Step 1 – Create a user defined password which gives you the most options such as including and @@ -75,10 +75,12 @@ Step 2 – Create a phonetic password that is easier to pronounce, but still com ![phonetic](/images/passwordsecure/9.2/enduser/phonetic.webp) -NOTE: This option is best suited for passwords that must be read and typed in, such as operating +:::note +This option is best suited for passwords that must be read and typed in, such as operating machines without an internet connection. +::: Step 3 – Create a password according to a set password rule in your company: If your IT has already -stored password guidelines for you, you can select them here and simply click on apply. +stored password guidelines for you, you can select them here and click apply. ![rule](/images/passwordsecure/9.2/enduser/rule.webp) diff --git a/docs/passwordsecure/9.3/enduser/createnewentry.md b/docs/passwordsecure/9.3/enduser/createnewentry.md index 0773246a8e..5c31b6dcbb 100644 --- a/docs/passwordsecure/9.3/enduser/createnewentry.md +++ b/docs/passwordsecure/9.3/enduser/createnewentry.md @@ -1,19 +1,19 @@ --- -title: "Create a New Entry from Scratch" -description: "Create a New Entry from Scratch" +title: "Create a New Entry" +description: "Create a New Entry" sidebar_position: 30 --- -# Create a New Entry from Scratch +# Create a New Entry -Follow the steps to create a new entry from scratch. +To create a new entry: Step 1 – First, click _Create new password_ on the upper left in Netwrix Password Secure. ![createnewpassword](/images/passwordsecure/9.2/enduser/createnewpassword.webp) Step 2 – A form will open. Now choose the form you need, such as "Website," on the upper right. See -the form drop-down list in the screenshot below. +the form dropdown list in the following screenshot. ![selectform](/images/passwordsecure/9.2/enduser/selectform.webp) @@ -38,13 +38,17 @@ Step 3 – Let`s fill out the website form in this example. - Enter the password manually or use the password generator by clicking on the button in the middle (high number). The password generator will open. -NOTE: To learn more about the generating of passwords, see the -[Clean up Your Passwords](/docs/passwordsecure/9.3/enduser/cleanuppasswords.md) topic for additional information. +:::note +For details about generating passwords, see the +[Clean up Your Passwords](/docs/passwordsecure/9.3/enduser/cleanuppasswords.md) topic. +::: ![password](/images/passwordsecure/9.2/enduser/password.webp) -NOTE: By clicking on the **lock icon** right to the password generator, you can mask and unmask your +:::note +By clicking on the **lock icon** right to the password generator, you can mask and unmask your password. +::: - Enter the website URL that leads to the login. @@ -54,4 +58,4 @@ password. ![tags](/images/passwordsecure/9.2/enduser/tags.webp) -Step 4 – Click **Save**, and you are done! +Step 4 – Click **Save**. diff --git a/docs/passwordsecure/9.3/enduser/organizepasswords.md b/docs/passwordsecure/9.3/enduser/organizepasswords.md index e8efc70ae4..6a23cec90c 100644 --- a/docs/passwordsecure/9.3/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.3/enduser/organizepasswords.md @@ -11,9 +11,9 @@ sidebar_position: 40 The tab system is used to structure all your passwords: Tabs help you to make them easier to manage and find. You can create several tabs and switch between them within one click. -Follow the steps to add a team tab. +To add a team tab. -Step 1 – Click on the **Plus** sign and a form will open. +Step 1 – Click the **Plus** sign and a form will open. ![newform](/images/passwordsecure/9.2/enduser/newform.webp) @@ -32,40 +32,44 @@ assign any number of tags to your passwords to categorize and find them again qu ![assigntags](/images/passwordsecure/9.2/enduser/assigntags.webp) -To find a password, just use the search field and enter a tag like the department or position you -are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for +To find a password, use the search field and enter a tag like the department or position you +are in (i.e., “Marketing”). Netwrix Password Secure searches not only for tags, but also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). ![searchresults](/images/passwordsecure/9.2/enduser/searchresults.webp) -NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in -which this word does not appear will be displayed (i.e., all social media accounts that are used +:::note +Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in +which this word doesn't appear are displayed (i.e., all social media accounts that are used outside of marketing = "-social media marketing"). +::: ## Choose Your View Netwrix Password Secure offers two different views - the list and tile view. Just **switch the -button** on the upper right to change views! +button** on the upper right to change views. List View -The screenshot below shows the list view. +The following screenshot shows the list view. ![listview](/images/passwordsecure/9.2/enduser/listview.webp) Tile View -The screenshot below shows the title view. +The following screenshot shows the tile view. ![switchbutton](/images/passwordsecure/9.2/enduser/switchbutton.webp) When in **tile view**, you can also drag and drop the buttons on another position. By hovering over -them with the mouse, you will see more information like the username, and you can login with one +them with the mouse, you will find additional information like the username, and you can log in with one click. ![titleview](/images/passwordsecure/9.2/enduser/titleview.webp) -NOTE: The **list view** is suitable for many data sets while the tile view is particularly favorable +:::note +The **list view** is suitable for many data sets while the tile view is particularly favorable for the most frequently used secrets. +::: RECOMMENDED: Use the list view for all shared secrets and the tile view for personal accounts. diff --git a/docs/passwordsecure/9.3/enduser/overview.md b/docs/passwordsecure/9.3/enduser/overview.md index 0c153f6537..6281ed84bf 100644 --- a/docs/passwordsecure/9.3/enduser/overview.md +++ b/docs/passwordsecure/9.3/enduser/overview.md @@ -8,12 +8,12 @@ sidebar_position: 70 It is time to set up your new password management solution Netwrix Password Secure! The process won't take too long, but you should allow yourself a little time to get to know the product. As when -it comes to your IT security, it's important to make sure you get it right. Below is a step-by-step +it comes to your IT security, it's important to ensure you get it right. The following is a step-by-step guide to setting up a password manager and leading you through the first few steps. ## How to Log In -Where can I find my username and password? +Where to find the username and password You can find your login data in the email provided by your administrator. This email also contains the following information: diff --git a/docs/passwordsecure/9.3/faq/security/encryption.md b/docs/passwordsecure/9.3/faq/security/encryption.md index 06ec693fb1..e96336820a 100644 --- a/docs/passwordsecure/9.3/faq/security/encryption.md +++ b/docs/passwordsecure/9.3/faq/security/encryption.md @@ -13,19 +13,21 @@ requirements were assessed according to how safe they were. Parallel to the deve theoretical concepts of external security companies were examined in terms of feasibility, as well as compliance with IT security standards. Prototypes have been ultimately developed on the basis of these findings, which form the blueprint for the current Netwrix Password Secure version 9. The -following encryption techniques and algorithms are currently in use: +following encryption techniques and algorithms are in use: - AES-GCM 256 - PBKDF2 with 623,420 SHA256 iterations (client- and server-side) for the creation of user hashes - PBKDF2 with 610,005 SHA256 iterations for the encryption of the user keys - ECC (with the "NIST P-521" curve) for the private-public key procedure -NOTE: All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +:::note +All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +::: ## Applied cryptographic procedures Applied cryptographic procedures The container encryption of the passwords is based on the -aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, +previous algorithms. Each container has its own randomly generated salt. Each password, user, and role has its own key pair. When releases are granted for users and roles, the passwords within the database are hierarchically encrypted. Netwrix Password Secure also uses the following cryptographic methods to achieve maximum security: @@ -38,6 +40,7 @@ own certificate authority (CA) as an option. Latest version of the Secure Socket Passwords are only encrypted and transported to the client when they have been explicitly requested in advance. More… -**CAUTION:** Only secrets are encrypted. Metadata is not encrypted to ensure search speed. Secrets -are usually passwords. However, the customer can decide what kind of data they are. Note that -Secrets cannot be searched for. +:::warning +Only secrets are encrypted. Metadata isn't encrypted to ensure search speed. Secrets +are usually passwords. However, the customer can decide what kind of data they are. Secrets can't be searched for. +::: diff --git a/docs/passwordsecure/9.3/faq/security/high_availability.md b/docs/passwordsecure/9.3/faq/security/high_availability.md index 1b3ad7ffad..0e41d9b0aa 100644 --- a/docs/passwordsecure/9.3/faq/security/high_availability.md +++ b/docs/passwordsecure/9.3/faq/security/high_availability.md @@ -6,14 +6,16 @@ sidebar_position: 30 # High availability -## What is high availability? +## High availability overview High availability is designed to guarantee the further operation of Netwrix Password Secure in the -event of damage. A series of requirements need to be met in advance in order to use this feature +event of damage. A series of requirements need to be met in advance to use this feature -**CAUTION:** As the configuration of high availability is complex, it is (generally) implemented -during a consultation. If you are interested in this feature, please contact us directly or contact +:::warning +As the configuration of high availability is complex, it is (generally) implemented +during a consultation. If you are interested in this feature, contact Netwrix directly or contact your responsible partner. +::: #### Requirements @@ -21,7 +23,7 @@ The following points should be observed during the configuration. - It is essential that MSSQL Enterprise Version is used for replicating the database (even in the case of a replication across multiple locations) -- To achieve a better level of protection, we recommend operating the Netwrix Password Secure +- To achieve a better level of protection, Netwrix recommends operating the Netwrix Password Secure database on its own cluster - A Netwrix Password Secure application server needs to be licensed for each location. Every application server has its own configuration database. @@ -31,7 +33,7 @@ Load balancer - To reduce the load on the server, a load balancer can be installed upstream of the application server - If no load balancer is used, the distribution of the database profiles for the users is generally - carried out via the registry + performed via the registry If a database is set up at ”location A” including an AD profile, the certificate needs to exported there and then imported onto the server at “location B”. The database is replicated using MSSQL @@ -39,5 +41,7 @@ technology and can be integrated as an existing database into Netwrix Password S B”. If the application server at “location A” fails, the server in the registry needs to be replaced (location B) and rolled out again to users using group rules (GPO). -NOTE: Only peer-to-peer transaction replication is tested. If a different type of replication is +:::note +Only peer-to-peer transaction replication is tested. If a different type of replication is used, it should be tested in advance. +::: diff --git a/docs/passwordsecure/9.3/faq/security/penetration_tests.md b/docs/passwordsecure/9.3/faq/security/penetration_tests.md index bc05ed4133..f5871a91bd 100644 --- a/docs/passwordsecure/9.3/faq/security/penetration_tests.md +++ b/docs/passwordsecure/9.3/faq/security/penetration_tests.md @@ -10,14 +10,14 @@ sidebar_position: 20 The high security standards of Netwrix Password Secure are regularly attested by external pentests of different providers. New functions in particular are always subjected to penetration tests in -order to have them thoroughly checked before release. The resulting findings enable us to detect and +order to have them thoroughly checked before release. The resulting findings enable the team to detect and eliminate potential vulnerabilities in advance. -## Why we test regularly? +## Benefits of regular testing -In pentesting, external and certified security auditors look specifically for security gaps and +In pentesting, external, and certified security auditors look specifically for security gaps and weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the client side, the source code is checked and the quality of the cryptographic process is assessed. In this way, the security of Netwrix Password Secure and the data stored in it is tested in advance in -order to be able to offer our customers effective protection and minimize the risk of success of an +order to be able to offer the customers effective protection and minimize the risk of success of an attack. diff --git a/docs/passwordsecure/9.3/index.md b/docs/passwordsecure/9.3/index.md index 090430e8b6..3b14ead3ee 100644 --- a/docs/passwordsecure/9.3/index.md +++ b/docs/passwordsecure/9.3/index.md @@ -4,7 +4,7 @@ description: "Why Netwrix Password Secure?" sidebar_position: 1 --- -# Why Netwrix Password Secure? +# Netwrix Password Secure overview ## Users depend on passwords diff --git a/docs/passwordsecure/9.3/installation/installation_server_manager.md b/docs/passwordsecure/9.3/installation/installation_server_manager.md index 25d3710668..aeb82e78c7 100644 --- a/docs/passwordsecure/9.3/installation/installation_server_manager.md +++ b/docs/passwordsecure/9.3/installation/installation_server_manager.md @@ -36,5 +36,7 @@ After the installation, you can login directly to the Server Manager. ![Server Authentication](/images/passwordsecure/9.2/installation/installation_server_manager/server-auth-en.webp) -NOTE: The initial password for the first login is “admin”. It should be changed directly after the +:::note +The initial password for the first login is “admin”. It should be changed directly after the logon. +::: diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md index 277b83e401..630315edf2 100644 --- a/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/google_chrome.md @@ -13,12 +13,14 @@ it via the following link: [Add-on for Google Chrome](https://chrome.google.com/webstore/detail/netwrix-password-secure/bpjfchmapbmjeklgmlkabfepflgfckip). Alternatively, you can also access the Google Store via the Autofill Add-on. To do this, right-click -the icon to open the context menu. After a further click on Install Browser Extensions the Google +the icon to open the context menu. After a further click Install Browser Extensions the Google Chrome Add-on can be selected, whereupon you will be redirected directly to the Google Store. The installation is started via Add. The add-on is now installed and the icon is added to the browser. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet. +::: diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md index 8b6534686f..26ab262e2c 100644 --- a/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/microsoft_edge.md @@ -14,5 +14,7 @@ downloaded from the following link: ![Add-on Edge](/images/passwordsecure/9.2/installation/browser/addon-edge-en.webp) -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md index f42bc00077..33818332a0 100644 --- a/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/mozilla_firefox.md @@ -12,9 +12,11 @@ The installation of the Firefox Add-on is done directly from the official Store. can be downloaded from the following link: [Add-on firefox](https://addons.mozilla.org/en-US/firefox/addon/password-safe-browser-add-on/). -After the download, the add-on is simply dragged and dropped into the browser. +After the download, drag and drop the add-on into the browser. After confirming a security question, it is installed and an icon is created in the menu bar. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md b/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md index f067edad09..e1ec6b4da9 100644 --- a/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md +++ b/docs/passwordsecure/9.3/installation/installationbrowseraddon/safari.md @@ -11,5 +11,5 @@ sidebar_position: 40 The Safari Add-on can be downloaded from the following link: [Add-on Safari](https://releases.netwrix.com/products/passwordsecure/9.3/passwordsecure-MacApp-9.3.1.33994.dmg). -To install it, simply double-click on the downloaded file. A window will open where you then only +To install it, double-click the downloaded file. A window will open where you then only need to drag and drop the Netwrix Password Secure logo onto the applications. diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_client.md b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md index f732f49d5b..defa0a8603 100644 --- a/docs/passwordsecure/9.3/installation/installationclient/installation_client.md +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_client.md @@ -19,8 +19,10 @@ You are required to read and accept the terms of service. These can also be prin The next step is to define the location of the client. The suggested location can be retained.You can also define whether additional components should be installed. -**CAUTION:** Please only install the Terminal Server Service (for Autofill Add-on) if terminal -server operation is intended! +:::warning +only install the Terminal Server Service (for Autofill Add-on) if terminal +server operation is intended. +::: ![installation wizard page 2](/images/passwordsecure/9.2/installation/installation_client/installation-client-3-en.webp) @@ -95,6 +97,8 @@ HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfile ``` -NOTE: When the corresponding registry entry is set and no related database profile exists, the -profile will be created at the next start-up. Please note that profiles created like this cannot be +:::note +When the corresponding registry entry is set and no related database profile exists, the +profile will be created at the next start-up. That profiles created like this can't be edited or deleted in the client. +::: diff --git a/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md index 3fb0d90acb..8f3eb83652 100644 --- a/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md +++ b/docs/passwordsecure/9.3/installation/installationclient/installation_with_parameters.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Installation with parameters -## What is installation with parameters? +## Installation with parameters overview The installation of the Netwrix Password Secure client can also be optionally run on the command line. This method also requires the transfer of parameters. These can be combined with one another. In this case, the individual parameters are separated from one another by a blank space. The -parameters listed in the following section enable you to adapt the type of client installation. +parameters listed in the following section let you adapt the type of client installation. ## Running on the command line with parameters diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md b/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md index 762531e32a..b3a243b568 100644 --- a/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/apache.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Apache -In order to integrate the Web Application onto an Apache server, it is first necessary to enter all +To integrate the Web Application onto an Apache server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,11 +16,11 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. +You must enter the directory in which the certificate will be saved here. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. +Finally, you must enter where the certificate key is located here. ![apache-en](/images/passwordsecure/9.2/installation/installation_web_application/apache-en.webp) @@ -36,8 +36,10 @@ Manager. The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the Apache server. -NOTE: The configuration of the Apache server is always individual. Therefore, it is only possible to +:::note +The configuration of the Apache server is always individual. Therefore, it is only possible to roughly describe the process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md index 2d9627ce52..0de31936e4 100644 --- a/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/installation_web_application.md @@ -6,14 +6,16 @@ sidebar_position: 40 # Installation Web Application -**CAUTION:** This guide focuses on the initial installation of the Web Application and is not +:::warning +This guide focuses on the initial installation of the Web Application and isn't relevant for further updates. +::: ## Preparations for installation ### System requirements -Please ensured that all [Webserver](/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md) requirements have been met. +ensured that all [Webserver](/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md) requirements have been met. ### SSL certificate @@ -24,7 +26,7 @@ server and the Netwrix Password Secure server. ### Databases All databases that are to be used on the Web Application must be enabled for this purpose. With a -double click on the corresponding database the option "Access via Web Application" can be activated. +double click the corresponding database the option "Access via Web Application" can be activated. ## Installation @@ -37,14 +39,18 @@ firstly needs to be entered: Name the folder where the ZIP archive with the Web Application should be placed. -**CAUTION:** Do not use the Server Manager installation directory +:::warning +Don't use the Server Manager installation directory +::: -NOTE: If the web server is created on IIS, execute config.bat to handle integration of the web +:::note +If the web server is created on IIS, execute config.bat to handle integration of the web server. +::: ### Server IP -Please check if the IP address is correct otherwise no connection to the Web Application can be +check if the IP address is correct otherwise no connection to the Web Application can be established. If the IP address is wrong, you have to change it in the basic configuration of the Server Manager. @@ -68,26 +74,30 @@ You can personalize the Web App with your company’s branding by navigating to ## CORS configuration A button for the so-called CORS configuration can be found on the ribbon. It is essential that this -configuration is carried out before the Web Application can be used. A list of the permitted CORS +configuration is performed before the Web Application can be used. A list of the permitted CORS domains will be saved as a result. Requests received via the Web Application can then be checked -against this list. The request will only be successfully carried out if the origin header for a +against this list. The request will only be successfully performed if the origin header for a request is available in the permitted domains. -In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on +To add a domain, enter it at the bottom of the dialogue. Clicking on :material-plus-circle-outline: will add the entry to the list at the top. ![cors-en-new](/images/passwordsecure/9.2/installation/installation_web_application/cors-en-new.webp) -NOTE: In general, it is sufficient to add the IP address which was also saved as the Web server host +:::note +In general, it is sufficient to add the IP address which was also saved as the Web server host address. +::: -## Calling up the Web Application +## Opening the Web Application -The process for calling up the Web Application is dependent on the configuration of the web server: +The process for opening the Web Application depends on the configuration of the web server: - Web Application in root directory -> `https://hostname` - Web Application in a subdirectory -> `https://hostname/path-to-subdirectory` -- Port is not set to 443 -> `https://hostname:port/path-to-subdirectory` +- Port isn't set to 443 -> `https://hostname:port/path-to-subdirectory` -NOTE: In order for the redirect to be used, it is important to ensure on apache and nginx web +:::note +In order for the redirect to be used, ensure on apache and nginx web servers that no other host listens to port 80. +::: diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md b/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md index 53771713f1..729c8aa853 100644 --- a/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/microsoft_iis.md @@ -35,18 +35,22 @@ The file config.bat can be found in the newly created Web Application directory executed when logged on as the administrator. This will integrate the Web Application into the IIS web server. -NOTE: If the system requirements have not been met, you will be informed that the URL Rewrite and/or +:::note +If the system requirements have not been met, you will be informed that the URL Rewrite and/or Application Request Routing modules need to be installed. In this case, follow the instructions on -the wizard that will then immediately open. In addition, it is necessary to install the WebSocket +the wizard that will then immediately open. In addition, you must install the WebSocket Protokoll. Afterwards, config.bat needs to be executed again. +::: If the website has been correctly created, this will be correspondingly indicated by the notification IIS page created. ![IIS-creating page](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-4-en.webp) -**CAUTION:** Following a successful installation, it is imperative that config.bat is deleted! The +:::warning +Following a successful installation, it is imperative that config.bat is deleted! The config.bat file should also not be used for an "update" +::: ## Certificate diff --git a/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md b/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md index ab7ec622fb..3ff63ef92f 100644 --- a/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md +++ b/docs/passwordsecure/9.3/installation/installationwebapplication/nginx.md @@ -6,7 +6,7 @@ sidebar_position: 30 # nginx -In order to integrate the Web Application onto an nginx server, it is first necessary to enter all +To integrate the Web Application onto an nginx server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,12 +16,12 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. The standard +You must enter the directory in which the certificate will be saved here. The standard path here is /etc/nginx/certs/Web Application.crt. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. The default setting is +Finally, you must enter where the certificate key is located here. The default setting is /etc/nginx/certs/Web Application.key. ![ngnix installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-9-en.webp) @@ -38,8 +38,10 @@ directly viewed on the Server Manager. The configuration then still needs to be integrated onto the nginx server. It can be directly copied on the Server Manager for this purpose. -NOTE: Every web server configuration is individual. Therefore, it is only possible to outline the +:::note +Every web server configuration is individual. Therefore, it is only possible to outline the normal process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/9.3/installation/requirements/application_server.md b/docs/passwordsecure/9.3/installation/requirements/application_server.md index bb16428681..3c0f91a29b 100644 --- a/docs/passwordsecure/9.3/installation/requirements/application_server.md +++ b/docs/passwordsecure/9.3/installation/requirements/application_server.md @@ -32,7 +32,7 @@ sidebar_position: 10 - Port 11011 TCP for communication with windows applications or web server IIS (incoming) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - - Port 11014 TCP for the backup service (usually does not need to be unlocked) + - Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11015 TCP for Entra ID communication (incoming; only when using the Entra ID provisioning) - Port 11019 TCP for using Password Secure as Identity Provider (SAML) (incoming) diff --git a/docs/passwordsecure/9.3/installation/requirements/client_configuration.md b/docs/passwordsecure/9.3/installation/requirements/client_configuration.md index a04c4f5141..f69cf0d000 100644 --- a/docs/passwordsecure/9.3/installation/requirements/client_configuration.md +++ b/docs/passwordsecure/9.3/installation/requirements/client_configuration.md @@ -8,7 +8,9 @@ sidebar_position: 30 #### System Components -NOTE: Our Windows Application (Win App) is not available for MSP-customers! +:::note +The Windows Application (Win App) isn't available for MSP-customers. +::: | | | | | --------------------------- | ----------------------------------- | ---------------------- | diff --git a/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md b/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md index 89a0dc7ea5..4a870d899d 100644 --- a/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md +++ b/docs/passwordsecure/9.3/installation/requirements/mobile_apps.md @@ -8,7 +8,7 @@ sidebar_position: 50 #### Required Version -**CAUTION:** Our mobile apps are only supported on devices with the official OS (no jailbreak, not +**CAUTION:** The mobile apps are only supported on devices with the official OS (no jailbreak, not rooted). | | | | diff --git a/docs/passwordsecure/9.3/installation/requirements/mssql_server.md b/docs/passwordsecure/9.3/installation/requirements/mssql_server.md index 2bbab17206..2065e5ec9d 100644 --- a/docs/passwordsecure/9.3/installation/requirements/mssql_server.md +++ b/docs/passwordsecure/9.3/installation/requirements/mssql_server.md @@ -9,9 +9,9 @@ sidebar_position: 20 #### Required Version RECOMMENDED: Using MS SQL Server Express can lead to significant performance issues because of the -various limitations. Our recommendation is to use MS SQL Server Standard as a minimum. +various limitations. The recommendation is to use MS SQL Server Standard as a minimum. -Please follow Microsoft recommendations for system requirements for SQL Server. +follow Microsoft recommendations for system requirements for SQL Server. | | | | | --------------------- | ------- | ----------- | @@ -19,7 +19,7 @@ Please follow Microsoft recommendations for system requirements for SQL Server. | MS SQL Server Version | 2019 | 2022 | **CAUTION:** If you plan to install the MS SQL Server on the machine with the Netwrix Password -Secure application server, please ensure to meet the combined minimum requirements for both systems. +Secure application server, ensure to meet the combined minimum requirements for both systems. #### Required Configuration diff --git a/docs/passwordsecure/9.3/introduction/introduction.md b/docs/passwordsecure/9.3/introduction/introduction.md index 9d5cd3dd79..21682976bc 100644 --- a/docs/passwordsecure/9.3/introduction/introduction.md +++ b/docs/passwordsecure/9.3/introduction/introduction.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Introduction -## Welcome to the official Netwrix Password Secure documentation! +## Welcome to the official Netwrix Password Secure documentation All Netwrix product announcements have moved to the Netwrix Community. See announcements for Netwrix Password Secure in the diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md index 9b52d3b21f..386b516433 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.0.1.30479.md @@ -26,4 +26,4 @@ sidebar_position: 90 - System tasks are no longer deactivated after each run if they were configured with the interval 'Once' in the past. - HSM accesses are limited to a minimum now. -- A self-defined password can be used for the WebViewer export again +- A self-defined password works with the WebViewer export again diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md index 6cf5f533f7..5600e9f5d1 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.0.30996.md @@ -60,7 +60,7 @@ The following names have been changed: | SAML Service | IdP service | IdP Service | \* This improvement affects all views (basic and advanced view), apps and add-ons (Server Manager, -web and Windows app, autofill and offline add-on) the browser extension, API, and the server as well +web, and Windows app, autofill, and offline add-on) the browser extension, API, and the server as well as MSP. #### Basic view (formerly LightClient)\* diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md index c6b4e456fc..0076f5f334 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.2.31276.md @@ -40,7 +40,7 @@ sidebar_position: 40 - The quick view and history of passwords can be opened again. - Spontaneous errors when changing selected passwords have been fixed. - Web applications with URLs defined as regex are recognized correctly. -- Logging in to the Windows app is possible again if you were last logged in in the standard view. +- Logging in to the Windows app is possible again if you were last logged in using the standard view. #### Web App diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md index 262cc7f39e..9b734e8aa5 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.1.3.31365.md @@ -28,12 +28,12 @@ sidebar_position: 30 #### Extended view - An external package with a vulnerability classified as weak has been updated. The vulnerability - could not be exploited via Netwrix Password Secure (This also affects the server & Server Manager + couldn't be exploited via Netwrix Password Secure (This also affects the server & Server Manager as well as the autofill & offline add-on.). - The obsolete property “Spaces” has been removed from the password policies (This also affects the offline add-on.). - A possible XSS vulnerability in the WebViewer has been closed (This also affects the web app.). -- A problem has been fixed where the password was not saved on the server after a change when it was +- A problem has been fixed where the password wasn't saved on the server after a change when it was copied to the clipboard. - The cross-client login for the browser extension is now also operational for synchronized Windows profiles. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md index b66370d1fd..eb2104a17e 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.1.32530.md @@ -14,7 +14,7 @@ The default name of the configuration database now contains the host name of the #### API -The version of the API can now be called up within it. +The version of the API can now be opened within it. ## Fixed diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.2.32703.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.2.32703.md index 44d7232dcc..e6185e7bc3 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.2.32703.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.2.32703.md @@ -76,7 +76,7 @@ sidebar_position: 9 - Some missing components of the new design of the web app have now also been updated. -- Some errors in which texts were not loaded correctly have been fixed. +- Some errors in which texts weren't loaded correctly have been fixed. - The web app is loading the correct language again. @@ -84,7 +84,7 @@ sidebar_position: 9 #### Basic view -- Some errors in which texts were not loaded correctly have been fixed. +- Some errors in which texts weren't loaded correctly have been fixed. #### Browser extensions diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.3.32988.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.3.32988.md index 8e95ee4905..edb77354c0 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.3.32988.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.3.32988.md @@ -14,15 +14,15 @@ sidebar_position: 8 #### Extended view (on Windows) - The option "Allow documents without file extension" is now a separate option. The corresponding configuration option in the list of allowed file extensions has been removed. - Obsolete executable files that are no longer required have been removed. -- All binaries are now published via the 'releases.netwrix.com' domain. This affects the setups of the Windows App and the server, the Safari extension for Mac, and the API. The check for new available versions is still executed via the old domain. Please adjust your firewall rules, if such are existing. +- All binaries are now published via the 'releases.netwrix.com' domain. This affects the setups of the Windows App and the server, the Safari extension for Mac, and the API. The check for new available versions is still executed via the old domain. adjust your firewall rules, if such are existing. #### Extended view (on Windows & web) -- In preparation for the removal of the logo views from the product, it is no longer possible to upload new logos to the database. This does not affect the upload of icons or the display of existing logos. +- In preparation for the removal of the logo views from the product, it is no longer possible to upload new logos to the database. This doesn't affect the upload of icons or the display of existing logos. # Improvements #### Server -- The logging of events during the ECC migration has been improved in order to make the identification of potential sources of errors easier. +- The logging of events during the ECC migration has been improved to make the identification of potential sources of errors easier. #### Web app (basic and extended view) - The ordering and grouping of the elements from the 'Tools' page has been improved. @@ -50,7 +50,7 @@ sidebar_position: 8 - An issue in the MSI setups was resolved, which lead to displaying wrong license conditions. - Generated OTP codes displayed in the Emergency WebViewer are now correct. - OTP fields are now displayed in WebViewer exports. -- In older versions, there could be inconsistencies within the organisational structure. These have now been fixed. After the update, please check wether your organisational structure is still set up as expected. +- In older versions, there could be inconsistencies within the organisational structure. These have now been fixed. After the update, check wether your organisational structure is still set up as expected. #### Server Manager - When creating a database, the setting 'Activate realtime updates' is now saved correctly. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.4.33163.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.4.33163.md index c8217563a4..ef300d3bf2 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.4.33163.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.2.4.33163.md @@ -21,7 +21,7 @@ sidebar_position: 7 - During login, the field for entering the user name is no longer emptied when the database name is changed. #### Server Manager -- The old version of the Web App, displayed in the Server Manager as “Web app (Legacy)”, can no longer be created. Please use the new web app with immediate effect! +- The old version of the Web App, displayed in the Server Manager as “Web app (Legacy)”, can no longer be created. use the new web app with immediate effect. # Improvements @@ -30,7 +30,7 @@ sidebar_position: 7 #### Server - The performance of the software was improved in many areas. -- A third-party package containing a vulnerability was updated. We are not aware of any instances where the vulnerability was exploited. +- A third-party package containing a vulnerability was updated. There are no known instances where the vulnerability was exploited. #### Server Manager - When adding an existing database in the Server Manager, you can now select whether the database should be activated automatically. @@ -41,10 +41,10 @@ sidebar_position: 7 #### Extended view (on Windows) - The button to open the website of a password is now disabled if no URL is configured. This also affects the offline add-on. -- We have fixed an issue where the native Windows App could become unresponsive. You no longer need to end the application via Task Manager. +- Fixed an issue where the native Windows App could become unresponsive. You no longer need to end the application via Task Manager. #### Extended view (on web) -- When configuring the password generator in a way that is not able to generate a password, the application no longer gets unresponsive. +- When configuring the password generator in a way that isn't able to generate a password, the application no longer gets unresponsive. - When a password is revealed in the quick view, it can be entered again if a reason is required. - The quick view no longer closes automatically when another modal, such as entering a reason, is opened. - The browser window no longer hangs when a user's password is changed. diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.0.33526.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.0.33526.md index 2ababf1a50..52e46c858c 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.0.33526.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.0.33526.md @@ -33,7 +33,7 @@ sidebar_position: 4 #### Server - An error was resolved, which caused non-migratable documents being unable to be deleted permanently. -- Users provisioned via Entra ID can now login to the browser extension again. +- Users provisioned via Entra ID can now log in to the browser extension again. - WebViewer exports can no longer be created with invalid configuration. #### Server Manager diff --git a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.1.33994.md b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.1.33994.md index af67788386..984e9a9c72 100644 --- a/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.1.33994.md +++ b/docs/passwordsecure/9.3/introduction/versionhistory/version_9.3.1.33994.md @@ -15,9 +15,9 @@ sidebar_position: 3 # Improvements #### Web app (basic and extended view) -- The "wrong password" hint in the login screen changes once the lock time has expired. +- The "wrong password" hint in the login screen changes after the lock time has expired. - Text updates to improve clarity and consistency. This also affects the Windows app and the browser extensions. -- The second factor configuration now uses a more modern design. +- The second factor configuration uses a more modern design. #### Server - Improved performance of server side ECC migration. diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md index 2278a68b03..fbc8d00507 100644 --- a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -13,15 +13,19 @@ Before you execute the migration, you must ensure that the following preparation - Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client - Check in the [Database properties](/docs/passwordsecure/9.3/configuration/servermanager/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed - If that should be the case, **contact your users and make sure that they have to synchronize the + If that should be the case, **contact your users and ensure that they have to synchronize the Offline Add-on and the mobile app**. -**CAUTION:** If the OfflineClient or App does have not yet synchronized items, they are lost after -the migration mode is enabled! +:::warning +If the OfflineClient or App does have not yet synchronized items, they are lost after +the migration mode is enabled. +::: - Backup all certificates using the Netwrix Password Secure Server Manager -**CAUTION:** Only certificate backups made through the Server Manager are valid! +:::warning +Only certificate backups made through the Server Manager are valid. +::: ![Certificates](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/certificates-ac-1-en.webp) @@ -29,7 +33,7 @@ the migration mode is enabled! - Delete or restore all non “permanent deleted” users If you have deactivated or non “permanent deleted“ users it would make sense to delete them - permanently, otherwise the migration would never finalize. Keep in mind, that every E2EE User must + permanently, otherwise the migration would never finalize. Remember that every E2EE User must log in, before you can complete the migration. - Only have **one active Netwrix Password Secure-Server** In the case of multiple Netwrix Password Secure-Servers, you need to stop all Netwrix Password @@ -39,8 +43,10 @@ the migration mode is enabled! ## Migration -NOTE: During the migration, the database is in read-only mode. So it is possible to read all records -from the database, but it is not possible to add new or edit existing records. +:::note +During the migration, the database is in read-only mode. So you can read all records +from the database, but it isn't possible to add new or edit existing records. +::: #### Start migration @@ -50,8 +56,8 @@ Clicking on the icon **“Start migration”** in the databases' module to start Select the database you want to migrate and enter the code-word. -Remember, The code word is “Start”. Please make sure that you have read the whole documentation. -Otherwise, data loss might occur! +Remember, The code word is “Start”. ensure that you have read the whole documentation. +Otherwise, data loss might occur. ![select database](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-2-en.webp) @@ -63,7 +69,9 @@ As written in the message, export all required certificates via the Netwrix Pass Manager. If you have multiple servers in use import the certificates via the Server Manager at the end of the migration process. -**CAUTION:** If certificates are missing the migration cannot be continued. +:::warning +If certificates are missing the migration can't be continued. +::: #### Watch the migration process diff --git a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md index 11eb4feb09..edecc6cd2e 100644 --- a/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md +++ b/docs/passwordsecure/9.3/maintenance/eccmigration/ecc_migration_user_manual.md @@ -8,11 +8,13 @@ sidebar_position: 20 ## Preparation: -If you use the Offline Add-on and the Mobile app it is necessary to synchronize them before your +If you use the Offline Add-on and the Mobile app you must synchronize them before your admin starts the migration. -**CAUTION:** If you do not synchronize your data, it is lost and no more accessible after the -migration! +:::warning +If you don't synchronize your data, it is lost and no more accessible after the +migration. +::: ## Migration @@ -21,5 +23,7 @@ the message **„Userdata migration finished”** appears. ![userdata_migration_finished_en](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/userdata_migration_finished_en.webp) -NOTE: The migration can only be carried out with the Web Application and NativeClient. A migration -just using the Extension, Autofill Add-on or the Mobile App is not possible. +:::note +The migration can only be performed with the Web Application and NativeClient. A migration +just using the Extension, Autofill Add-on or the Mobile App isn't possible. +::: diff --git a/docs/passwordsecure/9.3/maintenance/moving_the_server.md b/docs/passwordsecure/9.3/maintenance/moving_the_server.md index 34b297ae3e..f2015355c0 100644 --- a/docs/passwordsecure/9.3/maintenance/moving_the_server.md +++ b/docs/passwordsecure/9.3/maintenance/moving_the_server.md @@ -8,12 +8,12 @@ sidebar_position: 20 ## Preparations -It is necessary to make some preparations so that the move can be completed without any problems. +You must make some preparations so that the move can be completed without any problems. #### 1. Installing the SQL server If the SQL server and the application server are on the same machine, the SQL server should be -installed on the new machine first. It is necessary to observe the +installed on the new machine first. You must observe the [MSSQL Server](/docs/passwordsecure/9.3/installation/requirements/mssql_server.md) for this process. #### 2. Installing the server @@ -28,7 +28,7 @@ is described under After the server has been installed, the [Basic configuration](/docs/passwordsecure/9.3/configuration/servermanager/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you want -to retain the old SQL server, it is necessary to give the configuration database a new name. +to retain the old SQL server, you must give the configuration database a new name. #### 4. Deactivating the old server @@ -43,13 +43,13 @@ After making these preparations, the data from the old server can be backed up. #### 1. Backing up the system If using a virtual machine, a backup of it should be created. The old version of the server can then -be restored in the event of problems. +be restored if problems occur. #### 2. Backing up the database -In order to transfer the data to the new server, a backup of the database should be created. -Although this is also possible via the Server Manager, we recommend carrying out the backup at the -SQL level: right click on the database, then on Tasks and Backup. The desired target folder is +To transfer the data to the new server, a backup of the database should be created. +Although this is also possible via the Server Manager, Netwrix recommends carrying out the backup at the +SQL level: right click the database, then on Tasks and Backup. The desired target folder is selected in the following window. ![insert backup](/images/passwordsecure/9.2/maintenance/sql-backup-en.webp) @@ -68,7 +68,7 @@ needs to be integrated. #### 1. Integrating the database at the SQL level Firstly, a new database is created on the SQL server. This option can be found in the SQL Management -Studio after right clicking on Databases. It is usually sufficient to simply enter the database +Studio after right clicking on Databases. It is usually sufficient to enter the database names. ![integrate the database](/images/passwordsecure/9.2/maintenance/sql-new-db-en.webp) @@ -79,8 +79,10 @@ is also essential to check whether the correct database has been selected in the ![restore db](/images/passwordsecure/9.2/maintenance/sql-restore-en.webp) -NOTE: This method can be also used to import backups that were directly created from the Server +:::note +This method can be also used to import backups that were directly created from the Server Manager. +::: #### 2. Setting up the server @@ -99,5 +101,5 @@ Finally, the database is integrated onto the server via the database wizard. ## Modifications on the client -If the IP and/or host name for the server has changed, it is necessary to create/roll out new +If the IP and/or host name for the server has changed, you must create/roll out new database profiles from the client. diff --git a/docs/passwordsecure/9.3/maintenance/update.md b/docs/passwordsecure/9.3/maintenance/update.md index 09b22a574f..57a8d493ee 100644 --- a/docs/passwordsecure/9.3/maintenance/update.md +++ b/docs/passwordsecure/9.3/maintenance/update.md @@ -8,35 +8,37 @@ sidebar_position: 10 ## Reasons for regular updates -Our development team is constantly working on the further development of the software. This does not +The development team is constantly working on the further development of the software. This doesn't only involve fixing any problems but also primarily the development of new features to adapt the -software as best as possible to the requirements of our customers. Therefore, it is recommended that -you regularly install updates. +software as best as possible to the requirements of the customers. Therefore, you regularly install updates. The documentation always refers to the latest version available. If Netwrix Password Secure deviates from the documentation (e.g. in appearance or also its functional scope), it makes sense to firstly update to the latest version. -NOTE: The update check on the server or the client can be used to easily install the latest version. -The update check on the client must be activated in the settings for users beforehand. We recommend -leaving the update check deactivated for normal users! Otherwise these users could independently -attempt to install updates. Since a new client cannot connect to an old server, this results in the +:::note +The update check on the server or the client lets you install the latest version. +The update check on the client must be activated in the settings for users beforehand. Netwrix recommends +leaving the update check deactivated for normal users. Otherwise these users could independently +attempt to install updates. Since a new client can't connect to an old server, this results in the user not being able to log in. +::: ## Requirements The requirements should be checked or established before an update. -**CAUTION:** Please always check the Changelog for requirements or breaking changes before updating! +:::warning +Always check the Changelog for requirements or breaking changes before updating. +::: ### Check the software maintenance package -The right to install updates is acquired with the software maintenance package. It is important to -note that you are permitted to install all updates as long as the software maintenance package is +The right to install updates is acquired with the software maintenance package. You are permitted to install all updates as long as the software maintenance package is still active. If the software maintenance package has expired, you are only permitted to use those versions that were released during the term of the software maintenance package. Therefore, you should check whether the software maintenance package is still active before an update. This can be -easily checked on the Server Manager under +checked on the Server Manager under [License settings](/docs/passwordsecure/9.3/configuration/servermanager/mainmenu/license_settings.md). ### Creating a backup @@ -49,39 +51,43 @@ problem arises. ### Checking compatibility An attempt is always made to design the Server Manager so that it is backwards compatible. -Unfortunately this is not always possible. Therefore, you should always check which client version +Unfortunately this isn't always possible. Therefore, you should always check which client version the Server Manager is compatible with before an update. The version history for the relevant version will provide this information. -**CAUTION:** If the password for logging in to the Server Manager on the database has been saved, it -is essential that it is noted down or temporarily saved elsewhere before an update! +:::warning +If the password for logging in to the Server Manager on the database has been saved, it +is essential that it is noted down or temporarily saved elsewhere before an update. +::: ### Latest installation files The installation files can be downloaded from the -[customer information system](https://license.passwordsafe.de/kis). Please simply use the access -data that we sent to you by email to log in. +[customer information system](https://license.passwordsafe.de/kis). Use the access +data sent to you by email to log in. ## Perform update ### Updating the Server Manager -The Server Manager is simply installed on top of the existing installation. The password from the +The Server Manager is installed on top of the existing installation. The password from the Server Manager should be made available at this point in any case. After the installation of the Server Manager, the database is only accessible when it is activated. If the password is only in the Netwrix Password Secure, it should be temporarily stored at this point. -NOTE: If the service has not been ended in advance, the installation wizard will give you the +:::note +If the service has not been ended in advance, the installation wizard will give you the opportunity to do so. If the service is still not ended at this stage, the computer will then need to be restarted. It is thus recommended that the Netwrix Password Secure services are ended before the update. +::: Further information on the installation wizard can be found in the section [Installation Server Manager](/docs/passwordsecure/9.3/installation/installation_server_manager.md). ### Patch level update for the databases -The databases are usually deactivated after updating the Server Manager because they do not yet have +The databases are usually deactivated after updating the Server Manager because they don't yet have the corresponding patch level. This should be immediately checked. After logging in to the Server Manager, the module “Databases” is immediately visible. If the databases have been deactivated, you can reactivate them directly in the ribbon via the corresponding button. The patch level will be @@ -89,9 +95,9 @@ updated during this process. ### Updating the client -The updates for the client are also simply installed over the existing installation. Further -information can be found in the section Installation of the client. Naturally, the update can also -be carried out using the installation parameters. +The updates for the client are also installed over the existing installation. Further +information can be found in the section Installation of the client. the update can also +be performed using the installation parameters. ### Updating the Web Application @@ -101,11 +107,15 @@ is then created according to the instructions for the web server being used. The on the web server should now be completely emptied. The Web Application is then unzipped and copied to the document directory on the corresponding web server. -**CAUTION:** If the Web Application is being operated on an IIS web server, a new config.bat is +:::warning +If the Web Application is being operated on an IIS web server, a new config.bat is generated for creating the new version. This must not be executed if the Web Application has already been installed and it must be deleted without fail after a successful update. +::: -NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using +:::note +If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the chapter [Webserver](/docs/passwordsecure/9.3/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 or newer. +::: diff --git a/docs/passwordsecure/9.3/msp_system.md b/docs/passwordsecure/9.3/msp_system.md index 11b1b86bd5..416b6e83c0 100644 --- a/docs/passwordsecure/9.3/msp_system.md +++ b/docs/passwordsecure/9.3/msp_system.md @@ -19,8 +19,10 @@ customers with less than 20 users each. - 16 GB RAM - min. 100 GB HDD -**CAUTION:** Please note, that using a SQL Server with Express edition is not recommended because of +:::warning +, that using a SQL Server with Express edition isn't recommended because of diverse limitations there. +::: If your customer's count is growing over time, you should add every 200 users a minimum of at least: @@ -43,16 +45,22 @@ If your customer's count is growing over time, you should add every 200 users a - 1 CPU - 4 GB RAM -RECOMMENDED: Currently, you should use an application server to handle a max of about 100 +RECOMMENDED: , you should use an application server to handle a max of about 100 customers. So if you reach 100 customers, you should set up a second Application Server or use some sort of load balancing between the application servers. -**CAUTION:** Every additional 1000 users an additional Web-Endpoint - incl. loadbalancing - is +:::warning +Every additional 1000 users an additional Web-Endpoint - incl. loadbalancing - is recommended +::: -**CAUTION:** Every additional 100 customers/1000 users an additional Application Server - incl. +:::warning +Every additional 100 customers/1000 users an additional Application Server - incl. loadbalancing - is recommended. +::: -NOTE: Please note that individual variables - like the number of passwords per user - will affect +:::note +that individual variables - like the number of passwords per user - will affect performance. Especially for MSP-Systems it is required to monitor performance continuously, and add additional resources on demand. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/applications.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/applications.md index 6350a2b5c1..5e4fd589ea 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/applications.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/applications.md @@ -6,9 +6,9 @@ sidebar_position: 80 # Applications -## What are applications? +## Applications overview -Applications can be used to configure automated logins to various systems. Especially when combined +Applications let you configure automated logins to various systems. Especially when combined with various protective mechanisms, the company benefits in terms of security because complex passwords are automated and entered in the login masks in concealed form. Various types are available, such as Remote Desktop (**RDP**), Secure Shell (**SSH**), general applications (**SSO**) @@ -22,22 +22,22 @@ automatic logon to almost any kind of software. ## The four types of applications -Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO and web +Netwrix Password Secure varies between four different types of applications: RDP, SSH, SSO, and web applications. ![new application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_2-en.webp) -In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types +In terms of how they are handled, **RDP, and SSH** applications can be covered together. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then opens in its own tab in the [Reading pane](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also -applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded +applications for websites. In contrast to RDP and SSH applications, they can't be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as [Learning the applications](/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, -RDP and SSH can be both completely defined and also started within Netwrix Password Secure. +RDP, and SSH can be both completely defined and also started within Netwrix Password Secure. ## RDP and SSH @@ -59,7 +59,7 @@ The connection to the desired session can be established via the icon **Establis ![estabish RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_4-en.webp) Netwrix Password Secure now attempts to log in to the target system with the information available. -Data that are not saved in the form will be directly requested when opening the session. It is thus +Data that aren't saved in the form will be directly requested when opening the session. It is thus also possible to only enter the IP address and/or the password after starting the Netwrix Password Secure application. If all data has been retrieved, the RDP session will open in a tab – if so defined (Window mode field in the application): @@ -71,7 +71,7 @@ defined (Window mode field in the application): It is also possible to complete the authentication process using SSH certificates. For this purpose, the certificate is saved as a document in .ppk format. (It may be necessary to firstly approve this file ending in the settings). The document is then linked to the record via the footer. The record -does not need to have a password. However, it is necessary for the record to be linked to a SSH +doesn't need to have a password. However, it is necessary for the record to be linked to a SSH application. ## Linking records and applications @@ -80,7 +80,7 @@ The application defines the requirements for the desired connection and also opt target system. By linking records with applications, the complete login process can be automated. If the record now also supplies the user name and password, all of the information required for the login is available. Applications and records are linked via the "Start" tab in the ribbon. If this -link to a record is established, a 1-click login to the target system is possible. +link to a record is established, a 1-click log in to the target system is possible. ![linking RDP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_6-en.webp) @@ -95,16 +95,18 @@ multiple access points. ![multiple access points](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_8-en.webp) -This is generally a very common scenario. Nevertheless, it should be noted that accessing multiple +This is generally a very common scenario. Nevertheless, accessing multiple servers with one single password is questionable from a security standpoint. It is generally recommended that a unique password is issued for every server/access point. -NOTE: It is possible to leave the **IP address** field empty in the application. If an **IP +:::note +You can leave the **IP address** field empty in the application. If an **IP address** field exists in the linked record then this address will be used. If there is also no IP address in the record, a popup window will appear in which the desired IP address can be entered manually. +::: -Alternatively, it is possible to connect several records with one RDP connection. In this way, you -can combine different users with an RDP connection and register them straightforward. +Alternatively, you can connect several records with one RDP connection. In this way, you +can combine different users with an RDP connection and register them. ![connect RDP sessions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_9-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index 7c03fc5247..d6e8d9a935 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -10,7 +10,7 @@ sidebar_position: 10 Logging into SAP can be achieved via the usage of [Start Parameter](/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The -prerequisite here is for the login process to be carried out via the "SAPshortcut". All available +prerequisite here is for the login process to be performed via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). Form Firstly, a [Forms](/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 522a12347a..54a46d7e9e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -6,13 +6,13 @@ sidebar_position: 10 # Learning the applications -## Which applications need to be learned? +## Applications that require learning -As already indicated in the previous section, RDP and SSH applications are completely embedded in -Netwrix Password Secure. These applications thus do not need to be specially learned. All other +As already indicated in the previous section, RDP, and SSH applications are completely embedded in +Netwrix Password Secure. These applications thus don't need to be specially learned. All other applications in Windows need to be learned once. -## What does learning mean? +## Learning overview The record contains the user name and password. Learning involves defining the steps required. The result is equivalent to a script that defines where precisely the login data should be entered. In @@ -36,13 +36,13 @@ First, a new SSO application is created via the ribbon. ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_1-en.webp) Various properties for the application can now be defined in the tab that opens. The fields **Window -title**, **Application** and **Application path** are not manually filled. This is done via the +title**, **Application** and **Application path** aren't manually filled. This is done via the **Create application** button in the ribbon: ![new sso application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_2-en.webp) A crosshair cursor now appears. It enables the actual "mapping" or assignment of the target fields. -You can see the field assignment for the user name below using a login to an SQL server as an +You can see the field assignment for the user name in the following example using a log in to an SQL server as an example. All of the other fields that should be automatically entered are assigned in the same way. The process is always the same. You select the field that needs to be automatically filled and then decide which information should be used to fill it. @@ -51,17 +51,19 @@ decide which information should be used to fill it. In parallel to the previous step, all of the already assigned fields will be displayed on the right edge of the screen. In this example, the VMware vSphere Client has a total of 4 assigned fields: IP, -user name, password and clicking the button to subsequently confirm the login. +user name, password, and clicking the button to subsequently confirm the login. ![connected fields](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_4-en.webp) -NOTE: "Graphical recognition:" The graphical recognition function provides additional protection. It -can be used to define other factors for the SSO. An area is defined that then serves as the output -for the comparison (e.g. for login masks with an image). In order to activate the graphical -recognition function, click on the eye at the top right after assigning the fields! The area that -will serve as the output point is then marked. +:::note +"Graphical recognition:" The graphical recognition function provides additional protection. It +lets you define other factors for the SSO. An area is defined that then serves as the output +for the comparison (e.g. for login masks with an image). To activate the graphical +recognition function, click the eye at the top right after assigning the fields. The area that +serves as the output point is then marked. +::: -Once you have assigned all of the fields, you can exit the application process using the enter +After you have assigned all of the fields, you can exit the application process using the enter button. The fields "Window title", "Application" and "Application path" mentioned at the beginning are now automatically filled. @@ -79,11 +81,11 @@ possible here to link to the previously created application "VMware". ![connect application with record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_6-en.webp) -When the link has been established, this application can then be directly started via the ribbon in -future. Pressing the button directly opens the linked application. +When the link has been established, this application can be directly started via the ribbon. +Pressing the button directly opens the linked application. ![start application](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications_7-en.webp) **CAUTION:** With respect to permissions, applications are subject to the same rules as for -passwords, roles or documents. It is possible to separately define which group of users is permitted +passwords, roles, or documents. You can separately define which group of users is permitted to use each application. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md index ee8140d3f6..fd3c2ea28e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md @@ -55,7 +55,7 @@ the following start parameters are transferred: ## Placeholder for fields⚓︎ Fields can be added via certain placeholders based on their type or their name. The easiest way to -do this is using the configuration window described above. +do this is using the configuration window described previously. | Field type | Placeholder | | ----------------------- | ----------------- | diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index c9505a66fd..a7d7c0884d 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -37,9 +37,11 @@ also possible to enter the IP address and/or password after starting the applica It is also possible to use SSH-certificates for authentication. For this purpose, the certificate is stored as a document in .ppk format. The document is then linked to the data record via the footer. -The data record does not have to contain a password, but it must be linked to an SSH application. +The data record doesn't have to contain a password, but it must be linked to an SSH application. -NOTE: The file extension may first have to be enabled via the settings. +:::note +The file extension may first have to be enabled via the settings. +::: ## Keyboard shortcuts diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index b239d80f0a..d78332a59d 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Recording a session -## What is session recording? +## Session recording overview -Session recording can be used to make a visual recording of RDP and SSH sessions. These recordings +Session recording lets you visually record of RDP and SSH sessions. These recordings can then be subsequently viewed and evaluated. In this context, it is also possible to limit this functionality so that only the user themselves or an assigned person e.g. security officer can view and evaluate these recordings. @@ -23,10 +23,12 @@ The following options are required to manage sessions for an application. - Can manage recordings for an application -NOTE: Please note that session recording uses disk space in the database. Although the way the +:::note +Session recording uses disk space in the database. Although the way the recordings are saved is efficient in terms of resources, the required amount of disk space varies greatly depending on the content. The more that is done during the recorded session, the higher the disk space usage. +::: Session recording firstly needs to be activated for the relevant RDP or SSH application before it can take place. @@ -42,18 +44,20 @@ SSH If the setting has been activated, the recording will start automatically the next time a connection is established. -NOTE: The recordings are already streamed to the server and saved into the database during the +:::note +The recordings are already streamed to the server and saved into the database during the recording process. Therefore, no recordings are lost even if the connection is terminated. They are immediately saved until the connection is terminated or until the end of the session. +::: ## Viewing the session recordings -If recordings exist for an application, these can be called up and viewed in the Applications +If recordings exist for an application, these can be opened and viewed in the Applications module. ![viewing session recording](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session_4-en.webp) -It is possible to search the session recordings using the filter as usual. It is also possible here +You can search the session recordings using the filter as usual. It is also possible here to limit the search results based on the date and user. In the section on the right, it is also possible to further filter the searched list based on all column contents. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md index a91528d405..36cdbe969b 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Client Module -## What are modules? +## Modules overview Netwrix Password Secure can be customized according to the needs of the users. This requirement can be applied by the user, and can also be applied by administrative users. This means that everyone @@ -25,7 +25,9 @@ individually within the user rights. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_2-en.webp) -NOTE: The visibility of modules can always be adapted to the needs of individual user groups +:::note +The visibility of modules can always be adapted to the needs of individual user groups +::: ## Sorting modules @@ -37,10 +39,12 @@ example). ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_3-en.webp) -The navigation options enable you to define the maximum number of visible elements and also how they +The navigation options let you define the maximum number of visible elements and also how they are sorted. ![sorting modules](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_modules_4-en.webp) -NOTE: The previously described visibility of the modules is a basic requirement for viewing and +:::note +The previously described visibility of the modules is a basic requirement for viewing and sorting them in the navigation options +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index ee8c6fc224..cd68a7b886 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -19,7 +19,9 @@ table: ![discovery service entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-2-en.webp) -NOTE: The information can be grouped together using the column editor. +:::note +The information can be grouped together using the column editor. +::: ## Network Scan @@ -78,8 +80,8 @@ finished, the **Network Scan** scans the **network** according to these guidelin second section defines the scan configuration for the local computer. Select from either Local user of services or _Local user_. -**CAUTION:** The system executing the scan – on which the Server Manager is installed – is not -scanned! +**CAUTION:** The system executing the scan – on which the Server Manager is installed – isn't +scanned. ## Interval / Executing server / Tags @@ -106,4 +108,4 @@ Depending on the message, the **Discovery Service Task** may need to be amended. **CAUTION:** The **default setting** for the **Discovery Service Task** after it has been saved is **Activated!** It will **immediately actively** scan the network for data. This data is **read** but -not amended! +not amended. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md index 7643e359de..a339818bdc 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -15,7 +15,7 @@ the **System Tasks**. ![ribbon](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_1-en.webp) After the **Discovery Service Task** has been successfully executed, the entries are available in -the **Discovery Service**. Further processing of the entries is then carried out using the +the **Discovery Service**. Further processing of the entries is then performed using the **Conversion Wizard**. For processing in the **Conversion Wizard**, the network is scanned for the following types: @@ -40,16 +40,18 @@ In the **Discovery Service** table, the user selects the entries for which he wa administrator** for the task will be used as the executing user. In addition, only those **Discovery Service Task entries** that are also discovered by the entered **Discovery Service Task** will be used for the conversion). -2. The discovered entries will be displayed in this column with the **services** for which the user +2. The discovered entries are displayed in this column with the **services** for which the user has been entered. 3. This column shows the **discovered type** for the entry. 4. This column shows already existing passwords in Netwrix Password Secure that match the discovered - **Active Directory user** or **user account**. It is possible to select here which password can + **Active Directory user** or **user account**. You can select here which password can be used when creating a **Password Reset** (it is then used as the only password linked to the Password Reset). Alternatively, these passwords can also be newly created. -NOTE: Logically, **every root node** corresponds to **one user** and all of its associated data +:::note +Logically, **every root node** corresponds to **one user** and all of its associated data (e.g. services). A **Password Reset** is created later for **every user** and its associated data. +::: The following image shows the options **add new password** or retain **existing password**. @@ -63,29 +65,31 @@ The **Password Reset** is configured in the **Settings Ribbon**. ![reset setting](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_4-en.webp) -The **settings** will be described in more detail below: +The **settings** will be described in more detail in the following sections: 1. The organisational unit in which the **Password Reset** should be created is entered here. In addition, a template for the rights inheritance can be entered here. 2. The **responsible user** for the **password** is entered here. A special tag can be set here. 3. Adding a **Password Reset** Option 1: **Do you also want to add a Password Reset?** Adds a - **Password Reset** If **option 1** is not selected, the following options are not displayed. + **Password Reset** If **option 1** isn't selected, the following options aren't displayed. 4. Setting for executing a **Password Reset** Option 2: **(Execute Password Resets immediately after - they are created)** means that the **Password Reset** will be executed as soon as you click on + they are created)** means that the **Password Reset** will be executed as soon as you click **Finish**. 5. The **responsible user for the Password Reset** is entered here. 6. Various **triggers for the Password Reset** can be selected here. **CAUTION:** After clicking on **Finish**, the **Password Resets** will be **immediately executed** -and the **passwords changed!**. This also applies to **Windows passwords!** +and the **passwords changed**. This also applies to **Windows passwords**. -If option 1: **Do you also want to add a Password Reset?** is not selected, \*steps 4, 5 and 6 are +If option 1: **Do you also want to add a Password Reset?** isn't selected, \*steps 4, 5, and 6 are not displayed for configuration. ![password reset option](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_5-en.webp) -NOTE: After clicking on **Finish**, one or more **passwords will be created** but **no corresponding -Password Resets will be created!** +:::note +After clicking on **Finish**, one or more **passwords will be created** but **no corresponding +Password Resets are created.** +::: ## Assignment (Active Directory user) @@ -109,8 +113,8 @@ The following images shows the **Assignment (Active Directory user)** Ribbon ### Procedure 1. An **Existing form** is selected here -2. The **assignment** to the fields is carried out here Important assignments are **Type: General** - and **Type: Password Reset**. An amendment can be carried out here +2. The **assignment** to the fields is performed here Important assignments are **Type: General** + and **Type: Password Reset**. An amendment can be performed here ### "New form" selected @@ -120,12 +124,12 @@ The following images shows the **Assignment (Active Directory user)** Ribbon 1. A name for the **New form** needs to be entered here 2. The discovered entries are **automatically** assigned as standard Important assignments are - **Type: General** and **Type: Password Reset**. An amendment can be carried out here + **Type: General** and **Type: Password Reset**. An amendment can be performed here ### Summary -A brief overview of the actions that will be carried out with the added configuration is displayed -in the **Summary** Ribbon. These actions will then be carried out if you click on **Finish**. +A brief overview of the actions that will be performed with the added configuration is displayed +in the **Summary** Ribbon. These actions will then be performed if you click **Finish**. ![summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_9-en.webp) @@ -137,27 +141,27 @@ creating **Password Resets**. If the option **Execute Password Resets immediatel created** is used in the configuration, the **selected passwords** are immediately changed after clicking on **Finish**. -**CAUTION:** **If you are not paying careful attention, this could have inconvenient consequences.** +**CAUTION:** **If you aren't paying careful attention, this could have inconvenient consequences.** **Security level 1:** An **Important note** is displayed in the **Summary** after clicking on **Finish**. -**CAUTION:** **Please observe the note and read it through carefully!** +**CAUTION:** ** observe the note and read it through carefully!** -An **Overview** of which actions will be carried out is displayed for the user together with this -note. The user can then still decide to **Cancel** the process. If you click on **OK**, an -**additional confirmation warning** will be displayed. +An **Overview** of which actions will be performed is displayed for the user together with this +note. The user can then still decide to **Cancel** the process. If you click **OK**, an +**additional confirmation warning** appears. ![important note](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_10-en.webp) **Security level 2:** -Another **confirmation prompt** highlights that it is important to understand what you are about to -do. It will no longer be possible to reverse the actions afterwards! +Another **confirmation prompt** highlights that you must understand what you are about to +do. It will no longer be possible to reverse the actions afterwards. **CAUTION:** **Last chance to cancel the execution!** ![securtiy warning](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries_11-en.webp) After **entering the displayed number** and **confirming with OK**, the process is **executed -immediately** and the **Password Resets** are carried out and the **associated passwords changed**. +immediately** and the **Password Resets** are performed and the **associated passwords changed**. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md index 5cb0fb12aa..c7493a59e1 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md @@ -25,7 +25,7 @@ Another password is created in the **Password Reset module** and is required for ![password reset list](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords_2-en.webp) -Points 1-7 are described below: +Points 1-7 are described in the following sections: 1. The name of the Password Reset 2. Overview of the password diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md index a05b5d4992..94483d6125 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -12,11 +12,11 @@ Service Task** that was executed and can be found and displayed using the filter ## Deletion process -The discovered data in the **Discovery Service** cannot simply be deleted and removed from the +The discovered data in the **Discovery Service** can't simply be deleted and removed from the **Discovery Service entries**. As the entries have a **link to the Discovery Service Task**, it is necessary to delete the discovered entries via the **Discovery Service Task** that was created. If -entries were discovered using a joint **Discovery Service Task**, it is not possible to simply -delete them. This is the case if two different users have carried out a scan on the same area. If +entries were discovered using a joint **Discovery Service Task**, it isn't possible to simply +delete them. This is the case if two different users have performed a scan on the same area. If you delete one of the two **Discovery Service Task**, only the entries that had a single link to this **Discovery Service Task** will be deleted. The entries for the other **Discovery Service Task** will be retained and must be deleted via the associated **Discovery Service Task**. You can @@ -29,9 +29,9 @@ find out which **Discovery Service Task** found a particular entry by selecting If the IP range for an existing **Discovery Service Task** is changed and the **Discovery Service Task** is then executed for this new IP range, the previously discovered entries from the previous -executed **Discovery Service Task** will be deleted from the **Discovery Service**. If you want to -carry out a **Discovery Service Task** for a different IP range, you should create a new **Discovery -Service Task**. This will prevent any already discovered entries from being deleted. However, if the +executed **Discovery Service Task** are deleted from the **Discovery Service**. To +carry out a **Discovery Service Task** for a different IP range, create a new **Discovery +Service Task**. This prevents any already discovered entries from being deleted. However, if the existing entries are no longer required, you can delete them by using the same **Discovery Service Task** with a different IP range. @@ -47,5 +47,7 @@ Task** with a different IP range. 10. A new scan using Task A with a different IP address 192.168.150.2 will not delete the data from Task B -NOTE: The **Password Resets** and **passwords** created using the **Conversion Wizard** are not +:::note +The **Password Resets** and **passwords** created using the **Conversion Wizard** aren't deleted when the **Discovery Service Tasks** are deleted. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md index d56f9fb6f3..7446b102a9 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -8,27 +8,29 @@ sidebar_position: 30 The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can take some time for all the data on the systems for the entered IP network to be collected. This can -be easily recognized by the **blue arrow** symbol on the **Discovery Service Task** and a -corresponding message is also shown in the General display. Once the **Discovery Service Task** has -been completed, the data will be shown in the **Discovery Service module**. +be recognized by the **blue arrow** symbol on the **Discovery Service Task** and a +corresponding message is also shown in the General display. After the **Discovery Service Task** has +been completed, the data appears in the **Discovery Service module**. ![new discovery service task](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_1-en.webp) The **Discovery Service Task** needs to be carefully configured. The configurable sections are -described below. +described in the following sections. 1. **Discovery Service Task**: Display of the status: this can be updated in the preview and logbook using the F5 button. Red hand: Deactivated Blue arrow: Activated and being executed Boxes: Corresponds to the assigned tag 2. **General**: The latest information about the **Discovery Service Task** is shown here. A - **message** will be shown to indicate an active **Discovery Service Task**. + **message** indicates an active **Discovery Service Task**. 3. **Overview**: Current data for the **Discovery Service Task** about its progress and subsequent executions are shown here. 4. **Logbook**: The **logbook** can be found in the **footer** of the **Discovery Service Task**. - The latest activities carried out by the **Discovery Service Task** are shown here. + The latest activities performed by the **Discovery Service Task** are shown here. -NOTE: The **data** is **not kept up-to-date while the task is being executed** and does not always -show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**! +:::note +The **data** is **not kept up-to-date while the task is being executed** and doesn't always +show the latest status. Therefore, the data should be regularly **updated** using the **F5 button**. +::: ## Using the Discovery Service entries @@ -45,26 +47,28 @@ Task** and selected for the **Conversion Wizard** are displayed. If multiple entries are selected for a **Password Reset**, a corresponding number of **passwords** and **Password Resets** need to be added in the **Conversion Wizard**. Depending on the entries -selected (service, Active Directory user, user account), it is necessary to carry out corresponding +selected (service, Active Directory user, user account), you must carry out corresponding **assignments** in the **Conversion Wizard** for the **passwords**. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_3-en.webp) -Every line must be connected to a **password** in the end. Therefore, it is necessary to carry out +Every line must be connected to a **password** in the end. Therefore, you must carry out an assignment process in the **Conversion Wizard** for every entry. ![Discovery service conversion wizard ](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_4-en.webp) -For **Active Directory users**, it is possible to assign an existing **password**. +For **Active Directory users**, you can assign an existing **password**. -NOTE: The subsequent process is carried out in the same way as when only one **Discovery Service +:::note +The subsequent process is performed in the same way as when only one **Discovery Service entry** is selected. +::: ## Filter settings A good filter is required for processing the discovered data. A **filter that has been adapted for this purpose** is available for processing the entries in the **Discovery Service module**. The -options in the **filter** are described below: +options in the **filter** are described in the following sections: ![Filter for discovered data](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries_5-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md index d9dc37f534..1a2051e409 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -9,13 +9,13 @@ sidebar_position: 100 ## The problem **Service accounts** are used on most networks. These accounts are used, for example, to carry out -certain services. It is not uncommon for **one and the same password** to be used here for multiple +certain services. It isn't uncommon for **one and the same password** to be used here for multiple accounts. Manually changing these passwords is extremely time consuming. Therefore, this process is often ignored for reasons of convenience. The result is that the same outdated passwords are often used for many **security-critical access -points**. This naturally represents a **severe security risk** and leaves the door wide open for any -attacker who gains access to just one of the passwords! +points**. This represents a **severe security risk** and leaves the door wide open for any +attacker who gains access to just one of the passwords. ## The solution diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index 4fa723e4de..b4d64514b8 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -34,11 +34,11 @@ If an error occurs during the execution of the **Discovery Service Task**, this ## Display in the logbook In general, the **logbook module** displays more detailed information about the **Discovery Service -Task**. The [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data +Task**. The [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md) lets you select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. ![logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_ds-3-en.webp) -The column editor can be used to arrange and display the data in the table according to their +The column editor lets you arrange and display the data in the table according to their importance. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/requirements.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/requirements.md index bcb85dff67..5f0900aba4 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/requirements.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -25,7 +25,7 @@ data. This user should be a member of admin for the corresponding group of domai can use a domain administrator. **CAUTION:** A corresponding **password** with **rights** for the **domains** must exist before -adding a **Network Scan**! +adding a **Network Scan**. ### Password @@ -37,14 +37,16 @@ adding a **Network Scan**! - The computer to be scanned and AD controller must be accessible via the network. - The service: “Windows Management Instrumentation” must have been started on the computer to be - scanned (carried out by Windows as standard). + scanned (performed by Windows as standard). - Help section for starting the service: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa826517(v=vs.85).aspx) - The firewall must not block WMI requests (not blocked as standard). - Help section for configuring the firewall: [Microsoft Website](https://msdn.microsoft.com/de-de/library/aa822854(v=vs.85).aspx) -NOTE: Only **IPv4 addresses** can currently be scanned. +:::note +Only **IPv4 addresses** can be scanned. +::: ### Open ports for the scan (necessary) @@ -59,7 +61,7 @@ Server 2003) – port 1025-5000 (TCP) or a static WMI port 2. Computer name and associated IP address: The computer name is first requested on the **DNS server** for the domain. The computer name returned by the server also contains the domain names as a postfix (e.g. Client01.domain.local). If there is no entry on the domain for the requested - IP address, the computer name is determined via **NetBIOS**. The domain name is not displayed on + IP address, the computer name is determined via **NetBIOS**. The domain name isn't displayed on the computer (e.g. Client01). In Netwrix Password Secure V8, the **DNS request** is the preferred function for determining the computer name. If no result is delivered, a request via **NetBIOS** is made. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/documents.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/documents.md index 5f1a626470..2c95204064 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/documents.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/documents.md @@ -6,15 +6,15 @@ sidebar_position: 20 # Documents -## What are documents? +## Documents overview -Security-critical data does not necessarily need to be in the form of passwords. To enable the +Security-critical data doesn't necessarily need to be in the form of passwords. To enable the uniform and secure storage of data other than passwords, Netwrix Password Secure version 9 offers effective tools for the professional handling of sensitive documents and files. The ability to share documents with others according to their permissions gives you access to the current status of a document and helps avoid redundancies. The documents module is complemented by a sophisticated version management system, which records all versions of a document that were saved in the past and -thus enables you to revert back to historical versions. The configuration of visibility is explained +thus lets you revert back to historical versions. The configuration of visibility is explained in a similar way to the other modules in one place.. ![Document modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_1-en.webp) @@ -32,11 +32,11 @@ The following option is required to add new documents. There are two ways to manage documents and files in Netwrix Password Secure v8: - **Creating a link**: In this case, only a file that is located locally or on a network drive will - be linked. The file itself is not stored in the database. Neither version management nor the + be linked. The file itself isn't stored in the database. Neither version management nor the traceability of changes in the history are possible. - **Storing the document in the database**: The file becomes part of the encrypted database. It is saved within the database and can be made available selectively to employees for further - processing in the future based on their permissions. + processing based on their permissions. ![New document](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents_2-en.webp) @@ -56,12 +56,16 @@ versions can be restored if necessary. Netwrix Password Secure provides this fun history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can be used in the same way as the [History](/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list of all information that is -relevant to the handling of sensitive data. Version management can be used to restore any historical +relevant to the handling of sensitive data. Version management lets you restore any historical versions of a document. -NOTE: The file size for a **linked document** can only be updated if the document was opened using +:::note +The file size for a **linked document** can only be updated if the document was opened using Netwrix Password Secure. +::: -NOTE: If desired, the document history can be automatically cleaned up. This option can be +:::note +If desired, the document history can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section Managing databases. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/change_form.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/change_form.md index 045899a013..43688ae610 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/change_form.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/change_form.md @@ -20,7 +20,7 @@ previously used form to the new form. In this example, a record that previously ![change form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form_2-en.webp) -The drop-down menu allows you to select the target form. The comparison of current and new form +The dropdown menu lets you select the target form. The comparison of current and new form fields is shown in the lower section. - Fields **marked in green** have already been assigned to the new form @@ -34,12 +34,12 @@ The following options are required to change forms. - Can change form for a password -**CAUTION:** Please note that information could be lost during this process! In the example, this +**CAUTION:** Information could be lost during this process! In the example, this applies to the fields "Website" and "Information". ## The effects of changes to forms on existing records -In general, changes to forms do not effect existing records. This means that a record that was +In general, changes to forms don't effect existing records. This means that a record that was created with a certain form will not itself be changed after this form has been adapted/changed. It remains in its original state. However, there are methods by which changes to forms could be adopted by existing records. There are two possibilities in this context: @@ -67,7 +67,7 @@ the form. ## Conclusion -A common feature of both variants is that adjustments to forms cannot be automatically triggered. +A common feature of both variants is that adjustments to forms can't be automatically triggered. Already existing records are thus not automatically adjusted. The adjustment thus needs to be -carried out manually. In the first case, the manual step is to use the function "Change form". In -the second case, it is sufficient to simply edit and save the record. +performed manually. In the first case, the manual step is to use the function "Change form". In +the second case, it is sufficient to edit and save the record. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/forms.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/forms.md index a640e43300..010d868ee5 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/forms.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/forms/forms.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Forms -## What are forms? +## Forms overview When creating a new data record, it is always indispensable to query all relevant data for the intended application. In this context, **Forms** represent templates for the information which have to be stored. The manageability of existing forms primarily ensures the completeness of the data -which have to be stored. Nevertheless, their use as an effective filter criterion is not to be +which have to be stored. Nevertheless, their use as an effective filter criterion isn't to be ignored! Forms have a lasting impact on working withNetwrix Password Secure v8 and must be managed and maintained with the necessary care by the administration. @@ -29,7 +29,7 @@ The following options are required to add new forms. ## Standard forms Netwrix Password Secure is supplied with a series of standard forms – these should generally cover -all standard requirements. Naturally, it is still possible to adapt the standard forms to your +all standard requirements. It is still possible to adapt the standard forms to your individual requirements. ![forms](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) @@ -44,7 +44,7 @@ the field type are visible. The wizard for creating new forms can be started via the ribbon, the keyboard shortcut "Ctrl + N" or also the context menu that is accessed using the right mouse button. The same mechanisms can now be used to create new form fields within the wizard. Depending on the selected field type, other -options are available in the **field settings** section. This will be clearly explained below using +options are available in the **field settings** section. This will be clearly explained in the following sections using the example of the field type "Password". The sequence in which form fields are requested when creating new records corresponds to the sequence within the form. This can be adapted using the relevant buttons in the ribbon. @@ -53,7 +53,7 @@ relevant buttons in the ribbon. The following field settings thus appear for the field type "Password": "Mandatory field, reveal only with reason, check only generated passwords and password policy". These can now be defined as -desired. (**Note**: It is possible to select +desired. (**Note**: You can select [Password rules](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; they are defined as part of the options in the main menu) @@ -64,9 +64,9 @@ The prerequisite is that the logged-in user has at least read rights to the form In the same way as for other objects (records, roles, documents,…), permissions can also be granted for forms. On the one hand, this ensures that not everyone can edit existing forms, while on the -other hand, it allows you to make forms available to selective groups. This ensures that clarity is -maintained and that users are not confronted with information that is irrelevant to them. The form -"Credit cards" may be relevant within the accounting department but administrators do not generally +other hand, it lets you make forms available to selective groups. This ensures that clarity is +maintained and that users aren't confronted with information that is irrelevant to them. The form +"Credit cards" may be relevant within the accounting department but administrators don't generally need to use it. ## Configuring the info field @@ -77,8 +77,8 @@ The name of the form is displayed in between in a blue font. ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_4-en.webp) -The name of the record (192.168.150.236) and the form (password) cannot be adjusted – these are -always displayed. The user (Administrator) that is still saved for the record is currently +The name of the record (192.168.150.236) and the form (password) can't be adjusted – these are +always displayed. The user (Administrator) that is still saved for the record is displayed. This can be configured in the info field for the form. It is thus possible to separately define for each form what information for a record can be directly seen in list view. In the form module, the info field is configured by opening the form which has to be edited in editing mode by @@ -86,7 +86,7 @@ double clicking on it and then pressing the \*Configure info field” button in ![Configuring the info field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_5-en.webp) -This will open a separate tab that enables you to design the info section via drag & drop. The +This will open a separate tab that lets you design the info section via drag & drop. The fields that are available on the right can be "dragged" onto the configuration window on the left. In the following example, "Start RDP session2 will be made visible in the info section, whereby only the word "RDP" is assigned a function – namely to start the RDP manager. A preview is shown in the @@ -99,9 +99,11 @@ the RDP session. ![updated form](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) -NOTE: The **forms module** is based on the +:::note +The **forms module** is based on the [Web Application](/docs/passwordsecure/current/configuration/webapplication/web_application.md) module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## Standard form diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/logbook.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/logbook.md index 5f517d21fb..0220d2829c 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/logbook.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/logbook.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Logbook -## What is a logbook? +## Logbook overview Netwrix Password Secure logs all user interactions. These entries can be viewed and filtered via the logbook. The logbook records which user has made exactly what changes. This module is @@ -25,7 +25,7 @@ The following options are required: ## Use of the filter in the logbook -You can also use the filter in the logbook. This enables you to limit the number of displayed +You can also use the filter in the logbook. This lets you limit the number of displayed elements based on the defined criteria. In the following example, the user is searching for logbook entries relating to the object type “Password” that also match the event criteria "Change". In short: The entries are being filtered based on changes to passwords. @@ -36,7 +36,7 @@ short: The entries are being filtered based on changes to passwords. This list can also be grouped together by dragging and dropping column headers – see the following grouping of the columns for **computer user**. The filtered results now show all changes to -passwords carried out by the computer user "administrator". +passwords performed by the computer user "administrator". ![Logbook entries](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook_3-en.webp) @@ -47,9 +47,11 @@ of state is recorded and saved in the MSSQL database. There are no plans to allo logbook entries to be selectively defined. It is only by using this process that changes are completed in a traceable and audit-proof manner to prevent falsification. -NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the +:::note +If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section [Managing databases](/docs/passwordsecure/current/configuration/servermanager/managingdatabases/managing_databases.md). +::: ## Transferring to a Syslog server diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/notifications.md index 0889f48cdf..29982dd2d4 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/notifications.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/notifications.md @@ -6,11 +6,11 @@ sidebar_position: 30 # Notifications -## What are notifications? +## Notifications overview With the notification system, you are always up-to-date on all events that you consider important. -Almost all modules allow users to configure notifications. All configured messages are only created -for the currently registered Netwrix Password Secure user. It is not possible to create a +Almost all modules let users configure notifications. All configured messages are only created +for the registered Netwrix Password Secure user. It isn't possible to create a notification for another user. Each user can and should define himself which passwords, which triggers as well as changes are important and informative for him. The configuration of visibility is explained in a similar way to the other modules in one place @@ -18,8 +18,10 @@ is explained in a similar way to the other modules in one place ![Notifications modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) -NOTE: The reading pane is deactivated in this module by default. It can be activated in the +:::note +The reading pane is deactivated in this module by default. It can be activated in the "Display" tab in the ribbon. +::: ## Module-specific ribbon functions @@ -31,13 +33,13 @@ administrators and users to maintain control and transparency independent of the ### Mark notifications as read -The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +The two buttons on the ribbon let you mark notifications as read/unread. In particular, the filter criterion available in this context (see following screenshot) enables fast sorting according to current and also historical notifications. ![filter notifications](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) -It is possible to mark the notifications as read/unread via the ribbon and also via the context menu +You can mark the notifications as read/unread via the ribbon and also via the context menu that is accessed using the right mouse button. If the corresponding setting has been activated, opening a notification will also mean that it is marked as read. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md index 2af4c8d6d2..3c79aa1cbd 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Active Directory link -## What are active directory profiles? +## Active directory profiles overview The connection to Active Directory (AD) is established via so-called AD profiles. These profiles contain all of the information relevant for establishing a connection to AD and enable imports/synchronization of users, organisational units or roles. To connect to various different -ADs, it is naturally also possible to create multiple AD profiles. +ADs, it is also possible to create multiple AD profiles. ## Two import modes in comparison @@ -21,17 +21,19 @@ differ significantly and are explained in separate sections. - End-to-end encryption - Master Key mode -In principle, the two variants differ by the presence of the encryption mentioned above. In the +In principle, the two variants differ by the presence of the encryption previously mentioned. In the solution with active end-to-end encryption (**E2EE**), the process may be less convenient (see table) but there is a huge benefit in terms of security. In Master Key mode, a master key is created on the server that has full permissions for all users, organisational units and roles. This -represents an additional attack vector, which does not exist in end-to-end mode. In return, however, +represents an additional attack vector, which doesn't exist in end-to-end mode. In return, however, in Master Key mode, users can be updated via synchronization with the Active Directory. Memberships of organisational units and roles are also imported. In the more secure end-to-end mode, this -synchronization of the changes must be carried out manually. +synchronization of the changes must be performed manually. -NOTE: It is technically possible to create several profiles with different modes. However, this is +:::note +It is technically possible to create several profiles with different modes. However, this is not recommended for the sake of clarity. +::: | Comparison of the modes | End-to-end mode | Master key mode | | ---------------------------------------------------------- | --------------- | --------------- | @@ -57,7 +59,7 @@ Secure. In contrast, a connection in **Master Key mode offers the highest level imports not only users, organisational units and roles but also their links and assignments. Synchronization with Active Directory is possible – **The AD is used as the leading system**. -## Users, groups and roles +## Users, groups, and roles When importing or synchronizing from Active Directory, users are also added as users in Netwrix Password Secure. Netwrix Password Secure also uses the organisational units as such. @@ -66,10 +68,12 @@ In order for Netwrix Password Secure to be quickly integrated into the given inf can also be directly imported from the Active Directory. Namely Active Directory Groups are used to password-safe roles. -NOTE: Groups in groups Memberships, which may be present in the Active Directory, will not be +:::note +Groups in groups Memberships, which may be present in the Active Directory, will not be displayed within Netwrix Password Secure. Both groups are imported as roles, but independent and not linked in any way. +::: **CAUTION:** If Master Key mode has been selected for the Active Directory profile, the AD is the -leading system. In this mode, roles that have been imported cannot be changed locally in Netwrix +leading system. In this mode, roles that have been imported can't be changed locally in Netwrix Password Secure. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index e2d6f50787..c864ead6e1 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -8,7 +8,7 @@ sidebar_position: 10 ## Maximum encryption -[Active Directory link](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +[Active Directory link](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is @@ -34,15 +34,17 @@ The process for creating a new profile is started via the icon "manage profiles" ![New AD profile](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_1-en.webp) -NOTE: "End-to-end" needs to be set in the "Encryption" field +:::note +"End-to-end" needs to be set in the "Encryption" field +::: A **user** is required to access the AD. The user should be formatted as follows: Domain\user. It must have access to the AD. -- The relevant **user password** (domain password) is required for the user mentioned above +- The relevant **user password** (domain password) is required for the user previously mentioned - **Direct search** is recommended for very large domain trees. The representation of the tree structure is omitted, elements can only be found and selected via the search. -- The **filter** can be used to directly specify an AD path as an entry point via an LDAP query. +- Use the **filter** to directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration – can be selected for the connection of the AD to Netwrix Password Secure: - Secure @@ -95,8 +97,10 @@ provides helpful functions for selecting the individual elements. In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. -NOTE: If individual users, organisational units, or roles cannot be selected for import, they have +:::note +If individual users, organisational units, or roles can't be selected for import, they have already been imported via another profile +::: ## Summary @@ -107,20 +111,24 @@ element is imported. The number of objects is added together at the bottom. ![Import wizard/Summary](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_6-en.webp) -NOTE: Depending on the amount of data, it may take several minutes to create the summary. +:::note +Depending on the amount of data, it may take several minutes to create the summary. +::: ## Importing -The import itself is carried out by the server in the background. The individual elements then +The import itself is performed by the server in the background. The individual elements then appear in the list one by one. This may take some time, depending on the amount of import data. If the import is terminated, you will receive a confirmation. ![confirmation](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_7-en.webp) -NOTE: As end-to-end encryption is retained in this mode, the server does not receive a key to match +:::note +As end-to-end encryption is retained in this mode, the server doesn't receive a key to match already imported users with the AD. There is thus no synchronization with the AD. Similarly, no memberships can be imported. After the import, users must be manually assigned to the appropriate organisational units and roles. +::: ## Imported users and organisational units @@ -150,11 +158,13 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | None | None | None | -NOTE: In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +:::note +In end-to-end mode, **no role affiliations** are issued during the import or synchronization. +::: ## Logging into Netwrix Password Secure -Users imported in this mode can not login with the domain password. Rather, a password is generated +Users imported in this mode can't login with the domain password. Rather, a password is generated during import. This password is sent to the users by e-mail. If a user has not entered an e-mail address, the user name is entered as the password. The initial password can be changed by the administrator or the user himself at the first login. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index 2d13586177..d204413da2 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -32,7 +32,9 @@ The following information must be provided in the profile: - An optional **description** - Masterkey mode is selected for the **encryption** -NOTE: In the case of already created profiles, the encryption can no longer be changed. +:::note +In the case of already created profiles, the encryption can no longer be changed. +::: - The **domain** field is used to define which domain is to be read. The value entered here will also be used for authentication if no alternative spellings have been saved under **Other domain @@ -52,7 +54,7 @@ NOTE: In the case of already created profiles, the encryption can no longer be c updated on the next synchronization, regardless of whether the record has changed in the Active Directory or not. (This checkbox is automatically activated when you have edited the other responsible users and is deactivated again after the next synchronization). -- The **LDAP filter** can be used to directly specify an AD path as an entry point via an LDAP +- Use the **LDAP filter** to directly specify an AD path as an entry point via an LDAP query. - Various security options – so-called AuthenticationTypes Enumeration (**Flags**) – can be selected for the connection of the AD to Netwrix Password Secure: @@ -62,23 +64,27 @@ NOTE: In the case of already created profiles, the encryption can no longer be c - Signing - Sealing -NOTE: The first two options are already activated by default when configuring a new profile. If a -connection is not possible, deactivate SecureSocketsLayer and try again. +:::note +The first two options are already activated by default when configuring a new profile. If a +connection isn't possible, deactivate SecureSocketsLayer and try again. +::: -- **Other responsible users or roles** can be used to define who is permitted to carry out the +- **Other responsible users or roles** defines who is permitted to perform the synchronization with the AD. -- The option **Other domain names** can be used to save alternative spellings of the login domain. +- The option **Other domain names** lets you save alternative spellings of the login domain. These must correspond to the spelling entered in the login window. For example, if a connection is - being established to the domain **jupiter.local** or an IP address, the login can only be carried - out with **jupiter\user** if **jupiter** has been saved here. + being established to the domain **jupiter.local** or an IP address, the login can only be performed + with **jupiter\user** if **jupiter** has been saved here. **CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the generated certificate! If the database is being moved to another server, the certificate also needs to be transferred! Further information can be found in the section [Certificates](/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md). -NOTE: You can now use the option to integrate a RADIUS server. Read more in +:::note +You can now use the option to integrate a RADIUS server. See [RADIUS authentication](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). +::: ## Import @@ -118,8 +124,10 @@ selection of the individual elements. ![select subjects](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end_to_end_encryption_5-en.webp) -NOTE: If individual users cannot be selected for import, they have already been imported via an +:::note +If individual users can't be selected for import, they have already been imported via an end-to-end encrypted profile. +::: In the lower area you can specify whether the users just selected for import should be created as **Light** or **Advanced User (View)**s. @@ -143,7 +151,7 @@ this is symbolized by a hint. ## Imported users and organisational units -The users and organisational units imported in Masterkey mode cannot be edited in Netwrix Password +The users and organisational units imported in Masterkey mode can't be edited in Netwrix Password Secure. Therefore, any changes must be made in AD and synchronized. AD thus becomes the leading system. Affiliations to roles are also synchronized and must be set in the AD. In organisational units or roles created in Netwrix Password Secure, the users can be included directly in Netwrix @@ -171,23 +179,27 @@ The rights will be issued as follows during the import or synchronization. | Is the "add" right issued? | No | No | No | | Who receives the rights key? | All with the "authorize" right | None | All with the "authorize" right | -NOTE: If a user is imported, he will be given those roles that he also had in AD insofar as these +:::note +If a user is imported, he will be given those roles that he also had in AD insofar as these roles already exist in Netwrix Password Secure or have also been imported. +::: ## Logging into Netwrix Password Secure -Users who are imported using this mode can log in with the domain password. Please note that no +Users who are imported using this mode can log in with the domain password. No domain needs to be specified when logging in. Of course, the login process can also be supplemented with [Multifactor Authentication](/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md). -NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server +:::note +Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain -password. If the logon via Kerberos does not work – e.g. due to incorrect configuration of the +password. If the logon via Kerberos doesn't work – e.g. due to incorrect configuration of the domain controller – the logon via the NTLM protocol is attempted. However, these are all settings that have to be made on the domain controller and have nothing to do with Netwrix Password Secure. +::: -**CAUTION:** Logging on to Netwrix Password Secure using SSO via Kerberos is currently not possible. +**CAUTION:** Logging on to Netwrix Password Secure using SSO via Kerberos isn't possible. ## Permissions to imported objects @@ -203,7 +215,9 @@ The rights to be issued to imported users are explained in the following example keys as it will be used for the synchronization 5. Finally, users will be issued with the rights for themselves -NOTE: All users and roles issued with **rights** to the imported object also receive its rights key. +:::note +All users and roles issued with **rights** to the imported object also receive its rights key. +::: ## Synchronization @@ -213,8 +227,10 @@ or deactivated according to the settings in the AD. If the membership of organis be changed, this can be done by **Drag & Drop**. New users and correspondingly defined roles are imported. -NOTE: If the tick was not set in the Synchronization column when a user is imported, no changes are +:::note +If the tick wasn't set in the Synchronization column when a user is imported, no changes are made. +::: ### Manual synchronization @@ -227,7 +243,7 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks -The synchronization can also be carried out automatically. This is made possible via the +The synchronization can also be performed automatically. This is made possible via the [System tasks](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users @@ -237,8 +253,8 @@ next synchronization. For this purpose, it is necessary for the user to be impor **synchronizable** user. If the user is only deleted from Netwrix Password Secure but retained in Active Directory, a -synchronization needs to be carried out to delete it from the database. For this purpose, the wizard -is called up via **import**. The first step is to select an organisational unit. This has no effect +synchronization needs to be performed to delete it from the database. For this purpose, the wizard +is opened via **import**. The first step is to select an organisational unit. This has no effect when simply deleting a user. The second step is to search for the user. Both ticks are removed. After checking the summary, the process is concluded. The synchronization is completed and the user diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md index 9f6b032355..7e9b796238 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 30 # RADIUS authentication -## What is the RADIUS authentication? +## RADIUS authentication overview RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol used primarily for authentication and authorization of users during dial-up connections in corporate networks. Netwrix diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md index 65598aaa50..0bf3e3ad13 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Directory services -It is possible to use existing user and group structures from external directories with Netwrix +You can use existing user and group structures from external directories with Netwrix Password Secure. Choose your preferred integration method: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md index f2975dd9af..acba7821c2 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -13,14 +13,14 @@ from multiple Entra IDs, you can create multiple profiles. ## Introduction -## Why Entra ID? +## Benefits of Entra ID More and more companies use cloud services. Therefore, also the management of users is outsourced. Instead of a classic Active Directory via LDAP, an Entra ID is used more often. Netwrix Password Secure integrates the possibility to bring in users and roles from Azure. To use users and roles from multiple Entra IDs, you can create multiple profiles. -Remember, In order to use Azure login with the windows application, +Remember, To use Azure login with the windows application, [WebView2](https://developer.microsoft.com/de-de/microsoft-edge/webview2/) from Microsoft must be installed on the client device. @@ -28,10 +28,10 @@ installed on the client device. The connection to the Entra ID differs in one special point from the connection to a conventional Active Directory. While Netwrix Password Secure queries the users, groups, and roles actively from -the conventional AD, the Entra ID is pushing them automatically to our server. For this a so-called +the conventional AD, the Entra ID is pushing them automatically to the server. For this a so-called [SCIM service](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) is used. -To login to Netwrix Password Secure, after entering the username a popup opens for the +To log in to Netwrix Password Secure, after entering the username a popup opens for the authentication with the entered Microsoft account. Here, a possible configured second factor is also requested. The authentication is handled via the [Open ID Connect protocol](https://openid.net/connect/). @@ -40,7 +40,7 @@ requested. The authentication is handled via the Below you will find instructions on how to connect Entra ID to Netwrix Password Secure. In the Azure portal, go to the management page of your Microsoft Entra ID. Use an account with administrative -permissions for this. During this, login to Netwrix Password Secure with an account that has the +permissions for this. During this, log in to Netwrix Password Secure with an account that has the user right "Display organisational structure module", "Can manage Entra ID profiles", and "Can create new Entra ID profiles" enabled. @@ -48,10 +48,12 @@ create new Entra ID profiles" enabled. ### New enterprise application -Login to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of +Log in to the [Azure portal](https://portal.azure.com/#azure-portal) and go to the management page of your Microsoft Entra ID. -NOTE: You need an account with administrative permissions +:::note +You need an account with administrative permissions +::: - Write down your "Tenant ID" shown in the Azure console or by using PowerShell: @@ -62,12 +64,14 @@ Connect-AzureAD ``` - Navigate in your Entra ID to "Enterprise applications" -- Add an own application, that is not listed in the Azure Gallery – in our example, we name it +- Add an own application, that isn't listed in the Azure Gallery – in the example, Password Secure name it "Netwrix Password Secure" -NOTE: A key feature of Netwrix Password Secure is, that it is self-hosted by our customers. However, -to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure is not +:::note +A key feature of Netwrix Password Secure is, that it is self-hosted by the customers. However, +to be listed in Azure Gallery, a SaaS model is required. Therefore, Netwrix Password Secure isn't available in the Azure Gallery. +::: - When the application was created successfully, you are redirected to it automatically - Write down the "Application ID" @@ -75,14 +79,16 @@ available in the Azure Gallery. - Add the Users and groups that should be available to Netwrix Password Secure **CAUTION:** The import of Azure groups as Netwrix Password Secure roles is only possible if you -have booked the Azure package Entra ID Premium P1! +have booked the Azure package Entra ID Premium P1. - Navigate to the "Provisioning" page - Configure the Provisioning Mode to "Automatic" ### Netwrix Password Secure Entra ID configuration -NOTE: Your Netwrix Password Secure user need the following permissions: +:::note +Your Netwrix Password Secure user need the following permissions: +::: ``` @@ -93,7 +99,7 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ``` - Navigate to the module "Organisational structure" -- In the toolbar, click on "Manage profiles" in the category "Entra ID" +- In the toolbar, click "Manage profiles" in the category "Entra ID" - Create the profile with your information - Insert the `Tenant ID` and the `Application ID` - As soon as the profile has been saved, a popup opens for generating a token @@ -103,18 +109,20 @@ NOTE: Your Netwrix Password Secure user need the following permissions: ### Azure provisioning configuration Fill the fields "Tenant URL" and "Secret Token" with the information provided by Netwrix Password -Secure Click "Test Connection" When the test has been successful, click on "Save" at the top of the +Secure Click "Test Connection" When the test has been successful, click "Save" at the top of the page Back on the "Provisioning" page, click "Start provisioning" In the settings of the provisioning, check if "Provisioning Status" is set to "On" All allocated users and groups are created in Netwrix Password Secure now -NOTE: Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and +:::note +Azure´s default provisioning interval is 40 Minutes. So it may some time until the users and roles are shown in Netwrix Password Secure. +::: -**CAUTION:** Please note that Azure establishes the connection to Netwrix Password Secure. For this, +**CAUTION:** Azure establishes the connection to Netwrix Password Secure. For this, the client URL must be accessible from an external network / provisioning agent and any used SSL -certificate must be valid! If the users are not created in Netwrix Password Secure, consult the -Azure Enterprise Application Provisioning log for more information. +certificate must be valid! If the users aren't created in Netwrix Password Secure, consult the +Azure Enterprise Application Provisioning log for details. ### Azure login configuration @@ -123,8 +131,8 @@ To enable the Azure login for your users, a few more steps are required: - Navigate to the Overview page of your Entra ID - Navigate to "App registrations" - If no application is displayed, click "All applications" -- Click on "Netwrix Netwrix Password Secure" and navigate to "Authentication" -- Click on "Add a platform", select "Web" and configure the required URIs: +- Click "Netwrix Netwrix Password Secure" and navigate to "Authentication" +- Click "Add a platform", select "Web" and configure the required URIs: | Client | URI | | ------------------------ | ------------------------------------------------------------------------- | @@ -136,7 +144,7 @@ To enable the Azure login for your users, a few more steps are required: ![web_configuration_entra_id](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/web_configuration_entra_id.webp) -Click on "Add a platform", select "Mobile & desktop applications" and configure the required +Click "Add a platform", select "Mobile & desktop applications" and configure the required mobile-app URI: | Client | URI | @@ -147,7 +155,7 @@ mobile-app URI: #### Create client secret -Navigate to your Netwrix Netwrix Password Secure App registration -> Certificates & secrets -> +Navigate to your Netwrix Password Secure App registration -> Certificates & secrets -> Client secret Create a client secret: @@ -160,11 +168,11 @@ Copy it over to the Netwrix Password Secure Entra ID profile: #### Set API permissions -Finally, the API permissions for the Azure API have to be set, so the login to can be performed +Finally, the API permissions for the Azure API have to be set, so the log in to can be performed successfully. 1. Navigate to "API permissions" and click "Add a permission" 2. Select "Microsoft Graph" and then "Delegated permissions" 3. Set the checkboxes for "openid" and "profile" just under "OpenId permissions" -4. Click on "Add permissions" -5. Click on "Grant admin consent for YOUR_AD_NAME" +4. Click "Add permissions" +5. Click "Grant admin consent for YOUR_AD_NAME" diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md index 8825ca490e..ac9fcb051e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -6,25 +6,25 @@ sidebar_position: 10 # Microsoft Entra ID Services FAQ -## Is it possible to migrate from LDAP to Entra ID? +## Migrating from LDAP to Entra ID -Currently, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is -not possible! +, an automated migration from LDAP users (E2E as well as MasterKey) to Entra ID users is +not possible. -## Which port is used for the SCIM endpoint for provisioning users/groups from Entra ID to the Application Server? +## SCIM endpoint port for provisioning users and groups from Entra ID to the Application Server 11015 is the port that will be used for the communication from Entra ID to Netwrix Password Secure. -## Does the Entra ID connection support nested groups? +## Entra ID connection support for nested groups -Due to Azure based technical limitations, Netwrix Password Secure does not support nested groups. +Due to Azure based technical limitations, Netwrix Password Secure doesn't support nested groups. -## Does Entra ID work on servers that are only available internally? +## Entra ID on internally available servers -An integration on servers, that are not accessible from external sources, the integration of Entra +An integration on servers, that aren't accessible from external sources, the integration of Entra ID is also possible. For this, you can use the [Entra ID on-premises application provisioning to SCIM-enabled apps](https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-scim-provisioning). -This can be installed on all or only one application server. It must be noted that the IP or DNS +This can be installed on all or only one application server. The IP or DNS name of the "Tenent URL" specified in the subsequently created enterprise application is present in the alternative application names in the server certificate. Tip: `https://127.0.0.1:11015/scim` can also be specified as the "Tenent URL", in which case 127.0.0.1 must again be present in the @@ -52,6 +52,6 @@ alternative application names in the server certificate. - Click "Get started" - Set provisioning mode "Automatic" - Unhide "On-Premises Connectivity" -- Assign the just installed agent to this application by selecting it and click "Assign Agent(s)" +- Assign the just installed agent to this application by selecting it and click "Assign Agents" - It takes about 20 minutes until the agent is correctly connected to your application and you can proceed. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index 61def5f709..fa9e55cbd5 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -6,9 +6,9 @@ sidebar_position: 40 # First factor -## What is meant by first factor? +## First factor overview -It is a process that regulates access to our system. +It is a process that regulates access to the system. ## Requirements @@ -25,19 +25,21 @@ The configuration is done via the user setting **First factor**. ![Smartcard 1st factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor_2-en.webp) -NOTE: This option is only valid for users in master key mode +:::note +This option is only valid for users in master key mode +::: **CAUTION:** Be Aware" The smartcard logon tries to determine whether the certificate belongs to the user to be logged on based on the applicant in the smartcard certificate. This is done using regex, the default regex `^{username}[.@\\/-_:]({domain})$` or `^({domain})[.@\\/-_:]({username})$` is applied to the applicant. In this case, `{username}` is replaced with the user to be registered and `{domain}` is replaced with the domain in the AD profile in the regex and if the regex query is -positive, the user is registered. If the format of your applicant in your certificates is not +positive, the user is registered. If the format of your applicant in your certificates isn't compatible with these two regex queries, you must set a custom regex query in the Server Manager. -Please note that `{username}` for username and `{domain}` for the AD domain SHOULD be present in the +`{username}` for username and `{domain}` for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters. -In addition, the smartcard certificate must of course also be valid on the server! +In addition, the smartcard certificate must of course also be valid on the server. ## Fido2 (only at the Web Application) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md index 108a04439b..198512d891 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Managing users -User management in Netwrix Password Secure depends on whether it is connected to a directory service such as **Active Directory** or **Microsoft Entra ID**. When a directory service is integrated, users are managed in that directory and synchronized with Password Secure, and customers can choose between two security models: **Master Key Mode** (MKM) or **End-to-End Encryption** (E2EE). In MKM, the directory remains the authoritative source and users can sign in with their existing credentials (for example, their Entra ID or Active Directory account), providing a seamless user experience; however, because the encryption key must be available on the server, additional security measures — such as storing keys in a [**Hardware Security Module** (HSM)](/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection) — should be considered. In contrast, the E2EE model ensures that encryption keys are not accessible on the server, offering a higher level of security. If no directory service is connected, users are managed directly within Password Secure (via the organisational structures module), and only the E2EE model is available. +User management in Netwrix Password Secure depends on whether it is connected to a directory service such as **Active Directory** or **Microsoft Entra ID**. When a directory service is integrated, users are managed in that directory and synchronized with Password Secure, and customers can choose between two security models: **Master Key Mode** (MKM) or **End-to-End Encryption** (E2EE). In MKM, the directory remains the authoritative source and users can sign in with their existing credentials (for example, their Entra ID or Active Directory account), providing a seamless user experience; however, because the encryption key must be available on the server, additional security measures — such as storing keys in a [**Hardware Security Module** (HSM)](/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection) — should be considered. In contrast, the E2EE model ensures that encryption keys aren't accessible on the server, offering a higher level of security. If no directory service is connected, users are managed directly within Password Secure (via the organisational structures module), and only the E2EE model is available. -## How are users managed in Netwrix Password Secure? +## User management in Netwrix Password Secure The way in which users are managed is highly dependent on whether Active Directory is connected or not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then @@ -27,7 +27,7 @@ Can add new users -Display organisational structure module ## Adding local users In general, new users are added in the same way as creating a local organisational unit. Therefore, -only the differences will be covered below. +only the differences will be covered in the following sections. ### Creating users @@ -43,15 +43,17 @@ only the differences will be covered below. checking the integrity and hierarchies of various pieces of information with one another but are not required to productively work with the information themselves. This could be a data protection officer or also an administrator in some cases. This would be the case if an administrator was - responsible for issuing permissions to other people but should not be able to view the data + responsible for issuing permissions to other people but shouldn't be able to view the data themselves. The property **restricted user** is used to limit the visibility of the password field. It thus deals with purely administrative users or controlling entities. -NOTE: Restricted users cannot view any passwords +:::note +Restricted users can't view any passwords +::: ### Configuring rights -The second tab of the wizard allows you to define the permissions for the newly created user. If an +The second tab of the wizard lets you define the permissions for the newly created user. If an allocated organisational unit or a rights template group was defined in the first tab, the new user will inherit its permissions. Here, these permissions can be adapted if desired. @@ -63,23 +65,23 @@ globally defined user rights. ## Importing users -Importing from Active Directory can be carried out in two ways that are described in a separate +Importing from Active Directory can be performed in two ways that are described in a separate section. ## User licenses There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all -other editions you can only purchase Advanced view licenses. Please note that licensed Basic view -users are not able to use the Advanced view. However, Advanced view Users can also switch to the +other editions you can only purchase Advanced view licenses. Licensed Basic view +users aren't able to use the Advanced view. However, Advanced view Users can also switch to the Basic view. -**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a -Basic view user! +**CAUTION:** For licensing reasons, it isn't intended to switch from a Advanced view user to a +Basic view user. -Our sales team will be happy to answer any questions you may have about licensing. +The sales team will be happy to answer any questions you may have about licensing. -Display data to which the user is authorized In order to display the data to which a user is -authorized, you must right-click on the corresponding user in the organisational structure. In the +Display data to which the user is authorized To display the data to which a user is +authorized, you must right-click the corresponding user in the organisational structure. In the context menu that opens, you will find the following options under **displaying data records**: - Passwords - Documents @@ -90,5 +92,7 @@ context menu that opens, you will find the following options under **displaying - System Tasks - Seal templates -NOTE: All authorizations for a data record are taken into account, regardless of whether you are +:::note +All authorizations for a data record are taken into account, regardless of whether you are authorized by a role or the user. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index fa1e82bdb1..d244624589 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -9,7 +9,7 @@ sidebar_position: 10 ## User passwords Depending on the type of user, they will either be allocated their password in Netwrix Password -Secure or the login will be carried out using access data for the domain. How the user logs in also +Secure or the login will be performed using access data for the domain. How the user logs in also differs according to the type of user. ### Differences between users and passwords @@ -23,12 +23,12 @@ differs according to the type of user. migration. - **AD users in Master Key mode** These users log in directly with access data for the domain. It is thus not necessary to assign them a password. As these users directly authenticate themselves via - Active Directory, the currently saved password in Active Directory is thus always valid. These + Active Directory, the saved password in Active Directory is thus always valid. These users can still directly log in using the existing password even after a migration ### Required rights -Various rights are required in order to issue or change user passwords. One prerequisite is the user +Various rights are required to issue or change user passwords. One prerequisite is the user right **Can display organisational structure module**. **Read** and **write** rights for the user are also required. Finally, membership of the user is required. Normally, the user themselves and the user who created or imported the user have the right to change their password. @@ -38,11 +38,11 @@ the user who created or imported the user have the right to change their passwor ### Assigning and changing passwords As already explained, local users are directly assigned their initial password when the user is -created. The situation is different for users that are imported in end-to-end mode. They do not +created. The situation is different for users that are imported in end-to-end mode. They don't possess a password directly after the import and can thus not log in. It is thus necessary to assign passwords after the import. -The passwords can be directly assigned or changed via the ribbon. Naturally, it is also possible to +The passwords can be directly assigned or changed via the ribbon. It is also possible to select multiple users if e.g. several imported users should be assigned the same password. ![change password](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_2-en.webp) @@ -59,7 +59,7 @@ automatically deactivated after the user has successfully logged in and changed ### Security of passwords -To guarantee that passwords are sufficiently strong, it is recommended that corresponding +To guarantee that passwords are sufficiently strong, Netwrix recommends that corresponding [Password rules](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is especially important to ensure here that user names are excluded. The password rule then still needs to be defined as a user password rule. @@ -70,7 +70,7 @@ The process for logging into the database differs depending on the type of user. ### Local user -Local users simply log in using their user name and the assigned password. +Local users log in using their user name and the assigned password. ![login username](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_4-en_415x238.webp) @@ -83,9 +83,11 @@ password the same as local users. If multiple domains have been configured or th with the same name, the name of the domain must be entered in front of the user name The name of the domain must be entered as it is configured in the AD profile under **Domains**. The -option **Other domain names** can be used to save other forms of the domain name. +option **Other domain names** lets you save other forms of the domain name. ![AD User](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_6-en.webp) -NOTE: The logon to the client is automatically forwarded to the Autofill Add-on and other clients on +:::note +The logon to the client is automatically forwarded to the Autofill Add-on and other clients on the same computer. The same applies to logging on to the Autofill Add-on. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index ea7457c6b1..557d4f25ef 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Multifactor authentication -## What is multifactor authentication? +## Multifactor authentication overview By means of multifactor authentication, you can save the login – in addition to the password – with a further factor. Setting up a multifactor authentication can be done by either the administrator or @@ -19,7 +19,7 @@ Manager. In the database module, open the settings for the selected database via ![database settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_1-en.webp) -It is possible to separately define in the settings whether it is permitted to use each interface on +You can separately define in the settings whether it is permitted to use each interface on the database. ![multifactor authentication](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_2-en.webp) @@ -29,9 +29,11 @@ the database. In the user settings, it is also possible to define the "Length of validity of a multifactor authentication token" in minutes. -NOTE: In order for a user (administrator) to be able to **configure** multifactor authentication for +:::note +In order for a user (administrator) to be able to **configure** multifactor authentication for other users, the user must have the rights **read**, **write**, **delete** and **authorize**. It is important that these rights exist before Multifactor Authentication is set up. +::: ## Configuration of multifactor authentication @@ -51,18 +53,20 @@ QR code is displayed, which must be scanned using the Google Authenticator app o ![google authenticator](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_4-en.webp) -Once the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must -then enter it in the appropriate field. Finally, click on **Create** in the ribbon. +After the Google Authenticator app has detected the QR code, it will return a 6-digit PIN. You must +then enter it in the appropriate field. Finally, click **Create** in the ribbon. ## RSA SecurID Token -To set up multifactor authentication using RSA SecurID, simply enter the RSA user name and click +To set up multifactor authentication using RSA SecurID, enter the RSA user name and click **Create** directly in the ribbon. ![RSA SecurID Token](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_5-en.webp) -NOTE: The prerequisite for the use of RSA SecurID token is that the access data has been stored in +:::note +The prerequisite for the use of RSA SecurID token is that the access data has been stored in the Database settings on the Server Manager. +::: ## Public key infrastructure @@ -71,7 +75,7 @@ All eligible certificates are displayed. ![Public key infrastructure](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_7-en.webp) -Now just select the desired certificate from the list to confirm the process. +Select the desired certificate from the list to confirm the process. ## Yubico One Time Password @@ -84,7 +88,7 @@ The multifactor authentication can be deleted by the user himself or by another authorization. The rights **Read**, **Write**, **Authorize** and **Delete** are required for another user to perform the deletion. -In order to delete a file, you should go to the main menu. Under **Account** you will find the item +To delete a file, you should go to the main menu. Under **Account** you will find the item **Multifactor Authentication**. An alternative way is to enter the management of multifactor authentication via the organisational structure. To do so, select the corresponding user and click on the **Multifactor Authentication** ribbon. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md index 501b7434d3..b0f0721d59 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -8,7 +8,7 @@ sidebar_position: 20 ## Using OTP in Netwrix Password Secure -A one-time password is a password that is valid once and can be used for authentication or +A one-time password is a password that is valid once and is valid for authentication or transactions. Accordingly, each additional authentication or authorization requires a new one-time password. @@ -43,10 +43,12 @@ How to use the HTML WebViewer can be read in the chapter with the same name. ##### OTP in Emergency WebViewer -NOTE: The special feature of the Emergency WebViewer is that the stored OTP secret is also +:::note +The special feature of the Emergency WebViewer is that the stored OTP secret is also displayed. +::: -In order to use the One-Time-Password in the +To use the One-Time-Password in the [EmergencyWebViewer](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index 24a32b4b2d..57829dc7cc 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -30,13 +30,13 @@ The **One Time Password** is entered directly into the corresponding field. ![yubico OTP](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_3-en.webp) -Once the general terms and conditions have been approved, the API Key can be requested. +After the general terms and conditions have been approved, the API Key can be requested. ![yubico key](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_4-en.webp) ### Configuring the Yubikey API -The actual setting up of the multifactor authentication is carried out on the Server Manager in the +The actual setting up of the multifactor authentication is performed on the Server Manager in the **Database** module. First select the required data base; then open the "Features" in the ribbon. The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and saved. @@ -44,15 +44,17 @@ The **Yubico Client ID** and the **Yubico Secret Key** must then be entered and The interface is now ready and can be used. -NOTE: The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for -communication with Yubico. Please make sure that the Netwrix Password Secure Server can connect to +:::note +The HTTPS endpoint [Yubico Verify](https://api.yubico.com/wsapi/2.0/verify) is used for +communication with Yubico. ensure that the Netwrix Password Secure Server can connect to this endpoint. +::: ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md) -menu. In order to configure the Yubikey, simply select **Yubico OTP**. +menu. To configure the Yubikey, select **Yubico OTP**. ![setup second factor](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) @@ -62,7 +64,7 @@ only need to touch the touch panel. The same applies to **Yubikey Nano**. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) The token is entered directly into the corresponding field. The multifactor authentication is -configured once you’ve clicked on configure. +configured after you’ve clicked on configure. ![Configuration yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_8-en.webp) @@ -75,7 +77,7 @@ After the first password authentication, another window for the **Yubico Key** i ![Login yubico](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_10-en.webp) -Click on the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. +Click the field to highlight it, and enter the **Yubico Key** by touching the Yubikeys. ![yubico stick](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_2-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md index 3160d0bd7b..18a7055764 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Organisational structure -## What are organisational structures? +## Organisational structures overview The storage of passwords or documents always takes place according to the defined organisational structures. The module enables complex structures to be defined, which later form the basis for the systematic storage of data. It is often possible to define them on the basis of already existing organization diagrams for the company or department. It is also possible to use other criteria, such as the function / activity performed, as the basis for creating hierarchies. It is always up to the -customer themselves to decide which structure is most useful for the purpose of the application. +customer themselves to decide which structure is most useful to the application. ![Organizational structure modul](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) @@ -38,7 +38,7 @@ remaining actions have already be explained for the password module. ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right mouse button. Due to its complexity, there is a separate section for this function: [User management](/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) -- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational +- **Drag & Drop**: If this option has been activated, you can move users or organisational units in list view via drag & drop - **Permissions**: The configuration of permissions within the organisational structure is important both for the administration of the structure and also as the basis for the permissions in @@ -55,48 +55,52 @@ remaining actions have already be explained for the password module. - **Multi Factor authentication**: Additional security during login is provided through positive authentication based on another factor. More on this subject… - **Reset password**: Administrators can reset the passwords with which users log in to Netwrix - Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Password Secure to a defined value. This is only possible if the connection to Active Directory is configured via[End-to-end encryption](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the alternative [Masterkey mode](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the authentication is linked to the correct entry of the AD password. -NOTE: To reset a user password, membership for the user is a prerequisite. +:::note +To reset a user password, membership for the user is a prerequisite. +::: -The example below shows the configuration of a user where only the user themselves is a member. +The following example shows the configuration of a user where only the user themselves is a member. ![permission for user](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) -This configuration means that the user password cannot be reset by administrators. The disadvantage +This configuration means that the user password can't be reset by administrators. The disadvantage is that if the password is lost there is no technical solution for "resetting" the password in the system. -**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has +**CAUTION:** It isn't recommended to configure the permissions so that only the user themselves has membership. No other interventions can be made if the password is then lost. ## Adding local organisational units Both users and also organisational units themselves can be added as usual via the ribbon (alternatively via Ctrl + N or via the context menu). These processes are supported by various -wizards. The example below shows the creation of a new organisational unit: +wizards. The following example shows the creation of a new organisational unit: ### Create organisational unit ![Add new organisational unit](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) - **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, - it is not allocated to an existing organisational unit + it isn't allocated to an existing organisational unit - **Rights template group**: If an already existing organisational unit was selected under "allocated organisational unit", you can select one of the existing rights template groups. -NOTE: The organisational unit marked in list view will be used as a default. This applies to the +:::note +The organisational unit marked in list view will be used as a default. This applies to the fields "allocated organisational unit" and also "rights template". +::: ### Create role ![Create role](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) -When creating a new organisational unit, the second tab in the wizard enables you to directly create +When creating a new organisational unit, the second tab in the wizard lets you directly create a new role. This role will not only be created but also given "read permission" to the newly created organisational unit. @@ -104,10 +108,12 @@ organisational unit. ![Configuring rights](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) -The third tab of the wizard allows you to define the permissions for the newly created +The third tab of the wizard lets you define the permissions for the newly created organisational unit. If an allocated organisational unit or a rights template group was defined in the first tab, the new organisational unit will inherit its permissions. These permissions can be adapted if desired. -NOTE: The **organisational structure** module is based on the Web Application module of the same +:::note +The **organisational structure** module is based on the Web Application module of the same name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md index 0d090cc864..aa585a212c 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Inheriting permissions -## What is inherited in organisational structures? +## Permission inheritance in organisational structures -If you open the permissions for an organisational structure, the currently configured permissions +If you open the permissions for an organisational structure, the configured permissions will be visible. In the following example, there are a total of four roles with varying permissions for the organisational structure. @@ -34,5 +34,5 @@ The two highlighted options are now available on the ribbon. Both mechanisms are protected by a confirmation prompt. If both "inherit" and also "overwrite" are selected, "overwrite" is considered the overriding function. -**CAUTION:** Both mechanisms are not protected by user rights. The **authorize** right for the +**CAUTION:** Both mechanisms aren't protected by user rights. The **authorize** right for the organisational structure is required to activate the inheritance or overwrite functions. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index fe0e999508..8d45c128eb 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -16,7 +16,7 @@ permissions for organisational structures. [Visibility](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective [Protective mechanisms](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). - Configuration of the visibility is carried out directly when issuing permissions to + Configuration of the visibility is performed directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: [Inheritance from organisational structures](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) @@ -25,14 +25,14 @@ permissions for organisational structures. organisational structures. The way in which permissions for organisational structures are designed thus effects the subsequent -work with Netwrix Password Secure in many ways. The following diagram describes the above-mentioned +work with Netwrix Password Secure in many ways. The following diagram describes the previously mentioned interfaces. ![Permissions for organizational structures](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_1-en.webp) ## Permissions -The visibility and also inheritance mechanisms are not considered below. This section exclusively +The visibility and also inheritance mechanisms aren't considered in the following sections. This section exclusively deals with permissions for the actual organisational structure. It deals with which users and roles have what form of permissions for a given organisational structure. Permissions for organisational structures can be defined via the ribbon or also the context menu that is accessed using the right @@ -40,23 +40,25 @@ mouse button. A permissions tab appears: ![Permissions for OU](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organizational_structures_2-en.webp) -NOTE: The basic mechanisms for setting permissions is described in detail in the Authorization +:::note +The basic mechanisms for setting permissions is described in detail in the Authorization concept. +::: **CAUTION:** It is important that the permissions displayed here are interpreted correctly! The -example above shows the permissions for the "organisational structure IT". +previous example shows the permissions for the "organisational structure IT". The user Max Muster possesses all rights to the organisational structure IT and can thus edit, -delete and also grant permissions for this structure. +delete, and also grant permissions for this structure. ## The add right -The "add" right holds a special position amongst the available rights because it does not refer to +The "add" right holds a special position amongst the available rights because it doesn't refer to the organisational unit itself but rather to data that will be created within it. In general, it is fair to say that to add objects in an organisational unit requires the add right. If a user wants to -add a new record to an organisational unit, the user requires the above-mentioned right. In the -example above, only the administrator has the required permissions for adding new records. Even the -IT manager – who possess all other rights to the organisational structure "IT" – does not have the +add a new record to an organisational unit, the user requires the previously mentioned right. In the +previous example, only the administrator has the required permissions for adding new records. Even the +IT manager – who possess all other rights to the organisational structure "IT" – doesn't have the right to add records. **CAUTION:** The add right merely describes the right to create objects in an organisational unit. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/configuration_2.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/configuration_2.md index c5ad12aed1..4a651b229f 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/configuration_2.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -30,7 +30,7 @@ and "Linked passwords". ### Trigger -Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. +Triggers describe the conditions that need to be fulfilled so that a Password Reset is performed. There are a total of three possible triggers available: - Reset the password x minutes after the password has been viewed @@ -42,8 +42,10 @@ triggers is equivalent to deactivating the Password Reset. All three triggers ca deactivated independently of one another. Only one selection can be made in each of the three categories. -NOTE: A separate system task within Netwrix Password Secure checks every minute whether a trigger +:::note +A separate system task within Netwrix Password Secure checks every minute whether a trigger applies. +::: ### Scripts @@ -58,12 +60,14 @@ A new dialogue appears after the selection in which the type of system "to be re The functions and configuration process are described in detail in the section Scripts. -NOTE: It is not possible to create a Password Reset without an associated script. +:::note +It isn't possible to create a Password Reset without an associated script. +::: ### Linked passwords All records that should be reset with the Password Reset according to the selected trigger are listed under “Linked passwords”. Multiple objects can be entered. The linked Password Reset is also -visible in the footer of the reading pane once it has been successfully configured. +visible in the footer of the reading pane after it has been successfully configured. ![new script password reset](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/heartbeat.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index 02ec8201ae..7f02c69b97 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/heartbeat.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -6,10 +6,10 @@ sidebar_position: 50 # Heartbeat -## What is the heartbeat? +## Heartbeat overview The heartbeat checks whether passwords in Netwrix Password Secure match the login data on the -relevant systems. This process ensures that the passwords do not differ from one another. +relevant systems. This process ensures that the passwords don't differ from one another. ## Requirements @@ -33,14 +33,14 @@ The testing process using the heartbeat can be executed via various methods. ## Testing via Password Reset -The heartbeat is always carried out before the first resetting process using a Password Reset. After -the script has run, the testing process is carried out again. Further information on this process +The heartbeat is always performed before the first resetting process using a Password Reset. After +the script has run, the testing process is performed again. Further information on this process can also be found in the section [Rollback](/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing The heartbeat can be executed in the ribbon for the password module by clicking on **Check login -data**. The currently marked password is always tested. +data**. The marked password is always tested. ### Automatic testing via the password settings @@ -61,8 +61,8 @@ the mouse over the icon. The icon has three different versions. These have the following meanings: -The last test was successful. The password is correct The test could not be performed. For example, -the password could not be reached. The last test was completed. However, the password is different +The last test was successful. The password is correct The test couldn't be performed. For example, +the password couldn't be reached. The last test was completed. However, the password is different to the one on the target system. ## Filtering the results diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md index 6b9cc63df7..897427e618 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -27,7 +27,7 @@ logbook entries are written: | Execution Error | Password Reset | | Error during rollback | Password Reset | -If an attempt was made to perform a rollback, but the rollback cannot be performed because the old +If an attempt was made to perform a rollback, but the rollback can't be performed because the old password was incorrect before the reset, or the first script is of the type “user-defined”, the following logbook entry is written: @@ -36,7 +36,7 @@ following logbook entry is written: | Error during rollback | Password Reset | If a password reset has failed and an attempt is made to perform a rollback, the reset is blocked -for one day and the following logbook entry is written: (It does not matter if the rollback worked +for one day and the following logbook entry is written: (It doesn't matter if the rollback worked or not) | Logbook type | Logbook record | diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/password_reset.md index c84a61949b..a784d79920 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/password_reset.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Password Reset -## What is a Password Reset? +## Password Reset overview The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to a new and unknown value according to freely definable triggers. A trigger could be a definable time @@ -15,15 +15,17 @@ Password Secure and also on the target system.** ![Password reset diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_1-en.webp) -This process will be explained below using a specific example. The password for the MSSQL user has +This process will be explained in the following sections using a specific example. The password for the MSSQL user has expired. The Password Reset changes the password in Netwrix Password Secure and also in the target system to a new value. ![Password reset process diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset_2-en.webp) -NOTE: If an error occurs during the execution of a password reset, the affected reset is blocked +:::note +If an error occurs during the execution of a password reset, the affected reset is blocked with all associated passwords. This is noted in the logbook with an entry "blocked". +::: **CAUTION:** Due to the complexity of the process, it is strongly recommended that Password Reset is configured **in combination with certified partners**. The desired simplification of work processes -using the above-mentioned automated functions is accompanied by numerous risks. +using the previously mentioned automated functions is accompanied by numerous risks. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/rollback.md index 823b2016ae..3489b67c98 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/rollback.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -6,12 +6,12 @@ sidebar_position: 60 # Rollback -## What is a rollback? +## Rollback overview If an error occurs while running a script, a rollback is initiated. This ensures that the original password is restored. -## When does a rollback run? +## Rollback trigger conditions The following diagram shows when and according to which criteria a rollback is initiated: @@ -25,5 +25,5 @@ rollback. ## Logbook -The logbook can be used to see if a rollback has been run and if it was successful. After a +The logbook lets you see if a rollback has been run and if it was successful. After a rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md index a1b706fffb..f1ef42cc7c 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -9,7 +9,7 @@ sidebar_position: 30 ## Available scripts The following scripts are supplied and can be directly used. In all scripts, a password is firstly -selected in the upper section. This is not the password that will be reset on the target system. +selected in the upper section. This isn't the password that will be reset on the target system. Instead, a user should be entered here that can complete the rest of the process on the target system. This password thus requires administrative rights to the target system. @@ -32,7 +32,7 @@ changed. The **host name** – i.e. the target computer – and the **service na ![Service accounts scripts](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) -Please note that the **display name** for the **service** needs to be used. +The **display name** for the **service** needs to be used. ![display name service](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) @@ -48,7 +48,7 @@ The access data in the associated password can be saved as follows: ## Windows user -This script can be used to reset the passwords for local Windows users. Only the **host name** needs +This script resets the passwords for local Windows users. Only the **host name** needs to be saved here. ![Windows user script](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 5f1a25e53d..426e499ca9 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -8,11 +8,11 @@ sidebar_position: 40 ## Individual solutions using your own scripts -If your requirements cannot be met using the [Scripts](/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible +If your requirements can't be met using the [Scripts](/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. -## Storage location, name and call +## Storage location, name, and call The scripts must be saved in the following directory: `C:\ProgramData\MATESO\Password Safe and Repository Service\System\PowerShell` @@ -44,14 +44,14 @@ The following standard parameters can be used here: - UserName: The user name for which the password should be changed - Password: The password that should be reset -- CredentialsUserName: The user name of the user authorized to carry our the reset (e.g. +- CredentialsUserName: The user name of the user authorized to carry the reset (e.g. administrator) - CredentialsPassword: The password of the authorized user ### Scriptblock The **scriptblock** can be used when the script should run in the context of another user. The -actual change is then carried out in the **scriptblock**. +actual change is then performed in the **scriptblock**. It is important in this case that you provide Netwrix Password Secure with feedback about what has been changed via a **Write-Output**. The following example simply uses the outputs **true** or @@ -69,7 +69,7 @@ been changed via a **Write-Output**. The following example simply uses the outpu ``` -Naturally, CredentialsUserName and CredentialsPassword can also be directly used in the script (i.e. +CredentialsUserName, and CredentialsPassword can also be directly used in the script (i.e. without the **scriptblock**). You can view the supplied MSSQL script as an example. ### Invoke diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md index 66879a2767..76b2a23e2b 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Creating new passwords -## What does creating new passwords/records mean? +## Creating new passwords and records overview Saving a record/password stores information in the MSSQL database. This process is started in the Passwords module for the client. It is accessed either via the icon in the ribbon, using the @@ -22,7 +22,7 @@ The following 2 user rights are required: ## Selecting a form -When creating a new record, it is possible to select from all the forms for which the logged-in user +When creating a new record, you can select from all the forms for which the logged-in user has the required permissions. To make the selection process as easy as possible, a preview of the form fields included in the form is shown on the right hand side. @@ -35,7 +35,7 @@ forms is covered in a separate section) ## Entering data -The window for creating a new record always open in a separate tab. As can be seen below, the +The window for creating a new record always open in a separate tab. As shown in the following example, the corresponding form fields for the previously selected form can now be filled. Password fields deserve special mention here because they can be handled differently based on password rules. The record can be saved via the ribbon when all fields have been filled. @@ -51,7 +51,7 @@ record. Both values are optional. - The **validity** defines an end date until which the record is valid. This information can be evaluated e.g. in the logbook or in reports. It is thus possible to create a list of all expired - passwords for a user or an authorized entity. However, it is not possible to limit the usability + passwords for a user or an authorized entity. However, it isn't possible to limit the usability of expired passwords for security reasons. - **Tags** are freely definable properties of records that can be used as search criteria. This also allows thematically linked information to be grouped together. @@ -59,29 +59,35 @@ record. Both values are optional. ## Setting permissions for new records In principle, there are various approaches for setting permissions for newly created records. All of -them have already been described in the Authorization concept section. It is important to note here +them have already been described in the Authorization concept section. You must note here that **manual setting of permissions is only possible after saving** a record. Automatic permissions are set before the record is saved. In this context, the selection of the organisational structure and the permissions for a record are important aspects. ![permissions new record](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords_4-en.webp) -- **Manual setting of permissions**: If you want to manually set permissions for the record, select +- **Manual setting of permissions**: To manually set permissions for the record, select the organisational structure in which the record should be saved. After saving the record, the permissions can be manually amended via the permissions tab in the ribbon. If you only want to - create a personal record for which no other user will receive permissions, simply select your own + create a personal record for which no other user will receive permissions, select your own organisational structure and conclude the process with "save" via the ribbon. -NOTE: If any kind of automatic permissions have been activated for the selected OU, this will always +:::note +If any kind of automatic permissions have been activated for the selected OU, this will always be prioritized. +::: -**CAUTION:** Even when creating private records, inheritance of permissions based on the logged-in +:::warning +Even when creating private records, inheritance of permissions based on the logged-in user can also be activated as an option. This option is described in a separate section. +::: -NOTE: The user right Allow sharing of personal passwords can be used to define that personal -passwords cannot be released to other users. +:::note +The user right Allow sharing of personal passwords defines whether personal +passwords can be released to other users. +::: -**Automatic setting of permissions**: Automatic setting of permissions is carried out before the +**Automatic setting of permissions**: Automatic setting of permissions is performed before the record is saved. Irrespective of whether predefined rights or rights inheritance is being used, the -configuration is always carried out in the organisational structure or permissions area. Saving the +configuration is always performed in the organisational structure or permissions area. Saving the record thus completes the process for creating the password including the issuing of permissions. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/form_field_permissions.md index 9d246adca8..af0bba104a 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/form_field_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -6,10 +6,10 @@ sidebar_position: 40 # Form field permissions -## What are form field permissions? +## Form field permissions overview The authorization concept allows separate permissions to be set for each object. These objects could -be records, forms or users. Netwrix Password Secure goes one step further in this context. Every +be records, forms, or users. Netwrix Password Secure goes one step further in this context. Every single form field for a record can also be granted with separate permissions. It is thus possible to grant different permissions for the password field of a record than are set for the other fields. @@ -25,11 +25,11 @@ The following options are required to view "inherit" and "overwrite" icons. ## Configuration The associated form field permissions for the marked record can be opened via the ribbon using the -drop-down menu under "Permissions". +dropdown menu under "Permissions". ![form field permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_1-en.webp) -The window that opens allows you to select the relevant form field for which you want to grant +The window that opens lets you select the relevant form field for which you want to grant permissions. The following example focuses on the password field. ![permissions of password field](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions_2-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/history.md index 2b897e9f10..096631d284 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/history.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/history.md @@ -6,17 +6,17 @@ sidebar_position: 60 # History -## What is the history? +## History overview Alongside saving passwords and keeping them safe, the ability to trace changes to records also has great relevance. The history maintains a seamless account of the versions for all form fields in a -record. Every change to records is separately recorded, saved and can thus also be restored. In +record. Every change to records is separately recorded, saved, and can thus also be restored. In addition, it is always possible to compare historical values with the current version. The history is thus an indispensable component of every security concept. ## The history in the reading pane -The optional footer area can be used to already display the history when in the reading pane. All of +The optional footer area lets you display the history when in the reading pane. All of the historical entries are listed and sorted in chronological order. ![history in footer](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) @@ -29,7 +29,7 @@ in the ribbon or via a double click. ## Detailed history in the Extras -The detailed history for the record marked in list view can be called up in the Start/Extras tab. +The detailed history for the record marked in list view can be opened in the Start/Extras tab. ![History](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) @@ -40,7 +40,7 @@ versions with the date and time of their last change are sorted in chronological ## Comparison of versions -At least two versions need to be selected in order to carry out a comparison. In list view, mark the +At least two versions need to be selected to carry out a comparison. In list view, mark the first version and then add another version via the “Add” button on the right of the reading pane to compare with the first one. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/moving_passwords.md index 345a9483b1..fff641eed2 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/moving_passwords.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -6,14 +6,14 @@ sidebar_position: 30 # Moving passwords -## What happens when records are moved? +## Record movement behavior -Data can be moved within Netwrix Password Secure to another organisational structure. This does not +Data can be moved within Netwrix Password Secure to another organisational structure. This doesn't necessarily have to be linked to a change in permissions (the effects are described separately -below). Moving records without changing the permissions mainly has effects on the filtering or +the following section). Moving records without changing the permissions mainly has effects on the filtering or search functions for records. -## How do you move a record? +## Move a record The (marked) records are moved either via the ribbon or via the context menu that is accessed using the right mouse button. @@ -25,7 +25,7 @@ records in this case. ### Required permissions -No special user rights/settings are required in order to move records. The “move” right for the +No special user rights/settings are required to move records. The “move” right for the record is the only deciding factor. ![required permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_2-en.webp) @@ -34,7 +34,7 @@ record is the only deciding factor. ![effects on existing permissions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords_3-en.webp) -- **Retain permissions**: The permissions for the record are not changed by moving it and are +- **Retain permissions**: The permissions for the record aren't changed by moving it and are retained - **Overwrite permissions**: The permissions for the record are overwritten by the target OU - **Extend permissions**: The existing permissions are extended to include the permissions for the @@ -42,7 +42,7 @@ record is the only deciding factor. **CAUTION:** From a technical perspective, all rights will be removed from the record when overwriting the permissions. The permissions will then be applied to the record in accordance with -the rights template or inheritance from organisational structures. It is important to note here that +the rights template or inheritance from organisational structures. You must note here that it is theoretically possible to remove your own rights to the record! The rights change will only be -carried out if at least one user retains the right to issue permissions as a result. Otherwise, the +performed if at least one user retains the right to issue permissions as a result. Otherwise, the rights change will be cancelled with a corresponding message. diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/password_settings.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/password_settings.md index bcb187aa92..9410d3d407 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/password_settings.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -6,16 +6,16 @@ sidebar_position: 50 # Password settings -## What are password settings? +## Password settings overview -The password settings can be used to define a diverse range of options. These can be found in the +The password settings lets you define a diverse range of options. These can be found in the ribbon in the subsection “Extras”. The settings open up in a new tab. ![password settings](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings_1-en.webp) ### Category: Browser -- **Default browser**: This option can be used to define a default browser for every record +- **Default browser**: Use this option to define a default browser for every record separately. You can select from all browsers that have been registered as a browser in Windows. ### Category: SSO @@ -26,7 +26,7 @@ ribbon in the subsection “Extras”. The settings open up in a new tab. - **Browser Extensions**: Automatically fill login masks: This setting defines whether the login masks are automatically filled when logging in via SSO. This is the case when the user is located on a login page. If the record for this page has been saved, the login mask will be filled if this - option has been activated. Otherwise, this step needs to be carried out manually via the add-on. + option has been activated. Otherwise, this step needs to be performed manually via the add-on. If multiple records have been saved for this page, the user must complete this step manually via the add-on in both cases. - **Browser Extensions**: Automatically send login masks: If this option has been activated, the diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/passwords.md index 205a7fddfa..b47a0e6838 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/passwords.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/passwords.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Passwords -## What are passwords? +## Passwords overview In Netwrix Password Secure v8, the data record with the passwords represents the central data object. The Passwords module provides administrators and users with central access to the passwords -for the purpose of handling this sensitive data that requires protection. Search filters in -combination with color-highlighted tags enable very focussed work. Various approaches can be used to +to handling this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. You can use various approaches to help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module helps all users to use Netwrix Password Secure in an efficient and targeted manner. @@ -28,7 +28,7 @@ The following user right is required for adding new passwords: The ribbon offers access to all possible actions relevant to the situation at all times. Especially within the "Passwords" module, the ribbon plays a key role due to the numerous module-specific functions. General information on the subject of the ribbon is available in the relevant section. -The module-specific ribbon functions will be explained below. +The module-specific ribbon functions will be explained in the following sections. ![ribbon functions](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_2-en.webp) @@ -40,7 +40,7 @@ The module-specific ribbon functions will be explained below. - **Open**: Opens the object marked in list view and provides further information about the record in the reading pane. - **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). -- **Reveal**: The function **Reveal** can be used for all records that have a password field. The +- **Reveal**: The function **Reveal** works for all records that have a password field. The passwords in the reading pane will be revealed. In the example, the passwords have been revealed and can be hidden again with the **Hide** button. @@ -49,10 +49,10 @@ The module-specific ribbon functions will be explained below. ### Actions - **Notifications**: Defining notifications enables a constant flow of information about any type of - interaction. The issuing of notifications is carried out in the module designed for this purpose. + interaction. The issuing of notifications is performed in the module designed for this purpose. - **Duplicate**: Duplicating creates an exact copy of the record in a new tab. - **Move**: Moves the record marked in list view to another organisational structure. -- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch +- **Toggle** **Favorite**: The selected record is marked as a favorite. You can switch between all records and favorites at any time. - **Quick view**: A modal window opens for the selected record for 15 seconds and displays all available information **including the value of the password**. @@ -60,7 +60,7 @@ The module-specific ribbon functions will be explained below. ### Permissions -- **Permissions**: The drop-down menu can be used to set both password permissions and also form +- **Permissions**: Use the dropdown menu to set both password permissions and also form field permissions. This method only allows the manual setting of permissions for data (see authorization concept) @@ -86,7 +86,7 @@ Conveniently working with passwords is only possible via the efficient usage of via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with (unsecure) entries via "copy & paste". -- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open +- **Open web page**: If an URL is saved in the record, use this menu option to directly open it. - **Applications**: If applications have been linked to records, they can be directly opened via the "start menu". @@ -104,12 +104,14 @@ first session. - **History**: This icon opens the history for those records selected in list view in a new tab. Due to the comprehensive recording of historical versions of passwords, it is now possible to compare several versions with one another. -- **Print**: This option can be used to open the print function. -- **Export**: It is possible to export all the selected records and also the data defined by the +- **Print**: Use this option to open the print function. +- **Export**: You can export all the selected records and also the data defined by the filter to a .csv file. -- **Change form**: It is possible to change the form used for individual records. "Mapping" of the - previous form fields can be directly carried out in the process. +- **Change form**: You can change the form used for individual records. "Mapping" of the + previous form fields can be directly performed in the process. - **Settings**: The password settings are described in a separate section. -NOTE: The password module is based on the module of the same name in the Web Application. Both +:::note +The password module is based on the module of the same name in the Web Application. Both modules have a different scope and design. However, they are almost identical to use. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/recycle_bin.md index b615ac617f..241d6bab29 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -6,12 +6,12 @@ sidebar_position: 70 # Recycle Bin -This option allows you to view and permanently delete deleted passwords to which you are entitled. +This option lets you view and permanently delete deleted passwords to which you are entitled. ## Procedure for deleting passwords To put passwords into the recycle bin there are 2 possible procedures. Select the passwords you want -to delete and click on **Move to bin (1)** or right-click on the passwords and select **Move to +to delete and click **Move to bin (1)** or right-click the passwords and select **Move to bin(2)**. ![bin_2](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/bin_2.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/revealing_passwords.md index f9080a3f71..4fb7ec7e76 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/revealing_passwords.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Revealing passwords -## What is involved in revealing passwords? +## Revealing passwords overview Not all information is encrypted by the MSSQL database in Netwrix Password Secure for performance reasons. Only the password itself (=secret) is encrypted with the help of the used encryption @@ -16,7 +16,7 @@ secured via access permissions, this process enables the **maximum possible work methods**. Revealing passwords describes the mechanism by which a password is made visible to the user in the client. This process for dealing with passwords very precisely reflects the importance of data security in Netwrix Password Secure – and this process will thus be described in detail -below. +in the following sections. ### Example case @@ -29,10 +29,10 @@ means the user can view the value of the password using the "reveal" function. ## Revealing passwords – diagram -In this context, it is important to note that the word "reveal" does not really accurately describe +In this context, "reveal" doesn't really accurately describe this process. It creates the **incorrect** impression that the client already has the password and only needs to reveal it. However, the processes running in the background until the password are -revealed are much more complex and will thus be described below. +revealed are much more complex and will thus be described in the following sections. ![revealing password diagram](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords_2-en.webp) @@ -40,21 +40,21 @@ revealed are much more complex and will thus be described below. Even though you would assume the opposite, at the start a masked password (\*) is neither available on the client nor the server in plain text! The password is stored as part of the MSSQL database in -a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it is not -currently possible either on the server or the client to view the password. If you mark a record, -the password is not available at all on the client and is encrypted on the server before it is +a hybrid encrypted state via the two methods **AES 256** and **RSA**. Accordingly, it isn't +possible either on the server or the client to view the password. If you mark a record, +the password isn't available at all on the client and is encrypted on the server before it is revealed. ### The encrypted password is requested Pressing the "reveal"- button triggers the process for requesting the password. A request is sent to -the server to apply for the encrypted password to be released. The server itself does not possess +the server to apply for the encrypted password to be released. The server itself doesn't possess the required key (private key) to decrypt the password. Therefore, it can only deliver the **encrypted value**. ### Checking the permissions -Whether the request sent in step 2 is approved is defined in the authorization concept. Once the +Whether the request sent in step 2 is approved is defined in the authorization concept. After the request has been received, the server checks whether the user possess the required rights. It also checks the possible existence of other security mechanisms such as a seal or password masking. If the necessary requirements for releasing the password have been met, the server now sends the diff --git a/docs/passwordsecure/current/configuration/advancedview/clientmodule/roles.md b/docs/passwordsecure/current/configuration/advancedview/clientmodule/roles.md index 1da69a0d96..3296109b5f 100644 --- a/docs/passwordsecure/current/configuration/advancedview/clientmodule/roles.md +++ b/docs/passwordsecure/current/configuration/advancedview/clientmodule/roles.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Roles -## What are roles? +## Roles overview Each employee in a company is ultimately a member of a department and / or part of a particular function level. These departments or groups are mapped within Netwrix Password Secure using the role @@ -55,25 +55,29 @@ present in a company is the starting point for the success of Netwrix Password S design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all the requirements of all project participants have been met. -## Why are there no groups? +## Roles instead of groups Netwrix Password Secure enforces the avoidance of unnecessary structures through the role concept. A -group-in-group nesting is not supported – and is not necessary at all. The resultant increase in +group-in-group nesting isn't supported – and isn't necessary at all. The resultant increase in performance as well as increased overview promotes efficiency and effectiveness. The elegant interplay of organisational structures, roles, and granular filter options can cover all customer-specific scenarios. -NOTE: This architecture makes nesting of roles obsolete. +:::note +This architecture makes nesting of roles obsolete. +::: ## Overview of members for a role As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the [Reading pane](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with -permissions but without membership of the role are not taken into account. +permissions but without membership of the role aren't taken into account. ![role overview](/images/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) -NOTE: The roles module is based on the +:::note +The roles module is based on the [Roles module](/docs/passwordsecure/current/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md index 37dc817725..17d2278e2e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Account -## What is an account? +## Account overview -Users can configure all user-specific information in their account. It should be noted that if the +Users can configure all user-specific information in their account. If the [Masterkey mode](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) process is used, user data will always be taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. @@ -21,35 +21,45 @@ All of the information in the contact and address sections can be defined under areas of the profile overlap with the **management of users.** This information is explained in [Managing users](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). -NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this +:::note +No changes can be made to users that were imported from AD using Master Key mode. In this case, all information will be imported from AD. +::: #### Editing user image A new image can be added or the existing one replaced or deleted by clicking on the profile image. -NOTE: No changes can be made to users that were imported from AD with the aid of Master Key mode. If +:::note +No changes can be made to users that were imported from AD with the aid of Master Key mode. If an image has been saved in AD, it will be used here. +::: #### Change password -It is recommended that the user password is changed on a regular basis. If you want to use a new -password, it is necessary to enter the existing password in advance. The strength of the password -will be directly displayed. +Netwrix recommends that the user password is changed on a regular basis. To set a new +password, enter the existing password first. The strength of the password +is displayed as you type. -NOTE: Users who were imported from AD with the aid of Master Key mode log in with the domain +:::note +Users who were imported from AD with the aid of Master Key mode log in with the domain password. Therefore, no password can be configured in this case. +::: -NOTE: The strength of the user password can be stipulated by administration through the issuing of +:::note +The strength of the user password can be stipulated by administration through the issuing of password rules. +::: -NOTE: If a user changes his or her password, all sessions that are still open are automatically +:::note +If a user changes his or her password, all sessions that are still open are automatically terminated. +::: #### Multifactor authentication Multifactor authentication provides additional protection through a second login authentication -using a hardware token. The configuration is carried out via the ribbon in the “Security” section. +using a hardware token. The configuration is performed via the ribbon in the “Security” section. See also in [Multifactor authentication](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) @@ -57,7 +67,7 @@ See also in #### Configure autologin -This option can be used to automate the login to Netwrix Password Secure. For setup, just enter the +Use this option to automate the log in to Netwrix Password Secure. For setup, enter the password twice and save it. The autologin is linked to the hardware and thus will not work on a different computer. If you @@ -72,10 +82,12 @@ User right - Can manage autologin **CAUTION:** The automatic login should be handled as a process critical to security. It is -important to note that all data can be accessed, for example, if you forget to lock the computer. +important to All data can be accessed, for example, if you forget to lock the computer. -NOTE: For security reasons, the autologin is only valid for 180 days and then needs to be +:::note +For security reasons, the autologin is only valid for 180 days and then needs to be subsequently renewed. +::: #### Reset settings @@ -84,6 +96,6 @@ etc. to the default values. #### Start offline synchronization -If you have made changes to the database and do not want to wait for the next automatic +If you have made changes to the database and don't want to wait for the next automatic synchronization, an offline synchronization can also be started manually. The synchronization runs in the background and is indicated by a status bar in the footer as well as by the icon. More… diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/administration.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/administration.md index 07d7869388..d6e435b9f4 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/administration.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/administration.md @@ -13,11 +13,11 @@ purely informative in character and thus no configurations can be made here. ![installation_with_parameters_120](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_120.webp) -The session view starts in the currently active module in a separate tab. +The session view starts in the active module in a separate tab. #### Locked users -All currently locked users can also be retrieved. There are two scenarios here: +All locked users can also be retrieved. There are two scenarios here: 1. User name correct, password incorrect: The user name is displayed 2. User name incorrect: The client is displayed @@ -31,7 +31,7 @@ case can be seen. Password rules can be defined for both user passwords and also for WebViewer exports that then need to be fulfilled. In the following example, a user password must correspond to the “default password” -rule in order to be valid +rule to be valid ![Standard password rule](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/installation_with_parameters_122-en_677x129.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export.md index fca8867eb1..00418e11b2 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export.md @@ -6,17 +6,17 @@ sidebar_position: 80 # Export -## What is an export? +## Export overview An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and automated [System tasks](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from Netwrix Password Secure in this manner. -**CAUTION:** Please note that extracting passwords is always associated with a weakening of the +**CAUTION:** Extracting passwords is always associated with a weakening of the security concept. The informative value of the logbook will suffer when data is exported because the revision of this data will no longer be logged. This aspect needs to be taken into account particularly in conjunction with the Netwrix Password Secure -[Export wizard](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +[Export wizard](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result isn't separately secured by a password. The export function is accessed via the Main menu/Export. There are two fundamental types of export @@ -39,7 +39,7 @@ rights ![Export in the ribbon](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) -In this example, the marked role IT employee does not have the required permissions to export the +In this example, the marked role IT employee doesn't have the required permissions to export the record. In contrast, the IT manager does have the required permissions. In addition, the administrator possesses all rights, including the right to export. @@ -51,6 +51,8 @@ User right - Can export -NOTE: If a record is exported, this user right and also the corresponding permissions for the record +:::note +If a record is exported, this user right and also the corresponding permissions for the record must be set. The user right defines whether a user can generally export data, while the permissions for the record define which records can be exported. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md index 2bd934879a..d7d4518e61 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -6,18 +6,18 @@ sidebar_position: 20 # Export wizard -## What export wizards are there? +## Available export wizards There are a total of four different export wizards. ![installation_with_parameters_74_548x283](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_74_548x283.webp) The functionality of these wizards only differs based on the data to be exported. A distinction is -made between passwords, organisational structures, forms and applications. **As all four wizards are +made between passwords, organisational structures, forms, and applications. **As all four wizards are handled in the same way, the following section will only describe the password export wizard.** The remaining three wizards function in the same way. -## What is the password export wizard? +## Password export wizard overview This wizard allows records to be exported in standard.csv format. In contrast to the [HTML WebViewer export](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is @@ -38,7 +38,7 @@ The export wizard can be accessed in a variety of different ways: The password export wizard can be started via the ribbon in two ways. **Selected passwords** exports only those passwords marked in list view, whereby **Passwords based on the filter** uses the -currently defined filter settings as the criteria. +defined filter settings as the criteria. The wizard @@ -47,12 +47,12 @@ corresponding preview is also provided. ![installation_with_parameters_76](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_76.webp) -Once the wizard has been completed, the desired export is created and saved to the defined storage +After the wizard has been completed, the desired export is created and saved to the defined storage location. -**CAUTION:** It is important to once again point out the sensitive nature of this export function +**CAUTION:** You must once again point out the sensitive nature of this export function that could have critical consequences from a security perspective. As the required permissions for this export are generally only granted to users/roles with higher positions in the hierarchy, this -subject is even more relevant from a security perspective: It is possible to export all passwords +subject is even more relevant from a security perspective: You can export all passwords for which a user has the required permissions. Administrators could thus (intentionally or unintentionally) cause more damage per se. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/html_webviewer_export.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index 3257b8f938..038a84447b 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/html_webviewer_export.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -6,7 +6,7 @@ sidebar_position: 10 # HTML WebViewer export -## What is a HTML WebViewer export? +## HTML WebViewer export overview The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the @@ -16,7 +16,7 @@ has the corresponding permissions are exported. They are displayed in a current ## Data security -- Naturally, the HTML WebViewer file is **encrypted** +- The HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords @@ -97,7 +97,7 @@ stick, external HDD, …). The **HTML file** can be opened in a standard browser **Netwrix Password Secure – HTML WebViewer / Login** when started. The **database** and the **user name** are predefined. The user \*password is used for the login. -**CAUTION:** The login mask is blocked for a period of time if the password is incorrectly entered! +**CAUTION:** The login mask is blocked for a period of time if the password is incorrectly entered. 1. Database: Predefined 2. User: Predefined @@ -110,7 +110,9 @@ name** are predefined. The user \*password is used for the login. After logging in to Netwrix Password Secure, the overview page for the \*HTML- WebViewer \* with the passwords is displayed. -NOTE: Use the password search function in the event of more than 20 passwords! +:::note +Use the password search function if there is more than 20 passwords. +::: 1. Displayoftherecords(max.20) 2. Detailedinformationontheselectedrecord @@ -122,10 +124,12 @@ NOTE: Use the password search function in the event of more than 20 passwords! #### Closing the HTML WebViewer overview -You can log out by clicking on **Logout**. In the event of a longer period of inactivity, the user +You can log out by clicking on **Logout**. If there is a longer period of inactivity, the user will be **automatically logged out after a set period of time has expired (time until logout).** -NOTE: You have been logged out due to inactivity. +:::note +You have been logged out due to inactivity. +::: The browser will then show the **Netwrix Password Secure– HTML WebViewer / Login** again and also -the reason for being logged out. It is possible to log in again. +the reason for being logged out. You can log in again. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/extras.md index 7f19093a8f..e73cb172bc 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/extras.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/extras.md @@ -6,9 +6,9 @@ sidebar_position: 10 # Extras -## What are Extras? +## Extras overview -Netwrix Password Secure provides a diverse range of supporting features that do not directly provide +Netwrix Password Secure provides a diverse range of supporting features that don't directly provide added value but mostly build on existing approaches and expand their functionalities. They are work-saving features that in total simplify the process of working with Netwrix Password Secure. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/image_manager.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/image_manager.md index b11e1156f2..31a1656706 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/image_manager.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Image management -## What is image management? +## Image management overview All logos and icons are managed in the image management. They can then be linked to the corresponding data records. The images are then displayed in the Basic view as well as in the list @@ -21,8 +21,10 @@ The following options are required: - Can upload new password images - Can manage password images -NOTE: It is important that the setting “Ask for Favicon-Download “ is only considered, if the right -“Can upload new password images “ has been activated! +:::note +It is important that the setting “Ask for Favicon-Download “ is only considered, if the right +“Can upload new password images “ has been activated. +::: #### Managing Icons/Logos @@ -30,7 +32,7 @@ There are two ways to upload icons. 1. By creating or saving the dataset. -In order to import favicons directly when saving the data set, the following preconditions must be +To import favicons directly when saving the data set, the following preconditions must be met: - Setting “Ask Favicon-Download “ is activated. @@ -40,7 +42,9 @@ If these preconditions are met, the stored URL is checked for the favicon when s record. If a favicon is found, it will be imported into the database and displayed in the data record in future. -NOTE: If there are several deposited, always use the first one. +:::note +If there are several deposited, always use the first one. +::: 2. Manual filing @@ -49,7 +53,7 @@ possibility to store icons and logos manually. ![Image management](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) -Click on the + symbol to open the mask for creating images. +Click the + symbol to open the mask for creating images. ![add image](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_108-en.webp) @@ -62,9 +66,11 @@ Click on the + symbol to open the mask for creating images. - **Applications**: URL stored in the application -> attached tags -> application name - ![icon_open_folder](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/icon_open_folder.webp) - This symbol can be used to upload locally saved icons and logos. + Use this symbol to upload locally saved icons and logos. -NOTE: Please note that the icons and logos are not stored locally, but in the database. +:::note +The icons and logos aren't stored locally, but in the database. +::: ## Conditions diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_generator.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_generator.md index 77abd77abd..66ca3fd5b5 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_generator.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Password generator -## What is the password generator? +## Password generator overview -The complexity of passwords is generally determined by their randomness. In order to be able to rely +The complexity of passwords is generally determined by their randomness. To be able to rely 100% on the fact that the passwords are randomly generated, an algorithm for generating passwords is indispensable. The password generator performs this function and is completely integrated into the software. @@ -24,7 +24,7 @@ The password generator can be opened in different ways: ![Password generator](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/installation_with_parameters_83-en.webp) -- **When creating new records:** Once the password field has been selected in the reading pane, the +- **When creating new records:** After the password field has been selected in the reading pane, the password generator can then be directly opened in the “Form field” tab via the ribbon. Passwords generated here can be directly entered into the password field for the new record using the “Adopt” button. Alternatively: The password generator can also be accessed on the right in the @@ -33,7 +33,7 @@ The password generator can be opened in different ways: ## Functionality The Character section is used to define the character groups that should form part of the password. -This section can also be used to exclude (special) characters. Once the password length has been +This section can also be used to exclude (special) characters. After the password length has been defined, a preview of a password that corresponds to the configured criteria is displayed on the bottom edge of the password generator. The “shuffle function” can be activated via the icon on the right next to the password preview. This will generate a new password in accordance with the defined @@ -42,7 +42,7 @@ criteria. #### Phonetic passwords This type of password can be recognised by the fact that it is relatively easy to remember (they are -“readable”) but do not have any association to terms found in dictionaries. Only the number of +“readable”) but don't have any association to terms found in dictionaries. Only the number of syllables and the total length are defined in this case. Options that can be set are how the syllables are @@ -52,7 +52,7 @@ separated and whether to use LeetSpeak. Password rule -Already defined[Password rules](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the +Already defined[Password rules](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md) apply to the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md index 22f2a72b7e..7aed4881d3 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password rules -## What are password rules? +## Password rules overview It is generally recommended that passwords should consist of at least 12 different characters, be complex and be automatically created. Rules set guidelines that can be made binding for users – @@ -26,7 +26,7 @@ User right ## Managing password rules If “Password rules” is selected under Main menu/Extras, the available password rules will appear in -a separate tab in the currently active module. +a separate tab in the active module. ![installation_with_parameters_98](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) @@ -39,14 +39,14 @@ configuration for this rule: to contain according to this rule. The required Password quality is an internal measure of security, which is calculated for this rule. This value always lies between 1 (very unsecure) and 100 (maximum security). -- **Categories:** A password can consist of a total of four categories. It is possible to define +- **Categories:** A password can consist of a total of four categories. You can define which of these categories to use and also how many of them to use. - **Forbidden characters**: It is also possible to exclude some special characters. These characters need to be entered in the list without separators. - **Forbidden passwords:** Some passwords and the user name can also be added to the list of forbidden passwords - **Preview rules:** When new rules are created, an example password is generated that conforms to - the configured rules. This is only the case for passwords with a minimum length of 3 characters! + the configured rules. This is only the case for passwords with a minimum length of 3 characters. ## Using password rules @@ -57,7 +57,7 @@ Once password rules have been defined, they can be productively used in two diff When a password field is defined in a form, one of the defined password rules can be set as the default. This means that the default will always be used when a new password is created. In this -way, it is possible to ensure that the required level of complexity is maintained for certain +way, you can ensure that the required level of complexity is maintained for certain passwords. ![installation_with_parameters_99](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_99.webp) @@ -70,13 +70,15 @@ field is used for this purpose. ## Defining standard rules for user passwords -If Master Key mode is not being used, users can change their passwords in Netwrix Password Secure. +If Master Key mode isn't being used, users can change their passwords in Netwrix Password Secure. The administrator can define the password strength required for these passwords by using standard password rules. ## Visibility -The password rules themselves are not subject to any permissions. All defined rules are therefore +The password rules themselves aren't subject to any permissions. All defined rules are therefore available to all users. The rules are managed from the Main menu. -NOTE: Users can only manage the rules if they have the appropriate user right +:::note +Users can only manage the rules if they have the appropriate user right +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/reports.md index fe1ceea808..58622500f7 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/reports.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/reports.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Reports -## What are reports? +## Reports overview Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix Password Secure. Similar to selectively configurable @@ -19,7 +19,9 @@ the creation of a report. This process can also be automated via ![reports](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) -NOTE: Reports only ever contain information for which the user has the required permissions. +:::note +Reports only ever contain information for which the user has the required permissions. +::: A separate tab for managing existing reports and creating new reports can be opened in the current module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the @@ -29,7 +31,7 @@ contents are always the same. The filter on the left has no relevance in relation to reports. Although reports can also be “tagged” in theory, filtering has no effect on the reports. In -[List view](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md), there are currently three +[List view](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md), there are three configured report requests shown. #### Creating a report request @@ -37,12 +39,12 @@ configured report requests shown. New report requests can be created in list view via the ribbon or also the context menu that is accessed using the right mouse button. The form for creating a new report request again opens in a separate tab. Alongside a diverse range of variables, the report type can be defined using a -drop-down list. There are currently dozens of report types available. +dropdown list. There are dozens of report types available. ![installation_with_parameters_80](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) -The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a -selection of tags. Once saved, the report will now be shown in the list of report requests. +Use the filter to define the scope of the report e.g. to focus on a certain OU or a +selection of tags. Once saved, the report appears in the list of report requests. ###### Manually create reports @@ -53,5 +55,5 @@ displayed in the default web browser if desired. Automated sending of reports via system tasks -In general, reports are not manually created but are automatically sent to defined recipients. This +In general, reports aren't manually created but are automatically sent to defined recipients. This is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/seal_templates.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/seal_templates.md index bf88298f90..2203429ef3 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/seal_templates.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Seal templates -## What are the seal templates? +## Seal templates overview The configuration of [Seals](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be @@ -18,14 +18,16 @@ and very fast. ![Seal templates](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/installation_with_parameters_101-en.webp) -NOTE: A separate tab opens in the active module in order to edit the default templates +:::note +A separate tab opens in the active module to edit the default templates +::: ## Creating templates **CAUTION:** The right Can manage seal templates is required When creating seals, the seal can be saved as a template using the wizard. All templates saved in -this way are listed in the overview of the seal templates. Furthermore, it is possible to edit +this way are listed in the overview of the seal templates. Furthermore, you can edit existing templates directly or create new ones via the button in the ribbon. This is done in the same way as the seal assistant. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index 8a5651ca13..46cb2812ce 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -6,11 +6,11 @@ sidebar_position: 10 # EmergencyWebViewer -## What is an Emergency WebViewer export? +## Emergency WebViewer export overview -Safeguarding data is essential and this should be carried out using +Safeguarding data is essential and this should be performed using [Backup management](/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due +However, a backup isn't sufficient in some cases e.g. if a backup can't be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -21,7 +21,7 @@ the core system of the backup mechanism. ## Creation of the file and key The **Emergency WebViewer Export** is created in Netwrix Password Secure as a -**[System tasks](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +**[System tasks](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and use this task to guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The @@ -29,18 +29,18 @@ associated key is only created once at the beginning and needs to be saved. The the **HTML file** can only be decrypted using this **key**. **CAUTION:** The key (PrivateKey.prvkey) and the file (Emergency WebViewer.html) must be saved onto -a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! +a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location. ## Data security -• Naturally, the HTML WebViewer file is encrypted +• The HTML WebViewer file is encrypted • The export of the file is protected using a corresponding [User rights](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md) • The file can only be encrypted using the **PrivateKey.prvkey** file -**CAUTION:** The export right for the passwords is not required for the Emergency WebViewer Export! +**CAUTION:** The export right for the passwords isn't required for the Emergency WebViewer Export. ## Required rights @@ -55,9 +55,9 @@ The **Emergency WebViewer Export** creates two associated files. 1. The file **Emergency WebViewer.html** is created on the computer executing the task 2. The associated key **PrivateKey.prvkey** is created on the client. -## Calling up the Emergency WebViewer Export +## Opening the Emergency WebViewer Export -The Emergency WebViewer Export is set up as a **system task**. It can be called up in the main menu +The Emergency WebViewer Export is set up as a **system task**. It can be opened in the main menu under **Extras -> System Tasks**. ![installation_with_parameters_90_831x487](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_90_831x487.webp) @@ -69,7 +69,7 @@ Clicking on New opens a new window and the **Emergency WebViewer Export** can be ![installation_with_parameters_91_578x390](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_91_578x390.webp) -It is not possible to use the **Emergency WebViewer Export** with an **Active Directory user.** +It isn't possible to use the **Emergency WebViewer Export** with an **Active Directory user.** ![installation_with_parameters_92_467x103](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/installation_with_parameters_92_467x103.webp) @@ -90,11 +90,11 @@ in accordance with the requirements. 6. **Tags** Freely definable characteristics of records **CAUTION:** The private key for the Emergency WebViewer must be saved before the system task can be -saved! +saved. ## Displaying the Emergency WebViewer Export tasks -Once the configuration has been completed, the **system task** is displayed in the current module in +After the configuration has been completed, the **system task** is displayed in the current module in the **System Tasks** tab. The user has the option of checking the data here @@ -119,8 +119,10 @@ WebViewer Export** with the **user password** and the **key** saved for the user function is used to select the **key (PrivateKey.prvkey)** and also to check its **validity**. If all data has been correctly entered, it is then possible to log in. -NOTE: The current user needs to log in using their password. If an incorrect password is entered, +:::note +The current user needs to log in using their password. If an incorrect password is entered, access is temporarily blocked. +::: Login data @@ -145,7 +147,7 @@ The following data is displayed in the overview: Overview data: -1. Display of the currently available records +1. Display of the available records 2. Detailed information on the selected record 3. Search, logout, timeout until logout 4. Copy password to clipboard @@ -159,7 +161,9 @@ closed by clicking on **Logout**. If the user is **inactive** for **60 seconds**, he is automatically **logged out** and the **login** is displayed with additional information. -NOTE: You have been logged out due to inactivity +:::note +You have been logged out due to inactivity +::: -The user can log in again using the **password** and **key** as described above. After successfully +The user can log in again using the **password** and **key** as described previously. After successfully logging in, the **Emergency WebViewer Export overview** is displayed again. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md index 7433e80cc0..16d49e8c68 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -6,10 +6,10 @@ sidebar_position: 40 # System tasks -## What are system tasks? +## System tasks overview Netwrix Password Secure supports administrators and users by automating repetitive tasks. These are -represented as system tasks. Predefined tasks can thus be carried out at freely defined intervals. +represented as system tasks. Predefined tasks can thus be performed at freely defined intervals. ![System Tasks](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_85-en.webp) @@ -25,9 +25,9 @@ User right - Can manage Emergency WebViewer export system tasks - Can manage WebViewer export system tasks -## What can be automated? +## Automation capabilities -There are currently four different work processes that can be automated using system tasks: +There are four different work processes that can be automated using system tasks: - **HTML WebViewer export:** Exports a freely definable selection of records in an AES-256 encrypted HTML file. The file is saved in the form of notifications. @@ -36,28 +36,28 @@ There are currently four different work processes that can be automated using sy - **Network service scan:** Searches for service accounts on the network at defined cycles - **Active Directory synchronization:** The comparison with Active Directory can also be automated via system tasks. This requires an active directory profile to be created in advance. It is - important to note that only the Master Key profile can be automatically compared. + important to Only the Master Key profile can be automatically compared. ## Creating system tasks System tasks can be initiated as usual via the ribbon or also the context menu that is accessed using the right mouse button. The desired process to be automated using system tasks is then -selected from the four above-mentioned work processes. +selected from the four previously mentioned work processes. ![installation_with_parameters_86](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_86.webp) -Naturally, the four work processes also share some similarities in their configuration. +the four work processes also share some similarities in their configuration. - **Status:** The system task is normally activated and then starts immediately after it has been saved according to the defined intervals. If the system task is deactivated here, it is still - saved but is not yet activated. + saved but isn't yet activated. - **Next run:** This setting describes when the system task will be performed or when it was already performed for the first time (if this task was already created and is now being edited) - **Interval:** The interval at which the system task should be executed is defined here. All increments between every minute and once only are possible. It is also possible to enter an end date. -The differences between the four work processes to be automated are described below. These +The differences between the four work processes to be automated are described in the following sections. These differences are always part of the task settings within the system task form – the example here shows an HTML WebViewer export to be configured. @@ -86,13 +86,15 @@ Active Directory synchronization Emergency WebViewer export - The Emergency WebViewer export creates an encrypted HTML file that contains all passwords. In an - emergency, the data required to get the system up and running again can be accessed in this file. + emergency, the data required to get the system operational again can be accessed in this file. -NOTE: Tags could be defined for individual tasks – yet they have no relevance and can also not be +:::note +Tags could be defined for individual tasks – yet they have no relevance and can also not be used as filter criteria in the system tasks. +::: Status -A corresponding note will be displayed to indicate if a task is currently being executed. +A corresponding note will be displayed to indicate if a task is being executed. ![installation_with_parameters_88](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/installation_with_parameters_88.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/tag_manager.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/tag_manager.md index ee262e1bba..fd06d5235b 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/tag_manager.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -6,9 +6,9 @@ sidebar_position: 60 # Tag manager -## What is the tag manager? +## Tag manager overview -All existing tags can be viewed, edited and deleted directly in the tag manager. This can be +All existing tags can be viewed, edited, and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the group [Extras](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/extras.md). diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/general_settings.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/general_settings.md index 51f8c4cfc6..96560c6071 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/general_settings.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/general_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # General settings -## What are general settings? +## General settings overview The **general settings** relate to users. Thus, each user can customize the software to their own needs. The following options can be configured: @@ -14,7 +14,7 @@ needs. The following options can be configured: Colour scheme Various Windows colour schemes are available. The colour scheme Colorful provides e.g. different -colours which make it easier to distinguish between the modules in the software. If the colour +colours that make it easier to distinguish between the modules in the software. If the colour scheme is changed, the client must be restarted. Language @@ -24,7 +24,7 @@ restarted. Starting the application minimised in the notification area -You can start the client minimized if you wish to run Netwrix Password Secure in the background. You +You can start the client minimized if you want to run Netwrix Password Secure in the background. You will be able to access it through the notification area. Minimise the application on closing diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/import.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/import.md index 071d5c1948..a99d7fefbb 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/import.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/import.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Import -## What is an import? +## Import overview If another password management tool was used before Netwrix Password Secure, these data can be imported into Netwrix Password Secure. The formats .csv and especially Keepass (.xml) are supported. @@ -40,23 +40,25 @@ Settings 1. The settings are used to firstly define the level in the hierarchy for saving the imported structure. As can be seen in the example, the import will take place in the main organisational unit. One of the existing organisational units can also be defined as a parent instance via the - drop-down menu. + dropdown menu. 2. The slider defines whether the imported structures should be imported as an organisational unit or as a tag. If the slider is fully moved to the left, only tags are created. If it s moved to the right, all objects are imported as an organisational structure. In addition, every object can be configured separately via the context menu that is accessed using the right mouse button. It is also possible to ignore folders. -NOTE: No folders exist in Netwrix Password Secure. For this reason, it is necessary to define +:::note +No folders exist in Netwrix Password Secure. For this reason, you must define whether a folder is saved as an organisational structure or as a tag during the import. The same process is also used for the migration. +::: Assignment of the form fields ![installation_with_parameters_61](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_61.webp) The third step is to assign the forms from the file to be imported to already existing forms. As -form fields may also have different names, the assignment process must be carried out manually via +form fields may also have different names, the assignment process must be performed manually via drag & drop. Depending on which form was selected on the top line, form fields from the list on the right can now be assigned to the form fields to be imported via drag & drop. It is also possible to create new forms. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/main_menu_fc.md index 43df26c1cc..a453dbbe38 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/main_menu_fc.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Main menu -## What is the Main menu/Backstage? +## Main menu/Backstage overview -All settings that are not linked to a particular module are defined in the Backstage (main menu). +All settings that aren't linked to a particular module are defined in the Backstage (main menu). This makes it easy to access the settings at any time and in any module. ![Main menu](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md index cf524ad8cc..1df01c0965 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -107,8 +107,10 @@ column. The rights are grouped according to categories to provide a better overv | Can manage Emergency WebViewer export system tasks | | | Can manage WebViewer export system tasks | | -NOTE: There is a version selection box in the user rights. The options that were newly added in the +:::note +There is a version selection box in the user rights. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md index 9dca677194..8b26c6bc2e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -6,11 +6,11 @@ sidebar_position: 50 # User rights -## What are user rights? +## User rights overview In the user rights, access to functionalities is configured. Amongst tother things, this category includes both the visibility of individual [Client Module](/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md), as -well as the use of the import, export or management of rights templates functions. A complete +well as the use of the import, export, or management of rights templates functions. A complete listing is directly visible in the user rights. ## Administration of user rights @@ -20,7 +20,7 @@ thus require a disproportionate amount of care and maintenance. In the same way [Authorization and protection mechanisms](/docs/passwordsecure/current/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some -functionalities, on the other hand, should be available to all users. In order to do this, Netwrix +functionalities, on the other hand, should be available to all users. To do this, Netwrix Password Secure offers a three-step concept. ![installation_with_parameters_111](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_111.webp) @@ -38,14 +38,16 @@ one of the following three ways: it in the client settings. How a user receives a user right is irrelevant. The only important thing is that the user actually -receives a required right in one of the three ways mentioned above. It is recommended that you link +receives a required right in one of the three ways previously mentioned. Netwrix recommends that you link user rights to roles and, if necessary, supplement them with global user rights. **CAUTION:** In addition to personal and global user rights (as opposed to settings), user rights -are assigned via roles and not via organisational units! +are assigned via roles and not via organisational units. -NOTE: Only those user rights that the current user possesses themselves can be issued. However, all +:::note +Only those user rights that the current user possesses themselves can be issued. However, all rights can be removed. +::: ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -69,7 +71,7 @@ the desired configuration. This process is based as usual on the List Special attention should be given to the right Is database administrator. This right has the following effects: -- The user can also issue rights that he does not possess himself. +- The user can also issue rights that he doesn't possess himself. - The user can only have their rights removed by other database administrators. - The user can unlock other users on the Server Manager. - The user can also remove other users from the rights if they have the owner right. diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md index 374f18d86f..cf5f950840 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -160,8 +160,10 @@ The settings are grouped according to categories to provide a better overview | Clear clipboard on minimising | | | Clipboard gallery | | -NOTE: There is a version selection box in the settings. The options that were newly added in the +:::note +There is a version selection box in the settings. The options that were newly added in the selected version are correspondingly marked in the list. +::: ![installation_with_parameters_115](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md index 65bd05f438..bfe05f23b5 100644 --- a/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md +++ b/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # User settings -## What are user settings? +## User settings overview There are many functions within Netwrix Password Secure that can be adapted to the needs of users. It is also possible to define various parameters for optical representations. This can be inherited @@ -34,7 +34,7 @@ one of the following three ways: client settings. **CAUTION:** In addition to personal and global settings (as opposed to authorizations), settings -are not assigned via roles, but via organisational units! +aren't assigned via roles, but via organisational units. ![installation_with_parameters_112](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) @@ -53,7 +53,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th ![inherit permissions](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_117-en.webp) -The “Settings” button in the ribbon allows you to see the settings for both organisational units and +The “Settings” button in the ribbon lets you see the settings for both organisational units and users. The many setting options can be restricted by the known [Search](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md) mechanisms. @@ -64,12 +64,14 @@ The diagram shows the settings for the user “Jones”. The search has been fil by the organisational unit “IT”. The top two options have no value in the column. This is because this parameter has been defined at user level. -NOTE: The inheritance for individual settings can be deactivated in the ribbon! +:::note +The inheritance for individual settings can be deactivated in the ribbon. +::: ## Security levels Option groups were created in the global settings to ensure that users can control only those -settings for which they hold permissions. Categorising security levels from 1 to 5 allows you to +settings for which they hold permissions. Categorising security levels from 1 to 5 lets you combine similar options and thus make them available to the users. ![user settings](/images/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index 0cbdee7861..5ff329dac7 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Dashboard and widgets -## What are dashboards and widgets? +## Dashboards and widgets overview In case of large installations, the amount of information provided by Netwrix Password Secure may seem overwhelming. Dashboards expand the existing filter possibilities by an arbitrarily @@ -17,15 +17,19 @@ customizable info area, which visually prepares important events or facts Dashboards are available in almost all [Client Module](/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md)s. A separate dashboard can be set for each individual module. **Widgets** correspond to the individual modules of the dashboard. There are various widgets, which can be individually defined and can be -configured separately. In the above example, three widgets are enabled and provide information about +configured separately. In the previous example, three widgets are enabled and provide information about current notifications, password quality, and user activity. The **maximum number of possible widgets** is managed in the[User settings](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md). -NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > +:::note +You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. +::: -NOTE: The display of the dashboard is basically uncritical since the user can only see the data on +:::note +The display of the dashboard is basically uncritical since the user can only see the data on which he is also entitled. +::: #### Relevant settings @@ -45,7 +49,7 @@ and editing widgets is only possible in this mode. ![Adding and removing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_51-en.webp) -Use the drop-down menu to select the widget to be added \* (1) . **Then add the widget to the +Use the dropdown menu to select the widget to be added \* (1) . **Then add the widget to the dashboard using the corresponding button in the ribbon** (2). The maximum number of widgets that can be added can be configured in the user settings. In editing mode, any widget can be directly removed from the dashboard via the button on the upper right edge. The processing mode is ended by saving @@ -61,7 +65,7 @@ switch to the \* widget content tab \* in the ribbon. ![Customizing widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_53-en.webp) Separate variables can be customized for each widget. This example shows how often users have had -passwords displayed. Naturally, the variables are distinct for each widget since other information +passwords displayed. The variables are distinct for each widget since other information could be relevant. Widget event @@ -76,7 +80,7 @@ filtered “live” and displayed in real-time. ## Arranging widgets -In the edit mode, the layout of the widgets is user-defined. Drag & drop allows you to place a +In the edit mode, the layout of the widgets is user-defined. Drag & drop lets you place a widget in the corresponding position on the dashboard (left, right, top, or bottom). ![Arranging widgets](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_55-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index ba11d16e0a..ce77693084 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -39,18 +39,18 @@ for this example. ## Filter tab in the ribbon The filter management can also be found in the [Ribbon](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md). Here, it is -possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear -all currently applied filters. +possible e.g. to expand the configured filter criteria, save the filter, or clear +all applied filters. ![installation_with_parameters_20](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/installation_with_parameters_20.webp) #### Saving, editing, and deleting filters -In many cases, it is recommended to store defined filters. In this way, it is possible to make +In many cases, it is recommended to store defined filters. In this way, you can make efficient use of filter results from previous searches. The button **“Save filter”** directly prompts you to assign a meaningful name to this filter. The filter is saved according to the -criteria currently configured in the filter. This filter is now listed in the selection menu and can -now be selected. Note that a selected filter selection is immediately applied to the filter but is +criteria configured in the filter. This filter is now listed in the selection menu and can +now be selected. A selected filter selection is immediately applied to the filter but is not automatically executed. The filter must be used for this purpose. Both the button in the ribbon, so also the counterpart in the filter, lead to the same result here. @@ -58,7 +58,7 @@ so also the counterpart in the filter, lead to the same result here. Deleting and overwriting existing filters is identical in the procedure. The filter, which has been marked in the selection field, is always deleted. If an existing filter is to be overwritten, the -name of the filter is retained and is overwritten with the filter criteria currently configured in +name of the filter is retained and is overwritten with the filter criteria configured in the filter. ————————— @@ -105,7 +105,7 @@ is still unmanageable despite the fact that filters has been appropriately defin Negations are defined directly in the checkbox of an element within a filter group. Without negations, you can only search e.g. for a tag. Negations make the following queries possible: -”Deliver all records that have the tag “Development” but are not tagged with “Important”! +”Deliver all records that have the tag “Development” but aren't tagged with “Important”. -**CAUTION:** In order to effectively use negations, it is important that “and links” are always -enabled. Otherwise operations with negations cannot be modelled mathematically. +**CAUTION:** To effectively use negations, it is important that “and links” are always +enabled. Otherwise operations with negations can't be modelled mathematically. diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/display_mode.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/display_mode.md index 5be4840dd6..d675b58e4e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/display_mode.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -6,16 +6,18 @@ sidebar_position: 10 # Display mode -## What display modes exist? +## Available display modes -In addition to the already described [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure -view. This alternative view enables you to filter solely on the basis of the organisational -structure. Although this type of filtering is also possible in standard filter view, you are able to +In addition to the already described [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md), you can switch to structure +view. This alternative view lets you filter solely on the basis of the organisational +structure. Although this type of filtering is also possible in standard filter view, you can directly see the complete organisational structure in structure view. -NOTE: As there are no longer any folders in Netwrix Password Secure version 9, the structure view -can not mirror all of the functionalities of the folder view in version 7. However, the structure +:::note +As there are no longer any folders in Netwrix Password Secure version 9, the structure view +can't mirror all of the functionalities of the folder view in version 7. However, the structure view has been modelled on the folder view to make the changeover from the previous version easier. +::: ![installation_with_parameters_15](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_15.webp) @@ -29,9 +31,9 @@ associated with the display mode: ![installation_with_parameters_16](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) -- **Display mode:** It is possible to define whether the standard filter, structure filter or both +- **Display mode:** You can define whether the standard filter, structure filter or both are displayed. If the last option is selected, you can switch between both views. -- **Jump to filter on quick search:** If you are using structure view, it is possible to define +- **Jump to filter on quick search:** If you are using structure view, you can define whether the system should automatically jump to the standard filter if you click the quick search (top right in the client) - **Display mode status when starting the program:** This setting defines which display mode is diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md index b221995741..fe277a79b0 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md @@ -6,11 +6,11 @@ sidebar_position: 20 # Filter -## What is a filter? +## Filter overview The freely configurable filters of the PSR client provide all methods for easy retrieval of stored -data. The filter criteria are always adapted according to the module in which you are currently -located. When you select one or several search criteria, and click on “Apply filter”, the results +data. The filter criteria are always adapted according to the module in which you are +located. When you select one or several search criteria, and click “Apply filter”, the results will be displayed in the list view. If necessary, this process can be repeated as desired and further restrictions can be added. @@ -24,7 +24,7 @@ The following option is required for editing filters: ![Filter](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_10-en.webp) -## Who is allowed to use the filter? +## Filter usage permissions The filter is an indispensable working tool because of the possibility to restrict existing results according to individual requirements. Consequently, all users can use the filter. It is, of course, @@ -36,7 +36,7 @@ if he has the read permission for that form. **CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the frequency of use. This process is -not critical to security, since tags do not grant any permissions. They are merely a supportive +not critical to security, since tags don't grant any permissions. They are merely a supportive measure for filtering. ## Application example @@ -50,7 +50,7 @@ authorization. ![editing criteria](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/installation_with_parameters_11-en.webp) -As you can see, 133 records are not really manageable. In most situations you will need to reduce +As you can see, 133 records aren't really manageable. In most situations you will need to reduce the number of records by adding filters. **Adding filter criteria** @@ -59,7 +59,7 @@ The filter **organization** can be applied directly to the authorizations to res records according to the authorizations granted. In this case, the logged-on user holds rights for various areas. However, it would like to see only those records which are assigned to the **Own passwords** area within the organisational structure. In addition, there should be further -restrictions, which could be formulated as in the following sentence: “Deliver all records from my +restrictions, which could be formulated as in the following sentence: “Deliver all records from your own passwords that were created with the form **password** and which contain the expression **2016** and the tag **Administrator**. @@ -68,7 +68,7 @@ and the tag **Administrator**. As can be seen, the filter delivers the desired results. The extent to which the filter criteria match the three remaining data sets is assigned in colour. -**CAUTION:** When filtering with several criteria, such as forms, content and tags, all filter +**CAUTION:** When filtering with several criteria, such as forms, content, and tags, all filter criteria must be complied with. It is therefore a logical “AND operation”. Other possible methods for linking criteria are described in detail in the Advanced Filter Settings. @@ -94,5 +94,5 @@ the database. **CAUTION:** The effectiveness of the filter is closely linked to data integrity. Only when data is kept clean, efficient operation with the filter is ensured. It is important that employees are trained in the correct handling of the filter tool as well as when creating the records. Workshops -show the best success rate in this context. If you require further information, contact us under +show the best success rate in this context. If you require further information, contact Netwrix support under mail to: sales@passwordsafe.de. diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md index dfe84fb1b7..8e9007e02a 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md @@ -6,16 +6,16 @@ sidebar_position: 30 # List view -## What is the list view? +## List view overview The list view is located centrally in the Netwrix Password Secure client, and is a key element of -daily work. There are also list views in Windows operating systems. If you click on a folder in +daily work. There are also list views in Windows operating systems. If you click a folder in Windows Explorer, the contents of the folder are displayed in a list view. The same is true in Netwrix Password Secure version 9. -However, instead of folders, the content of the list view is defined by the currently applied +However, instead of folders, the content of the list view is defined by the applied filter. \* This always means that the list view is the result of a filtered filter \*. For the -currently marked record in list view, all existing form fields are output to the reading pane. With +marked record in list view, all existing form fields are output to the reading pane. With the two tabs “All” and “Favourites, the filter results can be further restricted. ![List view](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) @@ -23,10 +23,12 @@ the two tabs “All” and “Favourites, the filter results can be further rest At the bottom of the list view, the number of loaded records and the time required for this are shown. -NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is +:::note +For more than 100 list elements, only the first 100 records are displayed by default. This is to prevent excessive database queries where the results are unmanageable. In this case, it makes sense to further refine the filter criteria. By pressing the “All” button in the header of the list view, you can still manually switch to the complete list. +::: ## Searching in list view @@ -47,12 +49,12 @@ the detailed list view, similar to the procedure in Microsoft Outlook. All form ## Favourites -Regularly used records can be marked as favourites. This process is carried out directly in the +Regularly used records can be marked as favourites. This process is performed directly in the [Ribbon](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. ![Favourite](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) -You can filter for favourites directly in the list view. For this purpose, simply switch to the +You can filter for favourites directly in the list view. For this purpose, switch to the “Favourites” tab ![installation_with_parameters_30](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) @@ -65,15 +67,17 @@ more precise details. ![installation_with_parameters_31](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) -NOTE: The information visible underneath the password name is taken from the info field for the +:::note +The information visible underneath the password name is taken from the info field for the associated form and will be explained separately +::: ## Workingwith records All records that correspond to the filter criteria are now displayed in list view. These can now be opened, edited, or deleted via the ribbon. Many functions are also available directly from the context menu. You can do this by right-clicking the record. Multiple selection is also possible. To -do this, simply highlight the desired objects by holding down the Ctrl key. +do this, highlight the desired objects by holding down the Ctrl key. ![installation_with_parameters_32](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) @@ -85,7 +89,8 @@ separate tab, the list view is completely hidden ![editing dataset](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) -NOTE: Working with data records depends of course on the type of the data record. Whether passwords, -documents or organisational structures: The handling is partly very different. For more information, -please refer to the respective sections on the individual +:::note +Working with data records depends of course on the type of the data record. Whether passwords, +documents, or organisational structures: The handling is partly very different. Refer to the respective sections on the individual [Client Module](/docs/passwordsecure/current/configuration/advancedview/clientmodule/client_module.md) +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/operation_and_setup.md index ca67af068e..b1f6183208 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/operation_and_setup.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -34,7 +34,7 @@ operating concept ensures efficient work and a minimum of training time. ## TABs Tabs offer yet another option within the to present related information in a separate area. This tab -navigation enables you to display, quickly access and switch between relevant information. The +navigation lets you display, quickly access and switch between relevant information. The results for a filter with specific criteria can thus be retained without the original result being overwritten @@ -78,7 +78,7 @@ information. ## Orientation -It is possible to change the alignment of the following objects: +You can change the alignment of the following objects: - [Active Directory link](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) - [Applications](/docs/passwordsecure/current/configuration/advancedview/clientmodule/applications/applications.md) diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/print.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/print.md index ea4814196c..fd3a219433 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/print.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/print.md @@ -6,11 +6,11 @@ sidebar_position: 70 # Print -#### What can the print function do? +#### Print function capabilities It is often necessary to print out data stored in Netwrix Password Secure for documentation purposes. The Print function is available in numerous areas of Netwrix Password Secure for this -purpose. It is possible to print out records such as e.g. passwords or also information about +purpose. You can print out records such as e.g. passwords or also information about organisational units and much more. #### Relevantrights @@ -37,20 +37,22 @@ The print function is available in the following modules: #### Using the print function -The print function can be called up via the ribbon. +The print function can be opened via the ribbon. ![installation_with_parameters_44](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_44.webp) -Firstly, it is necessary to select whether you want to print a table or a detailed view. The amount +Firstly, you must select whether you want to print a table or a detailed view. The amount of data can also be defined. The individual menu items are described in detail further down in this section. After making your selection, the data is firstly prepared for printing. Depending on the amount of data, this may take a few minutes. The print preview is then opened. ![print password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_45-en.webp) -NOTE: The print preview accesses the functions of the printer driver. Depending on the printer or +:::note +The print preview accesses the functions of the printer driver. Depending on the printer or driver being used, the appearance and functions offered by the print preview may vary. The individual functions will thus not be described in detail here. +::: The printing process is ultimately started via the **print preview**. It is also possible to save the view or adjust the layout before printing. @@ -74,23 +76,25 @@ The data is printed here in table form. #### Tableview (current filter) -All currently **filtered** records will be printed out here. In this example, all seven records are +All **filtered** records will be printed out here. In this example, all seven records are thus printed out. ![filtered password](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_48-en.webp) -They are printed out – as described above – in table form. +They are printed out – as described previously – in table form. #### Detailed view (current selection) -This option also prints out the currently selected records. However, a detailed view is printed out +This option also prints out the selected records. However, a detailed view is printed out in this case. ![print filtered passwords](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/installation_with_parameters_49-en.webp) #### Detailed view (current filter) -This function can be used to print out all filtered records in detailed view as described above. +Use this function to print out all filtered records in detailed view as described previously. -NOTE: It should be noted that the amount of data generated via this function can quickly become very +:::note +The amount of data generated via this function can quickly become very large. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md index 082cc65035..ce2120053a 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Reading pane -## What is the reading pane? +## Reading pane overview The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you @@ -32,18 +32,18 @@ well as the [Organisational structure](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) are displayed. -**CAUTION:** It should be noted that the details area cannot be used for editing records! Although +**CAUTION:** The details area can't be used for editing records! Although it displays all of the data, editing is only possible if the record has been opened. 2. Footer area -In the footer area of the reading pane, it is possible to display various information for the -currently selected record. The button can be activated via the button provided. It is hidden by +In the footer area of the reading pane, you can display various information for the +selected record. The button can be activated via the button provided. It is hidden by default. ![Footer area](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_36-en.webp) -The logbook, linked documents, history, notifications and password resets can be accessed separately +The logbook, linked documents, history, notifications, and password resets can be accessed separately here via the tabs. The individual elements can be viewed with a double-click, as well as by using the quick view (space bar). Double clicking always opens a separate tab, the quick view merely opens a modal window diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md index 9ab35e2e16..fc72e212d8 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/ribbon.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Ribbon -## What is the ribbon? +## Ribbon overview The ribbon is the central control element of Netwrix Password Secure version 9. It is available in all modules. Netwrix Password Secure is almost always operated via the ribbon in the header area of @@ -14,14 +14,14 @@ the PSR client. ![Ribbon](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_5-en.webp) -The features available within the ribbon are dynamic, and are based on the currently available +The features available within the ribbon are dynamic, and are based on the available actions. Various actions can be performed, depending on which object is selected. The module selected also affects the features that are available in the ribbon. Of course, the most important actions can also be controlled via the context menu (right mouse button). ![Ribbon - Item](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon-1-en.webp) -This mainly affects the very often used features such as opening, deleting or assigning tags. +This mainly affects the very often used features such as opening, deleting, or assigning tags. However, a complete listing of the possible actions is always only possible directly in the ribbon. This ensures that the context menu can be kept lean. diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md index f857f91337..e5b65ce113 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md @@ -6,27 +6,29 @@ sidebar_position: 60 # Search -## What is search? +## Search overview -With the help of the search, it is possible to find data stored in the database efficiently +With the help of the search, you can find data stored in the database efficiently according to selected criteria. Basically, there are 2 search modes: 1. Quick search In the upper right section of the ribbon, there is a search field, which scans the module that is -currently open. This is a full-text search that scans all fields and tags except the password field. +open. This is a full-text search that scans all fields and tags except the password field. ![quick search](/images/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) The fast search is closely linked to the [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also separate search terms using -spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, +spaces, for example, **Cook Daniel**. This search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. The sequence is irrelevant. If the ordering needs to be taken into account, the search term must be -enclosed in quotation marks: **“Cook Daniel”**. The search is not case sensitive. No distinction is +enclosed in quotation marks: **“Cook Daniel”**. The search isn't case sensitive. No distinction is made between upper and lower case. -NOTE: You can access quick search directly via \* Ctrl + Q\*! +:::note +You can access quick search directly via \* Ctrl + Q\*. +::: Negations in the quick search @@ -40,7 +42,7 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis With the list search in the header of the [List view](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every list. Scans only -the currently filtered results. Password fields are not searched. The search is live, so the result +the filtered results. Password fields aren't searched. The search is live, so the result is further refined with every additional character that is entered. Automatic “highlighting” takes place in yellow colour. @@ -49,4 +51,6 @@ place in yellow colour. A direct database query is performed when the filter is executed. The list search only searches within the query already made. -NOTE: The list search is hidden by default and can be activated with “Ctrl + F” +:::note +The list search is hidden by default and can be activated with “Ctrl + F” +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md index e5f9aa2813..b5465431b4 100644 --- a/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md +++ b/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md @@ -6,15 +6,17 @@ sidebar_position: 50 # Tags -## What are tags? +## Tags overview -The tag system is ubiquitous in Netwrix Password Secure. It can be used to classify and describe +The tag system is ubiquitous in Netwrix Password Secure. Use it to classify and describe almost every object. An object can have several such tags. These are always displayed in the header area of the data record. Optionally, tags can be provided with colours or a description. They determine the aesthetics of Netwrix Password Secure, and are optically a great help, in order not to loose the overview even in case of large amounts of data. -NOTE: Tags have no permissions. Any user can use any tag! +:::note +Tags have no permissions. Any user can use any tag. +::: ## Relevant rights diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md index 094f7faf90..b6d32ff557 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -15,7 +15,7 @@ Netwrix Password Secure generally differentiates between multiple methods for se 3. Using predefined rights - In the manual setting of permissions, the desired permissions are directly configured for each - record. Automatic processes and inheritance are **not** used in this case. + record. Automatic processes and inheritance aren't used in this case. - Both the use of predefined rights and also the inheritance from organisational structures are based on the **automated reuse** of already granted permissions according to previously defined rules. @@ -25,6 +25,8 @@ permissions?** ![manual vs automated settings](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated-setting-of-permissions-1-en.webp) -NOTE: Inheritance from organisational structures is defined by default in the system. This can be +:::note +Inheritance from organisational structures is defined by default in the system. This can be configured in the settings. The relevant setting is “Inherit permissions for new objects (without permission template)”. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 295fc11f65..74c5fae403 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -35,7 +35,7 @@ created records. The following values can be configured: -Off: Permissions from OUs are not inherited organisational unit: When creating new objects, +Off: Permissions from OUs aren't inherited organisational unit: When creating new objects, permissions are set in accordance with the defined rights for the target organisational unit. This setting is active by default. organisational unit and user: As well as inheriting permissions for organization units, the configured permissions for the user are now also inherited when creating @@ -56,15 +56,15 @@ Increase or reduce permissions: The permissions for the passwords are retained a increased or reduced by the change. Overwrite permissions: The permissions for the passwords are completely overwritten. This means that all permissions for a password are firstly removed and then the new permissions for the organisational unit are inherited. Cancel inheritance: The permissions -are not inherited but are only changed in the organisational unit. \*The permissions are only -inherited by existing passwords within the organisational unit. Therefore, the permissions are not +aren't inherited but are only changed in the organisational unit. \*The permissions are only +inherited by existing passwords within the organisational unit. Therefore, the permissions aren't inherited downwards throughout the entire structure. Example case This example shows the creation of a new record in the organisational structure “marketing”. It is defined in the settings for the stated organisational structure that permissions should be inherited by new objects in accordance with the organisational structure. -The permissions for the organisational unit “marketing” are shown below: +The permissions for the organisational unit “marketing” are shown in the following example: ![example of permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-4-en.webp) @@ -79,7 +79,7 @@ record just created are now shown. ## Conclusion -The permissions for the “storage location” are simply used when creating new objects. Two conditions +The permissions for the “storage location” are used when creating new objects. Two conditions apply here: The value “organisational unit” must be selected in the settings for the inheritance of permissions diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index da1eb2d860..06367da1b4 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -6,14 +6,13 @@ sidebar_position: 10 # Manual setting of permissions -## What is the manual setting of permissions for records? +## Manual permission settings for records overview In contrast to the [Automated setting of permissions](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the -manual approach does not utilize any automatic processes. This method of setting permissions is thus -carried out separately for every record – this process is not as recommended for newly created data. -If you want to work effectively in the long term, the automatic setting of permissions should be -used. However, the manual setting of permissions is generally used when editing already existing +manual approach doesn't use any automatic processes. This method of setting permissions is thus +performed separately for every record – this process isn't as recommended for newly created data. +To work effectively in the long term, use the automatic setting of permissions. However, the manual setting of permissions is generally used when editing already existing records. ## Adding additional users with permissions @@ -29,9 +28,11 @@ the permissions in the list view: ![different ways to access the permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-1-en.webp) -NOTE: The icon on the right of the reading pane shows the information whether the record is personal +:::note +The icon on the right of the reading pane shows the information whether the record is personal or public. In case of personal data records, the user that is logged on is the only one who has -permissions! +permissions. +::: The author is created with all permissions for the record. As described in the [Permission concept and protective mechanisms](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now @@ -53,7 +54,7 @@ Ctrl/Shift + left mouse button. By default, all added users or roles receive only the “Read” permission on the record. The “Read” permission at the beginning is sufficient to view the fields of the data record and to use the -password. "Write" permission allows you to edit a data record. **The permission “Authorize” is +password. "Write" permission lets you edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for the[Seals](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). @@ -61,7 +62,7 @@ the[Seals](/docs/passwordsecure/current/configuration/advancedview/permissioncon ## Transferring permissions -A simple right-click on a user can be used to copy and transfer permission configurations of users +Right-click a user to copy and transfer permission configurations of users or roles to others in the context menu. In this context, the use of permission templates is also very practical. In the “Template” area of ​​the ribbon, you can save configured permissions, including all users, and reuse them for other records. @@ -69,7 +70,7 @@ including all users, and reuse them for other records. ![preset menu](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-5-en.webp) The transfer of permissions and their reuse can be an important building block to create and -maintain entitlement integrity. This method cannot rule out misconfigurations, but it will minimize +maintain entitlement integrity. This method can't rule out misconfigurations, but it will minimize the risk significantly. Of course, the correct configuration of these templates is a prerequisite. ## The add permission @@ -90,5 +91,5 @@ itself, as well as by users with the permission “Is database administrator”. The owner permission prevents other users who have the “Authorize” permission from removing someone with the owner permission from the record. -**CAUTION:** The owner permission does not protect a record from being deleted. Any user who has -deletion permission can delete the record! +**CAUTION:** The owner permission doesn't protect a record from being deleted. Any user who has +deletion permission can delete the record. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index b614fcf969..d47d4c0e89 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -6,12 +6,12 @@ sidebar_position: 20 # Multiple editing of permissions -## How to edit multiple permissions? +## Edit multiple permissions As part of the manual modification of permissions, it is also possible to edit multiple records at -the same time. Various mechanisms can be used to select the records to be edited. You are able to +the same time. Use various mechanisms to select the records to be edited. You can select the records in [List view](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md) or you can use -the filter as part of the multiple editing function. Both scenarios are described below. +the filter as part of the multiple editing function. Both scenarios are described in the following sections. ### User permissions for batch processing @@ -26,7 +26,7 @@ existing permissions will **not be overwritten**. ## Selecting the records -In list view, Shift or Ctrl + mouse click can be used to select multiple records. Permissions can +In list view, Shift, or Ctrl + mouse click lets you select multiple records. Permissions can also be granted for these records via the selection. The marked records are displayed in a different color. 6 records are marked in the following image. @@ -40,8 +40,10 @@ changes. ![rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-2-en.webp) -NOTE: As the already granted permissions for the selected records may differ, it is not possible to +:::note +As the already granted permissions for the selected records may differ, it isn't possible to display the permissions here. +::: ## Adding permissions @@ -53,12 +55,14 @@ receives all permissions. ## Reducing permissions / removing users and roles from the permissions -If you want to remove permissions, it is also necessary to add the user or the desired role to be -edited. Clicking on **Reduce permissions** now means that permissions will be removed. This is +To remove permissions, add the user or the desired role to be +edited. Clicking on **Reduce permissions** removes the selected permissions. This is indicated by the :material-minus-circle-outline: symbol. The selected permissions will be removed. -NOTE: If the **read** permission is to be removed for a user or role, the user will be completely +:::note +If the **read** permission is to be removed for a user or role, the user will be completely removed from the permissions. +::: ## Examples @@ -69,33 +73,33 @@ contrast, Mr. Brewery receives all permissions: The read permission will be removed for Mr. Steiner. As removing the read permissions means that no other permissions exist for the record, Mr. Steiner is completely removed from the permissions. The -authorize, move, export and print permissions are being removed from Mr. Brewery. Assuming that he -previously had all permissions, he will then have read, write and delete permissions remaining: +authorize, move, export, and print permissions are being removed from Mr. Brewery. Assuming that he +previously had all permissions, he will then have read, write, and delete permissions remaining: ![edit rights for selected passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-4-en.webp) ## Batch processing using a filter -In some cases it is necessary to edit the permissions for a very large number of records. On the one +In some cases you must edit the permissions for a very large number of records. On the one hand, a maximum limit of 1000 records exists and on the other hand, handling a very large number of -records via list view is not always the best solution. The **Batch processing using a filter** mode +records via list view isn't always the best solution. The **Batch processing using a filter** mode has been developed for this purpose. This is directly initiated via the ribbon. ![Batch processing using a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-5-en.webp) -In the subsequent dialogue, you define whether you want to expand, reduce or completely overwrite +In the subsequent dialogue, you define whether you want to expand, reduce, or completely overwrite existing permissions. If you select **expand or reduce** at this stage, the same logic as for **editing via list view** is used. No permissions will thus be overwritten. In the option **overwrite permissions**, the existing permissions are removed and then replaced by the newly defined permissions. -**CAUTION:** It is important to proceed with great caution when overwriting permissions because this +**CAUTION:** You must proceed with great caution when overwriting permissions because this function can quickly lead to a large number of records becoming unusable. ![permissions adapted on a filter](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-6-en.webp) -The filter itself defines the selection criteria for the records to be edited. The currently +The filter itself defines the selection criteria for the records to be edited. The configured filter will be used as default. The records that will be affected by the changes are also not displayed in this view. Only the number of records is displayed. In the following example, 9 passwords are being edited to add the read permission the role "Sales". @@ -104,20 +108,22 @@ passwords are being edited to add the read permission the role "Sales". ## Seals and password masking -Sealed or masked records cannot be edited using batch processing. If these types of passwords are +Sealed or masked records can't be edited using batch processing. If these types of passwords are selected, a dialogue will be displayed when carrying out batch processing to inquire how these records should be handled. ![security warning because of sealed or masked passwords](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-8-en.webp) -It is possible to select whether the affected records are skipped or whether the seal or password +You can select whether the affected records are skipped or whether the seal or password masking should be removed. If the **remove** option is selected, the process needs to be confirmed again by entering a PIN. ![security warning](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple-editing-of-permissions-9-en.webp) -**CAUTION:** The removal of seals and password masking cannot be reversed! +**CAUTION:** The removal of seals and password masking can't be reversed. -NOTE: Depending on the number of records, editing records may take a long time. This process is -carried out in the background for this reason. A hint will indicate that the permissions process has +:::note +Depending on the number of records, editing records may take a long time. This process is +performed in the background for this reason. A hint will indicate that the permissions process has been completed. +::: diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md index 90da4b49a8..574bf3e3aa 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -12,8 +12,10 @@ Once they have been configured, permissions can be constantly reused. The functi permissions as a template** in the ribbon is used for this purpose. The templates are globally available and can also be used for other records. -NOTE: When saving templates, always select a name that will also allow it to be safely +:::note +When saving templates, always select a name that will also allow it to be safely differentiated from other templates if you have a large number of right templates. +::: Nevertheless, the use of right templates merely reduces the amount of work and still envisages the manual setting of permissions. Automatic process for the issuing of permissions also exist in diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index 90b2746806..03c9e0555d 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -6,11 +6,11 @@ sidebar_position: 40 # Permission concept and protective mechanisms -## What is the permission concept? +## Permission concept overview -With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands +With Netwrix Password Secure version 9 Netwrix provides the right solution to all conceivable demands placed on it with regards to permission management. [Roles](/docs/passwordsecure/current/configuration/advancedview/clientmodule/roles.md) are a -great way to efficiently manage multiple users without losing the overview. We've created multiple +great way to efficiently manage multiple users without losing the overview. Password Secure've created multiple methods to manually or automatically manage your permissions. More information can be seen in the chapter [Multiple editing of permissions](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) @@ -22,11 +22,15 @@ The interrelationships between all of these elements are illustrated in the foll ![Authorisation concept](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_1-en.webp) -NOTE: Applying some form of permissions is **obligatory**. Applying a protective mechanism is +:::note +Applying some form of permissions is **obligatory**. Applying a protective mechanism is **optional**. +::: -NOTE: The configuration of visibility is a technical part of the permissions process. However, this +:::note +The configuration of visibility is a technical part of the permissions process. However, this mechanism has a “protective character” and is thus listed under protective mechanisms. +::: ## Basic mechanics of the permission concept @@ -51,7 +55,7 @@ is, of course, a good idea to manage these roles in accordance with your company role “Administrators” can therefore be provided with more extensive authorizations than, for example, the role “Sales Assistance”. This role-based inheritance allows the organization to maintain the overview in a larger corporate structure as well as a simple procedure when adding new -employees. Instead of having to entitle him individually, this is simply added to his role. +employees. Instead of having to entitle him individually, the new employee is added to the role. ![Permission only for users or roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_2-en.webp) @@ -60,13 +64,9 @@ only to grant rights individually to employees in exceptional cases. The unplann personnel must also be taken into account in such concepts. Working with roles defuses such risks significantly. -NOTE: - - -``` -Permissions are always granted to only one user or role! - -``` +:::note +Permissions are always granted to only one user or role. +::: ### 2. Membership in roles @@ -76,7 +76,8 @@ been authorized for the role. ![Membership in roles](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_3-en.webp) -NOTE: +:::note +::: ``` @@ -95,23 +96,19 @@ illustrates this with an example of two users. - **User 1** is a member of the role, and is therefore authorized for all records that are assigned to the role. However, it has only “read rights” for the role itself. This means, it can see the - role, but cannot “Edit, move, or delete” it. + role, but can't “Edit, move, or delete” it. - **User 2** has all rights for the role. It can add additional users to the role by means of - “authorize”. The crucial point, however, is that it is not a member of the role. It cannot, + “authorize”. The crucial point, however, is that it isn't a member of the role. It can't, therefore, see any records for which the role is authorized. In practice, the first user would be a classic user that is assigned, for example, to the Sales role by the administrators, and can view the records accordingly. The second user could be one of those administrators. This user has extensive rights for the role. It can edit it, and add users to it. -However, it cannot see any data that is assigned to sales. It lacks membership in the role. +However, it can't see any data that is assigned to sales. It lacks membership in the role. -NOTE: - - -``` -As a member of a role, it must have at least the “read” right for the role! - -``` +:::note +As a member of a role, it must have at least the “read” right for the role. +::: ## Specific example and configuration @@ -124,15 +121,15 @@ configuration of a role will be illustrated using two users. The configuration i - The user “Holste” is a member of the role and can, therefore, access those records for which the role has permissions. He has the obligatory read right for the role, which is the basic - requirement in order to be a member of the role. Which exact rights it has to the data record is + requirement to be a member of the role. Which exact rights it has to the data record is not defined within the role! This is set out in the following section. -- The user “Administrator” has all rights to the role, but is not a member! Thus, it cannot see any +- The user “Administrator” has all rights to the role, but isn't a member! Thus, it can't see any records that are authorized for the role. However, it has all rights to the role and can therefore print, assign other users to the role, and delete them. ![explanation of the authorization through a role](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_6-en.webp) This example clearly shows the advantages of the concept. The complete separation of administrative -users from regular users brings significant advantages. Of course, one does not necessarily exclude -the other. An administrator can, of course, have full access to the role and also be a member in it! +users from regular users brings significant advantages. Of course, one doesn't necessarily exclude +the other. An administrator can, of course, have full access to the role and also be a member in it. The boundaries between the two often overlap, and can be freely defined in Netwrix Password Secure. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index 7ce311ece2..df2b9d8b6a 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -6,16 +6,16 @@ sidebar_position: 30 # Predefining rights -## What are predefined rights? +## Predefined rights overview [Permissions for organisational structures](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) -can be carried out separately for every record. Although this method enables you to very closely -control every intended permission structure, it is not really efficient. On the one hand, there is +can be performed separately for every record. Although this method lets you very closely +control every intended permission structure, it isn't really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who -should also receive permissions to access data are forgotten. In addition, many users should not +should also receive permissions to access data are forgotten. In addition, many users shouldn't even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration -of predefined rights, please also refer to the sections +of predefined rights, also refer to the sections [Working with predefined rights](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their [Scope of validity for predefined rights](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). @@ -38,7 +38,7 @@ following example specifically focuses on an IT department. The following 3 hier In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the O[Organisational structure](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) -module, we now select those OUs (departments) for which rights should be predefined and select +module, Password Secure now select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. ![button of predefined rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-1-en.webp) @@ -61,20 +61,20 @@ structures is explained in ## Adding other template groups It is also possible to configure several different right templates within one department. This may -be necessary e.g. if there are several areas of competency within one department which should each +be necessary e.g. if there are several areas of competency within one department that should each receive different permissions. Alongside the **IT general** area, the template groups **Exchange** -and **Firewall** have also been defined below. +and **Firewall** have also been defined in the following example. ![Standard template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-4-en.webp) -A **default template group** can be defined directly next to the drop-down menu for selecting the +A **default template group** can be defined directly next to the dropdown menu for selecting the template group (green arrow). This is always pre-configured when you select “IT” as the OU to save records. ## Issuing tags for predefining rights In the same way that permissions are defined within right templates, it is also possible to -automatically set **tags**. Their configuration is carried out in the same way as issuing +automatically set **tags**. Their configuration is performed in the same way as issuing [Tags](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md) for records. ![tags for predefining rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md index b9616e4527..71492306ff 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -9,7 +9,7 @@ sidebar_position: 20 ## User rights for predefined rights The user rights section provides all of the basic information required for handling user rights . -Nevertheless, the four user rights related to “predefining rights” are explained below. +Nevertheless, the four user rights related to “predefining rights” are explained in the following sections. ![global user rights](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights_1-en.webp) @@ -25,7 +25,7 @@ Nevertheless, the four user rights related to “predefining rights” are expla selection function is displayed or not when creating new records. If this right has not been granted, the user is thus not able to see for which roles and users the user rights are being defined. -- **Can remove members from rights templates:** Roles defined within the rights templates cannot be +- **Can remove members from rights templates:** Roles defined within the rights templates can't be removed without this right. If this right has not been granted, the roles defined in the templates are always authorized for records in this organisational structure. If the user right is activated: The user can remove the roles via the “x” icon: diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md index a9788ab0e2..584d543601 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -8,7 +8,7 @@ sidebar_position: 30 In general, all of the predefined rights for an organisational structure are applied to all underlying objects. These objects could be passwords, forms, form fields documents, users, -applications or also other nested organisational structures in the hierarchy. In the following +applications, or also other nested organisational structures in the hierarchy. In the following example, the rights template **IT general** has been defined for the organisational unit **IT**. ![rights template](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_1-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index a8632f7fc1..eb6d41a9a9 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -44,7 +44,7 @@ associated permissions: | Red | Authorize | Other rights also exist that are, however, not separately indicated by a color. The overview in the -ribbon can be used to see whether the “move”, “export” and “print” rights are set or not. The +ribbon lets you see whether the “move”, “export” and “print” rights are set or not. The permissions for the selected role/user are always displayed – in this case for the role “IT management”. @@ -56,13 +56,13 @@ The [Manual setting of permissions](/docs/passwordsecure/current/configuration/a the configuration of rights for both existing and also new records. The option of [Predefining rights](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every record, a “preset” is defined once for each -organisational structure. Once this has been done, it is sufficient in future to merely select the +organisational structure. After this has been done, it is sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This -process is particularly advantageous for those users who should not set their permissions +process is particularly advantageous for those users who shouldn't set their permissions themselves. ![predefined rights diagram](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights_4-en.webp) -**CAUTION:** The configuration of permissions can be carried out manually or automatically as -described. If you want to change previously set permissions later, this has to be done manually. -Retrospectively defining rights is not possible. +**CAUTION:** The configuration of permissions can be performed manually or automatically as +described. To change previously set permissions later, do so manually. +Retrospectively defining rights isn't possible. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 4b5aad5000..10e2959c17 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Password masking -## What is password masking? +## Password masking overview -The safest passwords are those that you do not know. Password masking follows this approach. It +The safest passwords are those that you don't know. Password masking follows this approach. It prevents the password from being shown, while allowing the use of the automatic sign-on. You can apply it via the button of the same name in the ribbon. @@ -29,7 +29,9 @@ for the record is required to apply or remove the masking. Users who have the ** permission** for a record can continue to use the record without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. -NOTE: Password masking can only be applied to records with an existing password! +:::note +Password masking can only be applied to records with an existing password. +::: ## Applying password masking @@ -48,19 +50,23 @@ button in the ribbon for that purpose. Ensure that the password field is highlig The special feature when setting or editing masking via the form field permissions is that you can individually select users to whom masking will be applied. In the following example, masking has -been specified only for the role of “trainees”, although the “IT” role does not have the **authorize +been specified only for the role of “trainees”, although the “IT” role doesn't have the **authorize permission** either. In addition to the name of the role or the user, the icon symbolizes the fact that visa protection applies to trainees. ![example password masking](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_3-en.webp) -NOTE: Use the icon in the ribbon to apply password masking to all users who have read permission on -the record, but not the **authorize permission**. If you wish to specify more precisely for which -users the password masking should be applied, this is also possible via the form field permissions. +:::note +Use the icon in the ribbon to apply password masking to all users who have read permission on +the record, but not the **authorize permission**. To specify more precisely which +users the password masking applies to, use the form field permissions. +::: -NOTE: It is important to note that the login mask for records with password masking will be "sent +:::note +Mask for records with password masking will be "sent automatically", even if the setting **Browser Extensions: Automatically send login masks** has been deactivated. +::: **CAUTION:** The password masking only applies to those users who are authorized at the time of attachment to the record. If a record has the password masking and a user get´s authorized the diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index a0ae1b43f7..ade38a0269 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -6,16 +6,16 @@ sidebar_position: 40 # Protective mechanisms -## What are protective mechanisms? +## Protective mechanisms overview The primary goal of Netwrix Password Secure is to ensure data security at all times. The -authorization concept is naturally the most important component when it comes to granting users the +authorization concept is the most important component when it comes to granting users the intended level of permissions for accessing data. Specifically, this makes it possible to make certain information only available to selected employees. Nevertheless, it is still necessary to -have protective mechanisms above and beyond the authorization concept in order to handle complex +have protective mechanisms above and beyond the authorization concept to handle complex requirements. -- [Visibility](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly +- [Visibility](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) isn't separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. @@ -23,7 +23,7 @@ requirements. possible to grant users or roles temporary access to data. - [Password masking](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. -- To link the release of highly sensitive access data to a double-check principle, it is possible to +- To link the release of highly sensitive access data to a double-check principle, you can use [Seals](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a granular level and is always adaptable to individual requirements. @@ -37,26 +37,28 @@ In the interplay of the almost all conceivable scenarios can be depicted. It is worth mentioning again that the authorization concept is already a very effective tool, with limited visibility of passwords and data records. This concept is present everywhere in Netwrix Password Secure, and will be explained -in more detail below. +in more detail in the following sections. ## Visibility as a basic requirement It should always be noted that **visibility** is always a basic requirement for applying further protective mechanisms. A record that is completely hidden from a user (= no read permission) can -naturally not be given any further protective mechanisms. +not be given any further protective mechanisms. -NOTE: The visibility of a record is always the basic requirement for applying further protective +:::note +The visibility of a record is always the basic requirement for applying further protective mechanisms +::: ## Combining multiple protective mechanisms -In principle, there are a diverse range of possibilities for combining the above-mentioned +In principle, there are a diverse range of possibilities for combining the previously mentioned protective mechanisms. Temporary access to a “masked” record is possible just as having a “masked” record which is additionally secured by a double-check principle is also possible. **Nevertheless, -it should be noted that temporary permissions in combination with seals always pose a risk.** If +temporary permissions in combination with seals always pose a risk.** If releasing a seal requires approval from a person who only possesses or possessed temporary -permissions or will only possess them in future, this could naturally conflict with the configured +permissions or will only possess them in future, this could conflict with the configured release criteria. -**CAUTION:** The combination of seals and temporary permissions is not recommended if the user with +**CAUTION:** The combination of seals and temporary permissions isn't recommended if the user with permissions to issue a release has only been given temporary permissions. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index c95a74c5d3..055ab2288c 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Release mechanism -## What is the release mechanism? +## Release mechanism overview A sealed password will not be released until the number of approvals required in the seal has been granted. Releases can be granted by anyone who has been defined as having the required permissions @@ -16,25 +16,28 @@ release request to the final grant of the release and the breaking of the seal. ## Users and roles in the release mechanism As noted in the previous sections, seals always restrict the right of a user to view a specific -password. Even if the configuration is usually done at the level of the role, each user is naturally -responsible for his own request when carrying out the release. Even if a seal is defined for a role, +password. Even if the configuration is usually done at the level of the role, each user is responsible for his own request when carrying out the release. Even if a seal is defined for a role, technically separate seals are created for each individual member of the role. -NOTE: Requests or releases are only valid for the respective user! +:::note +Requests or releases are only valid for the respective user. +::: -**CAUTION:** If a user is a member of several roles of a seal, the "stronger" right is always -applied. Release rights have a priority over read rights +:::warning +If a user is a member of several roles of a seal, the "stronger" right is always +applied. Release rights have a priority over read rights. +::: ## 1. Requesting a release -In order to release a seal for sealed passwords, this must be requested from the user with the +To release a seal for sealed passwords, this must be requested from the user with the required permissions to issue the release. Within the Netwrix Password Secure client, this can be done via the buttons **Reveal** and **Seal** in the ribbon, as well as via the **Icon in the password field** of the data record in the reading pane. ![seal protection](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_1-en.webp) -A modal window opens, which can be used to request the seal. The reason for the entry will be +A modal window opens where you request the seal. The reason for the entry will be displayed to the users with the required permissions to issue the release. ![start seal process](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism_2-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md index 88f6a6cf3d..a7041fba2e 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Seal overview -## What is the seal overview? +## Seal overview Users with the required permissions to issue the releases receive access to the current state of the existing seals at any time via the seal overview. The overview is accessible via the ribbon as well @@ -52,6 +52,6 @@ breaking the seal after a security query. Viewing the password is irrelevant. On be manually reset by the icon to the right of the broken seal column. The state “Sealed” is restored. -**CAUTION:** It makes no sense to re-seal already visible passwords. The user was able to view the -password. Therefore, it is not monitorable whether the password has been saved, for example, by -screenshot. In such cases, a new password is the only way to guarantee 100% password security! +**CAUTION:** It makes no sense to re-seal already visible passwords. The user can view the +password. Therefore, it isn't monitorable whether the password has been saved, for example, by +screenshot. In such cases, a new password is the only way to guarantee 100% password security. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index c8e6ec0c1e..05882d10f7 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Seals -## What are seals? +## Seals overview Passwords are selectively made available to the different user groups by means of the [Authorization and protection mechanisms](/docs/passwordsecure/current/configuration/webapplication/authorization_and_protection_mechanisms.md). Nevertheless, there are many scenarios in which the ability to view and use a record should be linked to a release issued in advance. In this context, the seal is an effective protective mechanism. This multi-eye principle protects passwords by securing them with granular release -mechanisms. If you want to see a password, this must be requested and released. The release can also +mechanisms. To see a password, you must request and receive a release. The release can also be temporary. ## Relevant rights @@ -26,14 +26,14 @@ The following option is required to add a seal. ## Required permissions -Firstly, the user must have the **authorize permission** for the record in order to create seals. +Firstly, the user must have the **authorize permission** for the record to create seals. The read permission to all users and roles that are contained in the seal is also required. The exact configuration of password masking and permissions for records is described in detail in the Authorization concept section. -## What exactly is sealed? +## Sealed data scope -Technically speaking, the password itself is not sealed. It is the permission to see a password +Technically speaking, the password itself isn't sealed. It is the permission to see a password field that is protected by a seal. This allows for the most sensitive configurations, in which one group can use the password without restrictions, but the same password is sealed for other users. The wizard assists users in applying seals, as well as in future maintenance. @@ -41,7 +41,7 @@ The wizard assists users in applying seals, as well as in future maintenance. **CAUTION:** The complete data set is never sealed! Only the permission to view a password is protected by a seal. -**CAUTION:** Be Aware" Only records that are protected with a password can be sealed! +**CAUTION:** Be Aware" Only records that are protected with a password can be sealed. ## Seal wizard @@ -71,10 +71,12 @@ release are displayed in blue. ![example permissions](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_3-en.webp) -NOTE: All users and roles for which the data set is not sealed and which are not authorized for +:::note +All users and roles for which the data set isn't sealed and which aren't authorized for release are displayed in green. These can use the data record independently of the seal. +::: -To avoid having to perform any configuration manually, roles and users are copied directly from the +To avoid having to perform any configuration manually, roles, and users are copied directly from the authorizations of the data record. Compare with the "permissions" for the record (can be viewed via the ribbon). @@ -83,9 +85,11 @@ the ribbon). Supervisors should issue the releases for their employees. Therefore, the checkbox also follows the existing authorizations. The following **scheme** is used: -NOTE: All users and roles that have the **authorize permission** to the record are "authorized to -issue a release" for the seal by default. All users and roles that do not have the **authorize +:::note +All users and roles that have the **authorize permission** to the record are "authorized to +issue a release" for the seal by default. All users and roles that don't have the **authorize permissions** to the record are copied directly into the "Sealed for" column. +::: Here is a closer look at the permissions of the role **Administrators** on the record: @@ -96,33 +100,37 @@ Here is a closer look at the permissions of the role **Administrators** on the r Although standard authorizations are used as a basis for the sealing concept, these can be adapted. The number of releases generally required is as configurable as the required number of releases from a role. In the following example, the seal has been extended so that a total of three release -authorizations are required in order to release the seal **(Multi-eye principle)**. The role of the +authorizations are required to release the seal **(Multi-eye principle)**. The role of the administrators has been marked in the mandatory column. This means that it must grant at least one release. In summary: A total of three releases must be made, whereby the group of administrators must grant at least one release. ![edit seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_6-en.webp) -In order to be not only dependent on existing authorizations on the data set, other users can also -be added to the seal. The role accounting under "sealed for" has been added below. +To be not only dependent on existing authorizations on the data set, other users can also +be added to the seal. The role accounting under "sealed for" has been added in the following example. ![define permission for the seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_7-en.webp) -NOTE: When a role or a user is added to a seal, these users also receive permissions on the record +:::note +When a role or a user is added to a seal, these users also receive permissions on the record according to the authorization granted in the seal. A role that is added under "Sealed for" receives the **Read permission** on the record. When you add authorization permissions, these will include the **Read**, **Write**, **Delete**, and **Authorize** permission. +::: **CAUTION:** All the roles that were once added to the seal can no longer be removed via the seal -logic. This is only possible directly via the authorizations of the data record! +logic. This is only possible directly via the authorizations of the data record. -NOTE: It is possible to seal records for a user who is also authorized to issue a release. In this -constellation, it is important to ensure that at least one other user is authorized to issue a +:::note +You can seal records for a user who is also authorized to issue a release. In this +constellation, at least one other user is authorized to issue a release. In principle, you should never be able to issue a release for yourself. +::: #### 3. Advanced settings -Advanced seal settings allow you to adjust the multi-eye principle. Both the time validity of a +Advanced seal settings let you adjust the multi-eye principle. Both the time validity of a release request as well as a granted release can be configured. Multiple break defines whether after the breaking of a seal by a user, other users may still break it. @@ -130,9 +138,9 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal -Before closing the wizard, it is possible to save the configuration for later use in the form of a +Before closing the wizard, you can save the configuration for later use in the form of a template. [Seal templates](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be -optionally provided with a description for the purpose of overview. +optionally provided with a description to overview. ![save seal](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index fcbb49bb0b..9b01e53dee 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -6,9 +6,9 @@ sidebar_position: 20 # Temporary permissions -## What are temporary permissions? +## Temporary permissions overview -So far, we have covered permissions that were valid for an unlimited period. However, a permission +So far, Password Secure has covered permissions that were valid for an unlimited period. However, a permission can also be granted in advance with a time restriction. Examples are users who stay in the company for a limited time, such as interns or trainees. @@ -33,8 +33,10 @@ permissions: - **Green:** The temporary permission is active. - **Red:** The time period for the temporary permissions has already expired. -NOTE: Temporary permissions can also be assigned to multiple roles and users at the same time. You -can select multiple users and roles as usual with Ctrl/Shift + left mouse button! +:::note +Temporary permissions can also be assigned to multiple roles and users at the same time. You +can select multiple users and roles as usual with Ctrl/Shift + left mouse button. +::: ## Special features of the authorization system @@ -43,5 +45,5 @@ configurations. Conceivable constellations include a situation when the only use only has temporary permissions. When these permissions expire, there is no longer any user with full permissions. To prevent this happening, users with temporary permissions are handled differently. -**CAUTION:** There must always be one user who has the “authorize” right to a record, who does not +**CAUTION:** There must always be one user who has the “authorize” right to a record, who doesn't only have temporary permissions. diff --git a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index b6616768fb..19d0af8415 100644 --- a/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md +++ b/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -10,24 +10,24 @@ sidebar_position: 10 The use of a [Filter](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility of the records is closely -interwoven with the existing permissions structure. Naturally, a user can always only see those +interwoven with the existing permissions structure. A user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into -consideration when handling records. [Tags](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md) are not +consideration when handling records. [Tags](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/tags.md) aren't subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record -as personal – yet each user will naturally only be able to find their own personal records. +as personal – yet each user will only be able to find their own personal records. ## Creating independently working environments The possibility of separately defining the visibility of individual objects is one of the special features within the Netwrix Password Secure authorization concept. Irrespective of whether handling -records, documents, organisational structures, roles or forms: it is always possible to define +records, documents, organisational structures, roles, or forms: it is always possible to define whether a user or a role possesses a read permission to the object or not. The permissions for each of these objects can be defined separately via the ribbon in the permissions dialogue. This approach enables the creation of independently existing departments within a database. The permissions -structure for the SAP form can be seen below. It shows that only the sales manager and the -administrators are currently permitted to create new records of type SAP. +structure for the SAP form can be seen in the following example. It shows that only the sales manager and the +administrators are permitted to create new records of type SAP. ![example permissions on a form](/images/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility-en.webp) @@ -35,6 +35,8 @@ In general, each department can independently use forms, create passwords and ma this way. Especially in very sensitive areas of a company, this type of compartmentalization is often required and also desired. -NOTE: An alternative also supported by Netwrix Password Secure is for each department to set up +:::note +An alternative also supported by Netwrix Password Secure is for each department to set up their own MSSQL database. However, this physical separation requires considerably more -administration work than the above-mentioned separation of data based on permissions and visibility. +administration work than the previously mentioned separation of data based on permissions and visibility. +::: diff --git a/docs/passwordsecure/current/configuration/autofilladdon/autofill_add-on.md b/docs/passwordsecure/current/configuration/autofilladdon/autofill_add-on.md index 99ed66a984..ec4eb0978d 100644 --- a/docs/passwordsecure/current/configuration/autofilladdon/autofill_add-on.md +++ b/docs/passwordsecure/current/configuration/autofilladdon/autofill_add-on.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Autofill Add-on -## What is the Autofill Add-on? +## Autofill Add-on overview The Autofill Add-on is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in @@ -28,7 +28,9 @@ User rights The right **Can create web applications** is required for creating new web applications\* -NOTE: The agent can control multiple databases at the same time +:::note +The agent can control multiple databases at the same time +::: #### Functionality @@ -38,28 +40,30 @@ The functionality of the Autofill Add-on is illustrated in the following diagram RDP and SSH sessions(![1](/images/passwordsecure/9.2/configuration/autofill_add-on/1.webp) -) are not automatically started via the Autofill Add-on. Applications are created for this purpose +) aren't automatically started via the Autofill Add-on. Applications are created for this purpose in the Netwrix Password Secure client. The creation and use of these connections is explained in detail in the corresponding section. Automatically starting all other types of connection is the task of the **Autofill Add-on**. The following types of connections exist: -- Entering login data in Windows applications: Alongside the above-mentioned RDP and SSH sessions, +- Entering login data in Windows applications: Alongside the previously mentioned RDP and SSH sessions, other Windows applications can also be automated (![2](/images/passwordsecure/9.2/configuration/autofill_add-on/2.webp)). - A major difference is that the two above-mentioned connections are set up and “embedded” in a + A major difference is that the two previously mentioned connections are set up and “embedded” in a separate tab. Other applications, such as e.g. VMware, are directly started as usual. In these cases, the Autofill Add-on takes over the communication between the application server and the Windows applications. -NOTE: For entering data on websites, the record must contain at least the following fields: User +:::note +For entering data on websites, the record must contain at least the following fields: User name, password, URL. +::: #### Conclusion As the Autofill Add-on is directly connected to the application server, login data can also be entered without the main client. Exceptions are the RDP and SSH connections. These are forced to remain part of the client. The Autofill Add-on thus acts as a lean alternative for the use of the -client with the two limitations mentioned. Naturally, all of the steps completed are still entered +client with the two limitations mentioned. All of the steps completed are still entered in the logbook and are always traceable. diff --git a/docs/passwordsecure/current/configuration/autofilladdon/configuration_autofill_add-on.md b/docs/passwordsecure/current/configuration/autofilladdon/configuration_autofill_add-on.md index f41c588795..242ac18987 100644 --- a/docs/passwordsecure/current/configuration/autofilladdon/configuration_autofill_add-on.md +++ b/docs/passwordsecure/current/configuration/autofilladdon/configuration_autofill_add-on.md @@ -18,19 +18,21 @@ makes all of the databases configured on the client available. It is also possib profiles as usual so that the connection data for certain databases can be used efficiently in the future. -NOTE: The agent accesses the same configuration file as the client. All changes to profiles will +:::note +The agent accesses the same configuration file as the client. All changes to profiles will thus also affect the client. New profiles can thus also be created via the Autofill. +::: #### Context menu functionality -After successfully logging in, the Autofill Add-on firstly runs in the background. Right click on +After successfully logging in, the Autofill Add-on firstly runs in the background. Right click the icon in the system tray to open the context menu. ![icon options](/images/passwordsecure/9.2/configuration/autofill_add-on/configuration/installation_with_parameters_130-en.webp) - **Disconnect**: Connect to database/disconnect from database. (All connections are shown for multiple databases) -- **Login** enables you to log into another database +- **Login** lets you log into another database - **Disable/Enable agent** allows you the option of temporarily disabling automatic login - A diverse range of variables can be defined via the **Settings** - **Reload all Data** diff --git a/docs/passwordsecure/current/configuration/basicview/basic_view.md b/docs/passwordsecure/current/configuration/basicview/basic_view.md index c8c9ef015b..2845b659a4 100644 --- a/docs/passwordsecure/current/configuration/basicview/basic_view.md +++ b/docs/passwordsecure/current/configuration/basicview/basic_view.md @@ -8,7 +8,7 @@ sidebar_position: 30 ![light-client-en](/images/passwordsecure/9.2/configuration/basic_view/light-client-en.webp) -## What is the Basic view about? +## Basic view overview The Basic view is a lean tool for every end user. It guarantees quick and easy access to the daily needed passwords. Although the Basic view has a limited range of functions, it can be operated @@ -21,7 +21,7 @@ ideal tool for the daily handling of passwords. ## Requirements & required rights You don’t need any special permission to use the Basic view. However, the handling of the Basic -views can be set via rights and settings. Read more in chapter +views can be set via rights and settings. See [To do for Administration](/docs/passwordsecure/current/configuration/basicview/todoforadministration/to_do_for_administration.md). #### Installation diff --git a/docs/passwordsecure/current/configuration/basicview/checklist_of_the_basic_view.md b/docs/passwordsecure/current/configuration/basicview/checklist_of_the_basic_view.md index 0f58657d3a..54dbda28ca 100644 --- a/docs/passwordsecure/current/configuration/basicview/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/current/configuration/basicview/checklist_of_the_basic_view.md @@ -18,8 +18,8 @@ URL** 2. Set display of the Basic view or Advanced view -The setting **Display passwords in Basic view & display passwords in Advanced view** allows you to -configure the display of both clients. The passwords can be displayed with an icon, logo or in text +The setting **Display passwords in Basic view & display passwords in Advanced view** lets you +configure the display of both clients. The passwords can be displayed with an icon, logo, or in text form. 3. Are users in the right organisational unit? diff --git a/docs/passwordsecure/current/configuration/basicview/password_management.md b/docs/passwordsecure/current/configuration/basicview/password_management.md index fc468a0f2c..34e1ebe775 100644 --- a/docs/passwordsecure/current/configuration/basicview/password_management.md +++ b/docs/passwordsecure/current/configuration/basicview/password_management.md @@ -9,20 +9,24 @@ sidebar_position: 60 ## Creating passwords This chapter deals with the main functionality of Basic view, namely the secure storage and -management of passwords. It should be noted that a password can be stored in different ways. +management of passwords. A password can be stored in different ways. -NOTE: The required settings and rights are given by the in-house administration. Further information +:::note +The required settings and rights are given by the in-house administration. Further information can be found here: To do for the administration +::: #### Create with application -**Prerequisite:** An existing application is available. It does not matter whether this is an SSO, +**Prerequisite:** An existing application is available. It doesn't matter whether this is an SSO, web, RDP, or SSH application. ![create password](/images/passwordsecure/9.2/configuration/basic_view/password_management/create-password-en.webp) -NOTE: Managing and creating the corresponding applications is the responsibility of the in-house +:::note +Managing and creating the corresponding applications is the responsibility of the in-house administration. How to create an application can be read here and in the following chapters. +::: Clicking on the existing application opens a window that asks for the user name and password. @@ -60,7 +64,7 @@ Then the whole process is completed by clicking the "Finish" button. ## Changing and deleting passwords -In order to change or delete passwords you should stay on the corresponding tile with the mouse +To change or delete passwords you should stay on the corresponding tile with the mouse cursor. The control button will appear. When you click the button, you will be offered the "Edit" and "Delete" options, among others. diff --git a/docs/passwordsecure/current/configuration/basicview/start_and_login_basic_view.md b/docs/passwordsecure/current/configuration/basicview/start_and_login_basic_view.md index 0879e953db..2272cf2fde 100644 --- a/docs/passwordsecure/current/configuration/basicview/start_and_login_basic_view.md +++ b/docs/passwordsecure/current/configuration/basicview/start_and_login_basic_view.md @@ -30,7 +30,7 @@ There are 2 possibilities here: ![image4](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/image4.webp) -**CAUTION:** Please ask your administrator if you are not sure which login details apply to you! +**CAUTION:** ask your administrator if you aren't sure which login details apply to you. #### Change to the web view of the Basic view @@ -41,12 +41,12 @@ As soon as the login was successful, you are now either: or - in the Web Application. To switch from the Web Application to the Basic view web view, you have to - click on your profile name. There you will be offered the option **"Switch to the Basic view"**. + click your profile name. There you see the option **"Switch to the Basic view"**. ![switch to lightclient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/switch-to-lc-wc-en.webp) The Basic view web view is in no way inferior to the Basic view. The same functions are given except -for the download of the favicons (icon, symbol or logo used by web browsers to mark a website in a +for the download of the favicons (icon, symbol, or logo used by web browsers to mark a website in a recognizable way). ![LightClient in WebClient](/images/passwordsecure/9.2/configuration/basic_view/start_and_login/wc-lc-en.webp) diff --git a/docs/passwordsecure/current/configuration/basicview/tab_system.md b/docs/passwordsecure/current/configuration/basicview/tab_system.md index 142059e7fd..6d4e66b098 100644 --- a/docs/passwordsecure/current/configuration/basicview/tab_system.md +++ b/docs/passwordsecure/current/configuration/basicview/tab_system.md @@ -6,9 +6,9 @@ sidebar_position: 50 # Tab system -## What is the tab system? +## Tab system overview -The tab system helps to structure the passwords in order to manage and find them more easily. For +The tab system helps to structure the passwords to manage and find them more efficiently. For this purpose, several tabs can be created and switched between them with a click. ![tabs LightClient](/images/passwordsecure/9.2/configuration/basic_view/tab_system/tabs-lc-en.webp) @@ -34,7 +34,7 @@ The public tabs can be shown and hidden as needed. The X closes the current tab. ![close tab](/images/passwordsecure/9.2/configuration/basic_view/tab_system/close-tab-en.webp) -A public tab can be displayed again with a simple click on the +. +A public tab can be displayed again with a simple click the +. ![select organisational unit](/images/passwordsecure/9.2/configuration/basic_view/tab_system/select-ou-en.webp) diff --git a/docs/passwordsecure/current/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md b/docs/passwordsecure/current/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md index ddbeb82e9d..83f43cd307 100644 --- a/docs/passwordsecure/current/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md +++ b/docs/passwordsecure/current/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -42,10 +42,10 @@ required: Text, user name, password, URL. DefaultFormImpossiblePlausibility -When creating a password for an application, there is a field which is not displayed. Therefore, the +When creating a password for an application, there is a field which isn't displayed. Therefore, the plausibility in fields should be checked. NoValidOrganisation Is only relevant for the web view of the Basic view. It is activated if you want to create a -password using the add-on and the user does not have an OU in which to create it. +password using the add-on and the user doesn't have an OU in which to create it. diff --git a/docs/passwordsecure/current/configuration/basicview/todoforadministration/to_do_for_administration.md b/docs/passwordsecure/current/configuration/basicview/todoforadministration/to_do_for_administration.md index 0e3cc18d68..3cdb9bf059 100644 --- a/docs/passwordsecure/current/configuration/basicview/todoforadministration/to_do_for_administration.md +++ b/docs/passwordsecure/current/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -8,12 +8,14 @@ sidebar_position: 10 ## Conditions for using the Basic view -The Basic view allows end users to easily manage their passwords in Netwrix Password Secure without -any training or prior knowledge. In order to ensure proper operation, the administration has to make +The Basic view allows end users to manage their passwords in Netwrix Password Secure without +any training or prior knowledge. To ensure proper operation, the administration has to make a few preparations first. This will be further discussed in the following. -NOTE: To make the Basic view transition as easy and smooth as possible for the user, the +:::note +To make the Basic view transition as easy and smooth as possible for the user, the administration can orient towards this checklist. +::: #### Relevant rights and settings @@ -43,14 +45,14 @@ There are several ways to provide/create passwords in the Basic view. #### Predefined passwords Predefined passwords have already been created on the FullClient. Basic view users must at least -obtain the right to read a record in order to use the password. +obtain the right to read a record to use the password. ![installation_with_parameters_154](/images/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_154.webp) #### Creating passwords via applications -In order to use applications on the Basic view, the administration must first create them on the -FullClient. By clicking on the application, the end user can easily generate secure passwords. To be +To use applications on the Basic view, the administration must first create them on the +FullClient. By clicking on the application, the end user can generate secure passwords. To be able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter @@ -60,7 +62,7 @@ Further information on this topic can be found in the chapter #### Creating passwords via applications without applications -Please consider the following rights and settings so that Basic view users can create new passwords. + consider the following rights and settings so that Basic view users can create new passwords. User rights: diff --git a/docs/passwordsecure/current/configuration/basicview/view.md b/docs/passwordsecure/current/configuration/basicview/view.md index 983655676b..9b4667e529 100644 --- a/docs/passwordsecure/current/configuration/basicview/view.md +++ b/docs/passwordsecure/current/configuration/basicview/view.md @@ -10,7 +10,7 @@ sidebar_position: 40 The Basic view interface is arranged in tiles. If a logo/icon has been stored for a password in the image management, this can optionally be displayed with the associated data record. If the logo of -the password is not available, a reduced Outlook view is displayed. +the password isn't available, a reduced Outlook view is displayed. 1. view of a Basic view button with stored logo @@ -24,7 +24,7 @@ the password is not available, a reduced Outlook view is displayed. ![sql-server-log](/images/passwordsecure/9.2/configuration/basic_view/view/sql-server-log.webp) -Click on the tile to open the application. +Click the tile to open the application. ![SSO LightClient](/images/passwordsecure/9.2/configuration/basic_view/view/sso-lc-en.webp) @@ -45,20 +45,20 @@ When you click the button, the following options become visible: - -Edit (The selected record can be edited.) - Move (The selected record can be moved to another organisational unit) - Move to bin (the selected record can be deleted.) -- -Copy username (the username of the selected record will be copied to the clipboard). -- -Copy password (the password of the selected record will be copied to the clipboard). -- Typing assistance (Use this view to easily type out passwords) -- -Refresh (The record will be updated.) +- -Copy username (copies the username of the selected record to the clipboard). +- -Copy password (copies the password of the selected record to the clipboard). +- Typing assistance (Use this view to type out passwords) +- -Refresh (updates the record.) -You can only perform the above operations if you are sufficiently authorized. Please point this out -to your in-house administrator if this is not the case for you. +You can only perform the above operations if you are sufficiently authorized. point this out +to your in-house administrator if this isn't the case for you. **CAUTION:** You can only execute the mentioned operations if you are sufficiently authorized. -Please point this out to your in-house administrator if this is not the case for you. + point this out to your in-house administrator if this isn't the case for you. ## Image management Usually, the setup of logos/icons in the i**mage management** is done by the in-house -administration. You can learn more about this in the FullClient +administration. See the FullClient [Image management](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/current/configuration/browseraddons/applications_add-on.md b/docs/passwordsecure/current/configuration/browseraddons/applications_add-on.md index ba62955933..e6581e8eae 100644 --- a/docs/passwordsecure/current/configuration/browseraddons/applications_add-on.md +++ b/docs/passwordsecure/current/configuration/browseraddons/applications_add-on.md @@ -6,11 +6,11 @@ sidebar_position: 10 # Applications -## What are applications? +## Applications overview Data can be entered on many websites without further configuration. The website is scanned in order to find data entry fields in which the user name and password can then be entered. No further steps -are thus necessary. For websites where data cannot be entered directly, it is necessary to create an +are thus necessary. For websites where data can't be entered directly, you must create an application manually. These applications correspond to working guidelines that precisely define which information should be entered into which target field. The full script that describes the assignment is called an “**application**”. @@ -18,7 +18,7 @@ assignment is called an “**application**”. ![registration with and without application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_142-en.webp) The diagram starts with the user navigating to a website. The application server is then checked to -see whether a record has been saved for this website for which the currently registered user also +see whether a record has been saved for this website for which the registered user also has the required permissions. If this is the case, the information required for the login is sent to the Browser Extension in encrypted form. The password is only decrypted in the add- on shortly before it is entered. There are two ways in which the information is entered: **Data entry without @@ -33,17 +33,17 @@ websites that would fit the page. It is only necessary for the hostname includin such as .de or .com, to match. The data are then entered. In this case, the user name is transmitted to the first user name field that can be found on the page. The password is also entered into the first password field found on the page. If automatic login has been activated in the settings, this -is also carried out by clicking the login button. +is also performed by clicking the login button. #### Data entry with application -It is not possible to automatically recognise the fields that must be filled on some websites. An +It isn't possible to automatically recognise the fields that must be filled on some websites. An application needs to be created in these cases. If more than two fields need to be transferred, it is also necessary to create an application. In this context, “application” means instructions that are used to enter information into the fields. It thus assigns fields in the record to the associated fields on the website. This mapping process only needs to be configured once. The applications is responsible for entering data in the fields on the website from then on. In the -following example, the data entry process is carried out from the client. Naturally, this is also +following example, the data entry process is performed from the client. This is also possible via [Browser Add-ons](/docs/passwordsecure/current/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) @@ -53,10 +53,10 @@ hostname including the domain suffix (“.de” or “.com”) to match. ## Creating applications -**CAUTION:** The user right Can add new web applications is required in order to create applications +**CAUTION:** The user right Can add new web applications is required to create applications -If the login mask on a website cannot be automatically completed, it is necessary to manually create -an application. To create an application, the desired website is first called up. The add-on is then +If the login mask on a website can't be automatically completed, you must manually create +an application. To create an application, the desired website is first opened. The add-on is then started via the relevant icon. The menu item “Create application\* can be found here ![create application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_144-en.webp) @@ -67,21 +67,21 @@ A modal window now opens. The actual application is now created here. The following options are available: -- **Advanced options** allows you to define a delay separately for each field when entering the +- **Advanced options** lets you define a delay separately for each field when entering the data. This is sensible when the process of entering the data would otherwise not run smoothly on sluggish websites. -- The **Move** setting can be used to change the position of the modal window if it covers the login +- The **Move** setting lets you change the position of the modal window if it covers the login window -To capture, click on the first field to be filled on the website. It will be directly added to the +To capture, click the first field to be filled on the website. It will be directly added to the list in the modal window. For better identification, fields that belong together are marked in colour. ![choosed application field](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_146-en.webp) The field type (e.g. INPUT) and the field label are displayed in the field itself. In addition, an -action is proposed which fits the field type, such as e.g. entering the user name. The action can -naturally be adjusted if required. Once all fields have been captured, the system checks whether the +action is proposed that fits the field type, such as e.g. entering the user name. The action can +be adjusted if required. Once all fields have been captured, the system checks whether the actions are correct. Finally, the application can be saved. ![example for a application](/images/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_147-en.webp) diff --git a/docs/passwordsecure/current/configuration/browseraddons/browser_add-ons.md b/docs/passwordsecure/current/configuration/browseraddons/browser_add-ons.md index 6e778c307c..722f347960 100644 --- a/docs/passwordsecure/current/configuration/browseraddons/browser_add-ons.md +++ b/docs/passwordsecure/current/configuration/browseraddons/browser_add-ons.md @@ -10,10 +10,10 @@ Passwords can also be used in the browser using the browser add-on. You can sear the add-on, transfer them to the clipboard or enter them in the input mask of the website automatically. The automatic login may require applications. -In order to provide the data, the add-on needs a connection to the database. This can be set up +To provide the data, the add-on needs a connection to the database. This can be set up directly in server mode. -Currently, add-ons are available for the following browsers: +, add-ons are available for the following browsers: - Microsoft Edge - Google Chrome @@ -23,11 +23,11 @@ Currently, add-ons are available for the following browsers: ## Installation -Please find more information about the installation on: Installation Browser Add-ons + find more information about the installation on: Installation Browser Add-ons ## Connection via server mode -If the installation of the browser extension has been carried out, the user can now open the desired +If the installation of the browser extension has been performed, the user can now open the desired browser. A window appears in which the security of the connection is confirmed. Pairing is performed with a simple click. A new icon will also be displayed in the desired browser from this point onwards: @@ -42,7 +42,7 @@ The server mode must know which database profile it is connected to. There are t up a database profile: First, the database profile can be created manually. Therefore, he following information is -required: IP address, Web Application URL and database name. Please note that /api is appended to +required: IP address, Web Application URL and database name. /api is appended to the end of the IP address. ![database profil](/images/passwordsecure/9.2/configuration/browseradd-ons/manual-database-profile-en.webp) @@ -60,8 +60,8 @@ The server mode offers the following advantages: - No terminal service is required in terminal server operation -**CAUTION:** Please note that SSO applications only work via Autofill Add-on. If you are in server -mode and the Autofill Add-on has not been started, SSO applications do not work! +**CAUTION:** SSO applications only work via Autofill Add-on. If you are in server +mode and the Autofill Add-on has not been started, SSO applications don't work. After successful connection, the number of data records available for the current Internet page is displayed on the icon. @@ -71,7 +71,7 @@ displayed on the icon. ## Settings All settings that relate to the add-on are made centrally on the client. The user settings system -can be used to enter them globally per organisational unit or per user. The following options have a +lets you enter them globally per organisational unit or per user. The following options have a direct impact on the add-ons and can be found in the SSO category: - Browser add-ons: Automatically send login masks ensures that the login is automatically completed @@ -83,13 +83,17 @@ direct impact on the add-ons and can be found in the SSO category: The default browser option also has an impact on the add-ons. This setting defines the browser in which the websites are opened from the client. -NOTE: It is important to note that the login mask for records with password masking will be ”sent +:::note +Mask for records with password masking will be ”sent automatically\*, even if the setting Browser add-ons: Automatically send login masks has been deactivated. +::: ## Working with add-ons -NOTE: A record can only be used for entering data if it has a form field of type "URL". +:::note +A record can only be used for entering data if it has a form field of type "URL". +::: The subscript number mentioned in the previous section is only available with active logins and therefore already says a lot about the “Number of possible entries”. For example, if the number “2” @@ -103,9 +107,9 @@ Secure – as described in the following section. ## Search and navigation -It is currently assumed that the user has to navigate manually to the website on which they want to -automatically enter login data. This way of working is possible but is not convenient enough. The -add-on can be used in a similar way to bookmarks. The search field can be used to search for the +It is assumed that the user has to navigate manually to the website on which they want to +automatically enter login data. This way of working is possible but isn't convenient enough. The +add-on works similarly to bookmarks. Use the search field to search for the record in the database. The prerequisite is again that the record contains a URL. ![Record usage](/images/passwordsecure/9.2/configuration/browseradd-ons/addon-records-usage-en.webp) diff --git a/docs/passwordsecure/current/configuration/browseraddons/how_to_save_passwords.md b/docs/passwordsecure/current/configuration/browseraddons/how_to_save_passwords.md index 076a3fcd74..490baeabe2 100644 --- a/docs/passwordsecure/current/configuration/browseraddons/how_to_save_passwords.md +++ b/docs/passwordsecure/current/configuration/browseraddons/how_to_save_passwords.md @@ -8,7 +8,7 @@ sidebar_position: 20 This chapter describes how to store passwords via add-on. -**CAUTION:** You can only save passwords in server mode! +**CAUTION:** You can only save passwords in server mode. ## New access data @@ -35,7 +35,7 @@ already known dataset. - **Save password**: The password will be exchanged without opening the Web Application. - **check changes**: The Web Application is opened and you are logged in. The previous password has - been replaced by the new one. However, the storage must be carried out manually. + been replaced by the new one. However, the storage must be performed manually. ![data was recognized](/images/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/installation_with_parameters_152-en.webp) diff --git a/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_android.md b/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_android.md index 1bc304c41e..8aa0072a3a 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_android.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_android.md @@ -17,7 +17,7 @@ Netwrix Password Secure App must be enabled. #### Autofill The login data is entered as soon as the app finds a corresponding mask on a web page or in an app. -In some masks the process starts automatically, in others it is necessary to type in the first +In some masks the process starts automatically, in others you must type in the first field. There are two possible scenarios. @@ -29,19 +29,21 @@ There are two possible scenarios. No password found -If no password is found that matches the app or the website called up, the desired password must +If no password is found that matches the app or the website opened, the desired password must first be selected. Exactly one password found -If there is a data set that contains exactly the URL that is called up, the corresponding password -can be suggested. A simple click on the password is then sufficient to pass the data to the website +If there is a data set that contains exactly the URL that is opened, the corresponding password +can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Multiple passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate on the app before +:::note +Depending on the current state, it may be necessary to authenticate on the app before selecting or confirming the password to be entered. The database then has to be unlocked via the password or Touch ID first. +::: diff --git a/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_ios.md b/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_ios.md index bf098c6a41..f5e08851d9 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_ios.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -12,8 +12,8 @@ screens. This works both with websites in the browser and with other apps. #### Requirements -In order to ensure automatic registration, a few prerequisites must be met. First of all, the -automatic registration must be set up in the settings. If the **iOS keychain** is not needed, it +To ensure automatic registration, a few prerequisites must be met. First of all, the +automatic registration must be set up in the settings. If the **iOS keychain** isn't needed, it should be deactivated. This makes handling a bit easier. Finally, a database connection must exist and access to passwords must be possible. @@ -29,11 +29,11 @@ Dialog Depending on the configuration and scenario, the dialog for entry can have different characteristics: -- First, one or more passwords are displayed that match the current page or app. These can be +- One or more passwords are displayed that match the current page or app. These can be selected and entered with a click. - It is also possible to open the dialog for selecting a password. If no password is found, this dialog is displayed directly. -- Finally, the iOS keychain can also be opened. If this function is not needed, it can be +- Finally, the iOS keychain can also be opened. If this function isn't needed, it can be deactivated. The corresponding option will then no longer be offered. No password found @@ -43,14 +43,16 @@ selected. Exact password found -If there is a data record that contains exactly the URL that is called up, the corresponding -password can be suggested. A simple click on the password is then sufficient to pass the data to the +If there is a data record that contains exactly the URL that is opened, the corresponding +password can be suggested. A simple click the password is then sufficient to pass the data to the website or app. Several passwords found If several matching passwords are found in the database, the desired one must be selected. -NOTE: Depending on the current state, it may be necessary to authenticate to the app before +:::note +Depending on the current state, it may be necessary to authenticate to the app before selecting or confirming of the password to be entered. The database then has to be unlocked via the password, Touch ID or Face ID. +::: diff --git a/docs/passwordsecure/current/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/current/configuration/mobiledevices/mobile_devices.md index 3f7642b534..7e521dbf53 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/mobile_devices.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/mobile_devices.md @@ -6,22 +6,23 @@ sidebar_position: 70 # Mobile devices -## The new Netwrix Password Secure Mobile App – mobile and simple! +## The new Netwrix Password Secure Mobile App – mobile and simple. -With version 8.10 we have created the perfect complement to the client: **The Netwrix Password -Secure Mobile App!** +With version 8.10 Password Secure has created the perfect complement to the client: **The Netwrix Password +Secure Mobile App.** -With its **convenient** interface, the Netwrix Password Secure Mobile App offers the perfect -prerequisite for every user to find their way around **quickly** and **easily**. +The Netwrix Password Secure Mobile App provides an intuitive interface that helps users find their way around **quickly**. For detailed documentation of the **Netwrix Password Secure Mobile App** -NOTE: Please note that as of version 8.10.0, the previous version 7 App is no longer compatible. +:::note +As of version 8.10.0, the previous version 7 App is no longer compatible. +::: -#### Security is our ambition +#### Security is the ambition No matter whether you work with a smartphone or a tablet, you benefit from the highest possible -security on all iOS and Android devices. All passwords are not only available on the mobile device, +security on all iOS and Android devices. All passwords aren't only available on the mobile device, but can also be automatically transferred to websites. So you can use highly complex and therefore secure passwords and don’t have to remember them anymore. The Netwrix Password Secure Mobile App thus combines security and convenience. In addition, the use of a local database ensures that @@ -34,7 +35,7 @@ more extensive and detailed in the specially created **documentation**. ### Password management -The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can not only be +The new **Netwrix Password Secure mobile app** keeps all **passwords** safe. They can't only be stored securely but also structured conveniently. ### SSO diff --git a/docs/passwordsecure/current/configuration/mobiledevices/passwords_mobileapp.md b/docs/passwordsecure/current/configuration/mobiledevices/passwords_mobileapp.md index 05bafbdea5..238e831fc3 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/passwords_mobileapp.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/passwords_mobileapp.md @@ -17,7 +17,7 @@ usually used by more than one user. Prerequisites -The following prerequisites must be met in order to create new global passwords: +The following prerequisites must be met to create new global passwords: - User right **Can create new passwords** - **Add right** to the corresponding organizational unit @@ -37,8 +37,8 @@ The following user rights are required to create personal passwords: #### Create passwords -When creating a new record, it is necessary to know whether it is a personal or a global password. -Because according to this criterion you should select the appropriate tab and click on the + located +When creating a new record, you must know whether it is a personal or a global password. +Because according to this criterion you should select the appropriate tab and click the + located in the upper right corner. ![create new password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/create-new-password-ma-en.webp) @@ -47,18 +47,18 @@ After that, select the required **form**. ![select form](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/select-form-ma-en.webp) -Then, once you have filled in all the relevant information of the selected form, one click on +Then, after you have filled in all the relevant information of the selected form, one click **Save** is enough to create the password. ![new entry MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-en.webp) #### Editing passwords -To edit a password, click on the corresponding password and select the pencil icon. +To edit a password, click the corresponding password and select the pencil icon. ![editing password](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/new-entry-ma-2-en.webp) -As soon as you click on the pencil icon again in the new window, in the so-called read-only view, +As soon as you click the pencil icon again in the new window, in the so-called read-only view, you can edit all existing fields. ![edit passwordfield MobileApp](/images/passwordsecure/9.2/configuration/mobiledevices/passwords/edit-passwordfield-ma-en.webp) @@ -67,7 +67,7 @@ you can edit all existing fields. #### Delete -Passwords can currently only be deleted via the Full- or Web Application. +Passwords can only be deleted via the Full- or Web Application. #### Tags @@ -77,7 +77,7 @@ Tags can be added or removed both when creating and editing a password. It is also possible to create a completely new tag. -This is possible by searching in the tag selection in the search field for a tag that does not +This is possible by searching in the tag selection in the search field for a tag that doesn't already exist. You will then be offered the option of creating this previously non-existent tag. diff --git a/docs/passwordsecure/current/configuration/mobiledevices/securitymd.md b/docs/passwordsecure/current/configuration/mobiledevices/securitymd.md index 2267b13359..02df5170b4 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/securitymd.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/securitymd.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Security -#### Your security is our ambition +#### Your security is the ambition Security is a top priority for Netwrix Password Secure - right from the conception stage, it sets the course for all further developments. Of course, security was also taken into account during the development of the Netwrix Password Secure app and the latest technologies were used. The following -encryption techniques and algorithms are currently used: +encryption techniques and algorithms are used: Global @@ -20,7 +20,7 @@ Global - End to end encrypted (like all Netwrix Password Secure App Clients) - No direct connection to Netwrix Password Secure Server required. Connection is via web server. - MDM (Mobile Device Management) support -- Passwords can be used offline when server access is not available +- Passwords can be used offline when server access isn't available - Fast incremental data synchronization - Easy connection between Netwrix Password Secure Mobile Apps and the server via QR code - Easy navigation between private and shared passwords @@ -32,7 +32,7 @@ Global iOS -- Full support of FaceID and TouchID for passwordless login to the Netwrix Password Secure Mobile +- Full support of FaceID and TouchID for passwordless log in to the Netwrix Password Secure Mobile app. - Password AutoFill support. Passwords are automatically entered in other apps and Safari. (No copy/paste or typing) diff --git a/docs/passwordsecure/current/configuration/mobiledevices/settings_mobileapp.md b/docs/passwordsecure/current/configuration/mobiledevices/settings_mobileapp.md index 9bda8bbc10..16c9d1c69b 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/settings_mobileapp.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/settings_mobileapp.md @@ -16,7 +16,7 @@ via the three dots at the very top left of the screen. These will be briefly exp Hide personal tab -In some use cases personal passwords are not needed on the mobile device. If this is the case you +In some use cases personal passwords aren't needed on the mobile device. If this is the case you can hide the tab with the personal passwords. Show all passwords in search tab @@ -44,13 +44,15 @@ How to synchronize with the main database is configured here. The following opti - **Any type of connection:** as long as there is a connection, synchronization will take place. No matter if it is a WLAN connection or a connection via the mobile network. - **Only for WLAN connection:** Synchronization only takes place if there is a connection via WLAN. -- **Disabled:** It is not synchronized +- **Disabled:** It isn't synchronized -NOTE: Costs may be incurred for synchronization via the mobile network! +:::note +Costs may be incurred for synchronization via the mobile network. +::: Synchronize now -Starts the synchronization. This can also be started outside the settings at any time by simply +Starts the synchronization. This can also be started outside the settings at any time by swiping down. More information can also be found in the chapter [Synchronization](/docs/passwordsecure/current/configuration/mobiledevices/synchronization.md). diff --git a/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/linking_the_database.md b/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/linking_the_database.md index ec2263d832..ee94e1ed27 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/linking_the_database.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Linking the database -First, an existing database must be linked to the Netwrix Password Secure app in order to finally +First, an existing database must be linked to the Netwrix Password Secure app to finally synchronize the data. During linking, an encrypted database is created on the mobile device, which provides the data even without a network connection. @@ -14,9 +14,9 @@ There are two ways to create a link. #### Manual linking -If the database is to be linked manually, the dialog for creating the link is first called up via +If the database is to be linked manually, the dialog for creating the link is first opened via the + in the top right-hand corner. Here the address of the Web Application is entered and confirmed -with a click on Connect. +with a click Connect. ![Create link](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/create-link-ma-en.webp) @@ -39,8 +39,8 @@ find the corresponding QR code in the Backstage under Account: ![QR-code](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/link-via-qr-code-en.webp) -Then click on the button for the QR code in the app. In the following dialog, the QR code is simply -photographed from the monitor. The mobile database is now created directly in the background and +Then click the button for the QR code in the app. In the following dialog, photograph the QR code +from the monitor. The mobile database is now created directly in the background and linked to the database on the server. In the next step, you can give the database profile a meaningful name and log in directly: @@ -48,7 +48,7 @@ meaningful name and log in directly: LightUser -Using the Light view, the user must click on their user account and click on the **Account** option +Using the Light view, the user must click their user account and click the **Account** option ![Account LightClient](/images/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/account-lc-2-en.webp) diff --git a/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md b/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md index 58f2a534f1..8f1ed09c6d 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -6,8 +6,8 @@ sidebar_position: 40 # Setting up autofill -The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. -the possibility to enter access data directly into the input mask. The autofill must first be set up +The most important comfort feature of the Netwrix Password Secure App is the autofill, i.e. +the ability to enter access data directly into the input mask. The autofill must first be set up or configured. #### Setting up the autofill under iOS @@ -16,7 +16,7 @@ In the settings, first select the item Passwords & Accounts and then Automatical as Auto-fill is activated, all options for filling in login windows are offered. Here one then selects Netwrix Password Secure. -RECOMMENDED: We recommend deactivating the **keychain (iOS)** as well as any other apps offered to +RECOMMENDED: Netwrix recommends deactivating the **keychain (iOS)** as well as any other apps offered to prevent misunderstandings in usage. ![password options](/images/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/password-options-en.webp) @@ -29,5 +29,5 @@ app is activated. In addition, you must define in the settings under Show via other apps that Netwrix Password Secure may be shown via other apps. -RECOMMENDED: We recommend to use only Netwrix Password Secure for automatic registration and to +RECOMMENDED: Netwrix recommends to use only Netwrix Password Secure for automatic registration and to deactivate all other apps here. This prevents possible misunderstandings in the operation. diff --git a/docs/passwordsecure/current/configuration/mobiledevices/synchronization.md b/docs/passwordsecure/current/configuration/mobiledevices/synchronization.md index df329c8678..f8a7cd9951 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/synchronization.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/synchronization.md @@ -12,13 +12,13 @@ automatically synchronized in the background. Synchronization logic -First of all, it is important to note how the synchronization has been configured in the +First of all, you must note how the synchronization has been configured in the [Settings](/docs/passwordsecure/current/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This is done via https port 443, which must be enabled on -the server side. Once the prerequisites have been met, there are the following triggers for +the server side. After the prerequisites have been met, there are the following triggers for synchronization: -- A login to the app takes place +- A log in to the app takes place - Swipe down in the app - The synchronization is started in the settings of the app. - A data record is changed in one of the two databases diff --git a/docs/passwordsecure/current/configuration/mobiledevices/tabs.md b/docs/passwordsecure/current/configuration/mobiledevices/tabs.md index c805f54acd..14f70109bd 100644 --- a/docs/passwordsecure/current/configuration/mobiledevices/tabs.md +++ b/docs/passwordsecure/current/configuration/mobiledevices/tabs.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Tabs -Once you have successfully logged in, you will find yourself in the view where all the user's +After you have successfully logged in, you will find yourself in the view where all the user's passwords are located. ![all passwords in mobile app](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/all-passwords-ma-en.webp) @@ -15,7 +15,7 @@ Here you have the following options: Action menu -With a click on +With a click ![three-points-en](/images/passwordsecure/9.2/configuration/mobiledevices/tabs/three-points-en.webp) the action menu is opened. diff --git a/docs/passwordsecure/current/configuration/offlineclient/offline_client.md b/docs/passwordsecure/current/configuration/offlineclient/offline_client.md index 3b2d44aabe..aeda703aa6 100644 --- a/docs/passwordsecure/current/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/current/configuration/offlineclient/offline_client.md @@ -6,9 +6,9 @@ sidebar_position: 90 # Offline Add-on -## What is the Offline Add-on? +## Offline Add-on overview -The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure +The Offline Add-on lets you work without an active connection to the Netwrix Password Secure server. If the corresponding setting has been configured ([Setup and sync](/docs/passwordsecure/current/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be automatically synchronized according to freely definable cycles. This ensures that you can always @@ -20,7 +20,7 @@ Facts - The database is encrypted using AES-128 or SHA-256. A so-called “platform default” is used for this purpose - In addition, RSA encryption processes are used -- More on this subject…::https://technet.microsoft.com/en-us/library/gg592949(v=sql.110).aspx +- More on this subject…::https://technet.microsoft.com/en-the team/library/gg592949(v=sql.110).aspx #### Installation @@ -37,20 +37,20 @@ account with regards to its operation: - There is no dashboard - Only the password module is available -- The filter is not available. Records are found using the +- The filter isn't available. Records are found using the [Search](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the [Autofill Add-on](/docs/passwordsecure/current/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on ![Offline Client](/images/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) -#### What data is synchronised? +#### Synchronised data [Seals](/docs/passwordsecure/current/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) enhance the security concept in Netwrix Password Secure to include a double-check principle that can be defined in fine detail. This means that releases for protected information are linked to the -positive authentication of one or more users. Naturally, it is not possible to issue these releases -when the server is not connected. For this reason, sealed records are not synchronized and thus do +positive authentication of one or more users. It isn't possible to issue these releases +when the server isn't connected. For this reason, sealed records aren't synchronized and thus do not form part of offline databases. Otherwise, all records for which the user has the **export right** are synchronised. diff --git a/docs/passwordsecure/current/configuration/offlineclient/setup_and_sync.md b/docs/passwordsecure/current/configuration/offlineclient/setup_and_sync.md index 28bd422348..2c87ed4aa9 100644 --- a/docs/passwordsecure/current/configuration/offlineclient/setup_and_sync.md +++ b/docs/passwordsecure/current/configuration/offlineclient/setup_and_sync.md @@ -8,15 +8,15 @@ sidebar_position: 10 ## Setting up the offline database -It is important to ensure that the right requirements have been met before setting up the Offline +The right requirements have been met before setting up the Offline Add-on. The following configurations need to be defined in both the Server Manager and also the user rights/user settings. Requirements To set up offline databases, this option must be activated in the Server Manager first. This process -is carried out separately for each database in the database view in the Server Manager in the -“General settings” (right click on the database). This is also possible to do when the database is +is performed separately for each database in the database view in the Server Manager in the +“General settings” (right click the database). This is also possible to do when the database is initially created. ![Properties](/images/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) @@ -34,21 +34,23 @@ server connection can be defined in the user rights. Creating an offline database -The synchronization with the offline database can generally be carried out automatically. However, -**the first synchronization must be carried out manually**. The synchronization is started via the +The synchronization with the offline database can generally be performed automatically. However, +**the first synchronization must be performed manually**. The synchronization is started via the Main menu/Account. ![account-en](/images/passwordsecure/9.2/configuration/offlineclient/setup/account-en.webp) -NOTE: The offline databases are stored locally under the following path: %appdata%\MATESO\Password +:::note +The offline databases are stored locally under the following path: %appdata%\MATESO\Password Safe and Repository Client\OfflineDB +::: An offline database must be created per user and client for each online database. This makes it possible to use several offline databases with an Offline Add-on. #### Synchronization -In order to keep the data always consistent, the offline database must be synchronized regularly. +To keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the [User settings](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is @@ -74,13 +76,13 @@ As soon as the synchronization is completed, this is indicated by a hint. Offline mode can be configured and personalized using the four settings mentioned: - **Offline synchronization after saving a record**: The synchronization of the offline database is - completed directly after saving a record. It is important to note that this only applies to those - records that are saved by the user who is logged in. Changes made by another user do not trigger - any synchronization! + completed directly after saving a record. Applies to those + records that are saved by the user who is logged in. Changes made by another user don't trigger + any synchronization. - **Offline synchronization after login:** If this option is active, the offline database is synchronized after each restart of the client. - **Automatic synchronization after an interval**: This setting is used to define the interval at - which a synchronization of the offline database will be periodically carried out. The default + which a synchronization of the offline database will be periodically performed. The default value is 30 minutes. - **Path where the offline database should be saved**: If this field is left empty, the system default is used. Otherwise, the storage location for the offline database can be entered directly. diff --git a/docs/passwordsecure/current/configuration/sdkapi/sdk__api.md b/docs/passwordsecure/current/configuration/sdkapi/sdk__api.md index a95dcf50cc..f9ebdd9d25 100644 --- a/docs/passwordsecure/current/configuration/sdkapi/sdk__api.md +++ b/docs/passwordsecure/current/configuration/sdkapi/sdk__api.md @@ -6,8 +6,8 @@ sidebar_position: 80 # SDK / API -API: This interface can be used to "address Netwrix Password Secure externally" in order to, for -example, read data for other programs. The API can only be accessed via our wrappers (SDK) using C# +API: Use this interface to "address Netwrix Password Secure externally" to, for +example, read data for other programs. The API can only be accessed via the wrappers (SDK) using C# and JavaScript. In the JavaScript version of the API, all enums can be found under the global object "PsrApiEnums". @@ -26,9 +26,9 @@ Server, i.e. `app-server01:11016`, must be used directly. ## Login -If you do not log in to the system in advance, it is not possible to use the API. The first +If you don't log in to the system in advance, it isn't possible to use the API. The first parameter for the login method is the desired database, followed by the user name and password. It -is important to note that all methods for running the API that initiate a server call are +is important to All methods for running the API that initiate a server call are implemented asynchronously. “Task” objects are returned in C# and “Promise” objects are returned in JavaScript. diff --git a/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md b/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md index 7b9ed245bc..bbcbbc2a0d 100644 --- a/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md +++ b/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md @@ -6,10 +6,10 @@ sidebar_position: 10 # Basic configuration -## What is basic configuration? +## Basic configuration overview Within the basic configuration, the connection to the SQL server or to the databases is defined. The -basic configuration appears the first time the Server Manager is started and can be called up at any +basic configuration appears the first time the Server Manager is started and can be opened at any time in the basic configuration. ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_188-en.webp) @@ -22,10 +22,10 @@ A special wizard is available to carry out the configuration: #### Service address -The service address of the SQL server can be selected via the drop-down menu. It is mandatory to +The service address of the SQL server can be selected via the dropdown menu. It is mandatory to select the adapter via which the Server Manager can also access the SQL server. -The loopback address 127.0.0.1 should not be used here. +The loopback address 127.0.0.1 shouldn't be used here. #### Service user @@ -43,12 +43,14 @@ simplicity, you can copy the server name from the login window of the SQL server ![installation_with_parameters_190](/images/passwordsecure/9.2/configuration/server_manager/baseconfiguration/installation_with_parameters_190.webp) -If the option “Service user” is selected, enter the user that logs on to the SQL Server. Please note +If the option “Service user” is selected, enter the user that logs on to the SQL Server. that “dbCreator” rights are necessary to create a configuration database. “dbOwner” rights are sufficient if the database is created manually on the SQL server and is only accessed here. Enter the name of the configuration database under “Database”. -NOTE: Refer to the system requirements for server section for more information about the users. +:::note +Refer to the system requirements for server section for details about the users. +::: #### Expert mode @@ -69,7 +71,7 @@ connection. By default, a certificate is generated by the Server Manager. Howeve choose your own. Further information can be found directly in the section provided for this purpose. **CAUTION:** Exchanging or overwriting an existing certificate may cause warnings to the clients if -the certificate is not trusted by each client. +the certificate isn't trusted by each client. Allow host mode @@ -84,5 +86,7 @@ the database on the SQL server here. The following is cached: - The structure of the organisational units - All settings -NOTE: If this option is changed, the server needs to be restarted so that the change can take +:::note +If this option is changed, the server needs to be restarted so that the change can take effect. +::: diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md index c2d8d1d457..d4e480e5df 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md @@ -10,7 +10,7 @@ Various different certificates are used to guarantee the security of Netwrix Pas certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important that they are carefully backed up. -## What certificates are used? +## Certificates in use The individual certificates are described in the following sections: @@ -20,7 +20,7 @@ The individual certificates are described in the following sections: - [Discovery service certificates](/docs/passwordsecure/current/configuration/servermanager/certificates/discovery_service_certificates.md)s - [Password Reset certificates](/docs/passwordsecure/current/configuration/servermanager/certificates/password_reset_certificates.md) -## Calling up the certificate manager +## Opening the certificate manager There are two ways to open the certificate manager. The certificates for each specific database can be managed via the ribbon: @@ -32,8 +32,10 @@ In the **Main menu**, it is also possible to start the certificate manager for a ![base configuration](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) -NOTE: Operation of the certificate manager is always the same. The only difference is whether the +:::note +Operation of the certificate manager is always the same. The only difference is whether the certificates are displayed for each database or for all databases. +::: #### Checking existing certificates @@ -52,7 +54,7 @@ information. The overview will initially only display those certificates that are being used and are thus required. Clicking on **All** will also display the no longer required certificates. For example, it is possible that outdated certificates exist on the machine due to a test installation. These -certificates can be easily deleted via the corresponding button in the ribbon. +certificates can be deleted via the corresponding button in the ribbon. ![certificates-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) @@ -67,8 +69,10 @@ The relevant certificates will be backed up by clicking on export. A password fi issued here. If a storage location has not yet been entered via the settings, you are firstly asked to enter it. -NOTE: SSL connection certificates are not included in this process and are also not backed up. These +:::note +SSL connection certificates aren't included in this process and are also not backed up. These certificates can be recreated if necessary. +::: #### Settings @@ -80,5 +84,4 @@ addition, the storage location is defined in the settings. #### Backing up certificates -If you want to automatically back up the certificates on a cyclical basis, this can be done via the -backup system. Further information can be found in the section Backup management. +To automatically back up certificates on a cyclical basis, use the backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/database_certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/database_certificates.md index 33458ce9ce..9df405024d 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/database_certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/database_certificates.md @@ -6,26 +6,30 @@ sidebar_position: 20 # Database certificates -## What is a database certificate? +## Database certificate overview A unique certificate is created for each database. This has the name **psrDatabaseKey**: ![installation_with_parameters_207](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_207.webp) -The database certificate **does not encrypt the database.** Rather, it is used for the encrypted +The database certificate **doesn't encrypt the database.** Rather, it is used for the encrypted transfer of passwords from the client to the server in the following cases: - Creation of a WebViewer via a task - Creation of an AD profile protected by a master key - Login of users imported from AD in Master Key mode -NOTE: The database certificate cannot be replaced by your own certificate. +:::note +The database certificate can't be replaced by your own certificate. +::: -NOTE: The expiry date for the database certificate is not checked. The certificate thus does not +:::note +The expiry date for the database certificate isn't checked. The certificate thus doesn't need to be renewed. +::: **CAUTION:** If the database is being moved to another server, it is essential that the certificate -is also transferred! +is also transferred. #### Exporting and importing the certificate diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/discovery_service_certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/discovery_service_certificates.md index 3f42df36d8..4b0309b674 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/discovery_service_certificates.md @@ -6,16 +6,20 @@ sidebar_position: 40 # Discovery service certificates -## What is a discovery service certificate? +## Discovery service certificate overview If a discovery service is created, a corresponding certificate is also created: ![installation_with_parameters_202](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_202.webp) -NOTE: The discovery service certificate cannot be replaced by your own certificate. +:::note +The discovery service certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the discovery service have an expiry date. However, this is not checked. -The certificate thus does not need to be renewed. +:::note +The certificates for the discovery service have an expiry date. However, this isn't checked. +The certificate thus doesn't need to be renewed. +::: **CAUTION:** If the database is being moved to another server, it is **essential that the discovery service certificate is also transferred!** diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/master_key_certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/master_key_certificates.md index 0cd0f8533e..ff9691582c 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/master_key_certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/master_key_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Master Key certificates -#### What is a Master Key certificate? +#### Master Key certificate overview If Active Directory is accessed via [Masterkey mode](/docs/passwordsecure/current/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), @@ -16,13 +16,17 @@ Active Directory: Domain: ![installation_with_parameters_208](/images/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_208.webp) -NOTE: The Master Key certificate cannot be replaced by your own certificate. +:::note +The Master Key certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for Master Key mode have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for Master Key mode have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: **CAUTION:** If the database is being moved to another server, it is essential that the Master Key -certificate is also transferred! +certificate is also transferred. #### Exporting and importing the certificate diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/current/configuration/servermanager/certificates/nps_server_encryption_certificate.md index 60020ef87a..a904200108 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/nps_server_encryption_certificate.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/nps_server_encryption_certificate.md @@ -6,12 +6,11 @@ sidebar_position: 60 # Netwrix Password Secure Server Encryption Certificate -With the update to the version 8.16.0 the Netwrix Password Secure Server Encryption Certificate will -be added automatically. +With the update to version 8.16.0, the Netwrix Password Secure Server Encryption Certificate is +added automatically. ![NPS Server Encryption](/images/passwordsecure/9.2/configuration/server_manager/certificates/nps-server-encryption_1014x771.webp) -This certificate is important if you will activate an offline license. In future there will be more -features for which this certificate is relevant. +This certificate is required for activating an offline license. Additional features that depend on this certificate may be added in future releases. -RECOMMENDED: **Please export this certificate separately!!!** +RECOMMENDED: Export this certificate separately. diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/password_reset_certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/password_reset_certificates.md index 716c86bfbb..6975559193 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/password_reset_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Password Reset certificates -## What is a Netwrix Password Secure certificate? +## Netwrix Password Secure certificate overview If a [Password Reset](/docs/passwordsecure/current/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, a corresponding certificate is created. This ensures that the passwords are transferred in encrypted @@ -14,13 +14,17 @@ form. ![password-reset](/images/passwordsecure/9.2/configuration/server_manager/certificates/password-reset.webp) -NOTE: The Password Reset certificate cannot be replaced by your own certificate. +:::note +The Password Reset certificate can't be replaced by your own certificate. +::: -NOTE: The certificates for the Password Reset have an expiry date. However, this is not checked. The -certificate thus does not need to be renewed. +:::note +The certificates for the Password Reset have an expiry date. However, this isn't checked. The +certificate thus doesn't need to be renewed. +::: **CAUTION:** If the database is being moved to another server, it is essential that all Password -Reset certificate is also transferred! +Reset certificate is also transferred. #### Exporting and importing the certificate diff --git a/docs/passwordsecure/current/configuration/servermanager/certificates/ssl_connection_certificates.md b/docs/passwordsecure/current/configuration/servermanager/certificates/ssl_connection_certificates.md index 89359912d4..e14524ddfd 100644 --- a/docs/passwordsecure/current/configuration/servermanager/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/current/configuration/servermanager/certificates/ssl_connection_certificates.md @@ -6,7 +6,7 @@ sidebar_position: 10 # SSL connection certificates -## What is an SSL connection certificate? +## SSL connection certificate overview The connection between clients and the server is secured via an SSL certificate. The **latest encryption standard TLS 1.2** is used here. It is also possible to create a certificate via the @@ -15,14 +15,16 @@ installed must trust the certificate. Otherwise, the following message will appear when the client is started: -**This connection is not trusted!** +**This connection isn't trusted!** -The connection to the server is not considered secure. +The connection to the server isn't considered secure. ![not_trusted_certificates](/images/passwordsecure/9.2/configuration/server_manager/certificates/not_trusted_certificates.webp) -NOTE: Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, +:::note +Windows Server 2012 R2 requires the latest patch level, since it has been delivered with SSL3, and has been extended to include TLS 1.2 +::: **CAUTION:** The service user creates the databases. A separate certificate is also generated for each database. Therefore, the service user must be a local administrator or a domain administrator, @@ -40,7 +42,9 @@ certificate with the alternative applicant. Therefore, the Netwrix Password Secu stores all IP addresses for the server, as well as the hostname. When creating your own certificate, this information should also be saved under the alternative applicant. -NOTE: All information (including the IP address) are stored as DNS name. +:::note +All information (including the IP address) are stored as DNS name. +::: #### Using the Netwrix Password Secure certificate @@ -50,8 +54,10 @@ certificate is saved locally under: Local computer -> own certificates -> certificates -NOTE: The certificate is valid from its creation up to the year 9999 – and is thus valid almost -indefinitely. For this reason, it is not necessary to note any expiry date. +:::note +The certificate is valid from its creation up to the year 9999 – and is thus valid almost +indefinitely. For this reason, it isn't necessary to note any expiry date. +::: Distributing the Netwrix Password Secure certificate @@ -64,7 +70,7 @@ The certificate can be both rolled out and distributed using group guidelines. Manually importing the Netwrix Password Secure certificate -If the Netwrix Password Secure certificate is not rolled out, it is also possible to manually import +If the Netwrix Password Secure certificate isn't rolled out, it is also possible to manually import the certificate. To do this, firstly open the certificate information. In the warning notification, the Show server certificate button is available for this purpose. In the following dialogue, select the option Install certificate… @@ -82,18 +88,20 @@ selected. Finally, the installation needs to be confirmed once again. -NOTE: The user logged in to the operating system requires rights to create certificates +:::note +The user logged in to the operating system requires rights to create certificates +::: #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the -[Basic configuration](/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md). Please note that a server +[Basic configuration](/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md). A server certificate for SSL encryption is used here. The CA must be configured so that all clients trust the -certificate. It is necessary to adhere to the certification path. +certificate. You must adhere to the certification path. **CAUTION:** When configuring, you must ensure that the clients can access the CA lock lists Wildcard certificates -Wildcard certificates are not supported. In theory, it should be possible to use them but we cannot +Wildcard certificates aren't supported. In theory, it should be possible to use them but Password Secure can't help with the configuration. You can use wildcard certificates at your own responsibility. diff --git a/docs/passwordsecure/current/configuration/servermanager/creating_databases.md b/docs/passwordsecure/current/configuration/servermanager/creating_databases.md index 6ba623e945..c6d35d7294 100644 --- a/docs/passwordsecure/current/configuration/servermanager/creating_databases.md +++ b/docs/passwordsecure/current/configuration/servermanager/creating_databases.md @@ -10,23 +10,23 @@ sidebar_position: 40 [https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0)[https://www.youtube.com/embed/md7_VEdVuWM?rel=0](https://www.youtube.com/embed/md7_VEdVuWM?rel=0) -## What are databases? +## Databases overview Databases contain all information on users, records, documents, etc. The changes to objects in -Netwrix Password Secure will also become part of the MSSQL database. Naturally, the regular creation +Netwrix Password Secure will also become part of the MSSQL database. The regular creation of backups to secure this data should always have the highest priority. The **MSSQL** relational database management system is used in Netwrix Password Secure version 9. ## Creating databases The creation of databases is supported by the database wizard, which is started directly from the -ribbon. The individual tabs of the wizard are explained below: +ribbon. The individual tabs of the wizard are explained in the following sections: ![database wizard](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_217-en.webp) Database server -The first tab can be used to manually select the database server. By default, the value defined in +Use the first tab to manually select the database server. By default, the value defined in the Advanced settings is preset. A user can also be entered or the service user can be selected instead. @@ -38,7 +38,7 @@ databases. Data -This setting can be used to define whether a template should be used. The template will provide the +Use this setting to define whether a template should be used. The template will provide the database with ready-made forms and dashboard settings that make it easier to get started. The user can select from English and German templates. However, it is also possible to proceed without a template – you will then start with a completely empty database. If you have a backup from Password @@ -52,7 +52,7 @@ a migration is active, the user can be deleted after migration. #### Finishing the database wizard Once a database has been created successfully, , provided it has been selected. If no data migration -has been selected, the new database is created directly, and will be displayed in the database +has been selected, the new database is created directly and appears in the database overview. ![created new database](/images/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_218-en.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_firewall.md b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_firewall.md index 8aaed30693..71ac4d4736 100644 --- a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_firewall.md +++ b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_firewall.md @@ -6,9 +6,9 @@ sidebar_position: 30 # Database firewall -## What is the database firewall? +## Database firewall overview -The database firewall enables you to regulate access to the database. A whitelist policy is used for +The database firewall lets you regulate access to the database. A whitelist policy is used for this process. Firewall rules are used to allow access to the database in individual cases. #### Activating the firewall @@ -27,7 +27,7 @@ The rules already set are displayed in the section on the right. The icons ![+](/images/passwordsecure/9.2/configuration/server_manager/database_properties/+.webp) and ![-](/images/passwordsecure/9.2/configuration/server_manager/database_properties/-.webp) -can be used to add or also delete rules. Rules can be edited by double clicking on them. +lets you add or delete rules. Rules can be edited by double clicking on them. ![firewall rule](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_230-en.webp) @@ -41,10 +41,12 @@ The following possibilities exist: - The setting Grant access defines whether access is allowed or blocked. This is symbolised by a corresponding icon. -Naturally, the rules can also be combined. It is thus possible e.g that only one defined user can +the rules can also be combined. It is thus possible e.g that only one defined user can access one database from a certain IP address. -NOTE: The conditions are always combined using AND operators +:::note +The conditions are always combined using AND operators +::: If two or more rules overlap, the rule with the least rights will always be applied. For example, if a rule allows access from a range of IP addresses but another rule blocks a specific computer within @@ -52,7 +54,7 @@ this range then the rule blocking the computer is applied. ## Examples -The functionality of the firewall will be explained in more detail using the following rules: +The following rules demonstrate how the firewall works: ![defined firewall rules](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_231-en.webp) @@ -68,8 +70,7 @@ is blocked using this rule. Blocking an individual user (Rule 3) -If you want to block a particular user (perhaps because they have left the company) then this is -also possible. +To block a particular user (for example, because they have left the company), create a rule that targets their account. Computer-independent access for a user (Rule 4) diff --git a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_properties.md b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_properties.md index 0f73f4b14e..a7558b0393 100644 --- a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_properties.md +++ b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_properties.md @@ -6,7 +6,7 @@ sidebar_position: 60 # Database properties -The properties of a database can be opened by double-clicking on the database. No login to the +The properties of a database can be opened by double-clicking on the database. No log in to the database is required. ![installation_with_parameters_225](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_225.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/general_settings_admin_client.md b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/general_settings_admin_client.md index cf18266eb4..4749d4aef1 100644 --- a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/general_settings_admin_client.md +++ b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/general_settings_admin_client.md @@ -6,7 +6,7 @@ sidebar_position: 10 # General settings -## What are general settings? +## General settings overview Within the general settings, surface settings regarding the colour scheme as well as the language used are configured. The password for logging in to the Server Manager can also be changed here. diff --git a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/syslog.md b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/syslog.md index 4e4c83e409..0e47f5a5f4 100644 --- a/docs/passwordsecure/current/configuration/servermanager/databaseproperties/syslog.md +++ b/docs/passwordsecure/current/configuration/servermanager/databaseproperties/syslog.md @@ -8,10 +8,10 @@ sidebar_position: 20 If desired, the server logs and also the **[Logbook](/docs/passwordsecure/current/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog -server. Double clicking on a database allows you to access its settings. The corresponding menu +server. Double clicking on a database lets you access its settings. The corresponding menu items can be found there. ![installation_with_parameters_232](/images/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) -After activating the Syslog interface via the corresponding option, it is possible to configure the +After activating the Syslog interface via the corresponding option, you can configure the Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/advanced_settings.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/advanced_settings.md index 418044d227..ddfb736cd9 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/advanced_settings.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/advanced_settings.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Advanced settings -## What are advanced settings? +## Advanced settings overview Global standard default values are specified in the advanced settings. diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md index 0defce7bf3..d80354c671 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Automatic backup cleanup -It is possible to delete backups automatically after a certain period of time. This can be useful if +You can delete backups automatically after a certain period of time. This can be useful if you append date and time to the backups and thus generate new files daily. ![automatic cleanup](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated-deletion-of-backups-en.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md index 62fa172a79..ad48ee35e0 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md @@ -8,20 +8,19 @@ sidebar_position: 10 #### Introduction -Regular backups of the data should always be part of every security concept. If you wish to create -backups directly on the SQL server, you should also include the Netwrix Password Secure databases. -If no central backups are carried out at the SQL level, you can create backup profiles using the +Regular backups of the data should always be part of every security concept. To create +backups directly on the SQL server, also include the Netwrix Password Secure databases. +If no central backups are performed at the SQL level, you can create backup profiles using the Server Manager. The backups themselves will then be generated on the SQL Server. #### Difference between an incremental and full backup A complete backup always saves all data in a database. An incremental backup also creates a complete -image of the database as the first step. In future, only the changes since the backup created at the -beginning will be saved. This saves both time and memory capacity. +image of the database as the first step. After that, only the changes since the initial backup are saved. This saves both time and memory capacity. #### Backup concept -It is recommended that an incremental backup is run every hour. In addition, a full backup should be +Netwrix recommends that an incremental backup is run every hour. In addition, a full backup should be created once a week. #### Managing the backup schedule @@ -36,17 +35,19 @@ the directory for the backups. ![new backup profile - base settings](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_257-en.webp) -NOTE: It must be a directory on the SQL server. +:::note +It must be a directory on the SQL server. +::: -Now set the time interval for creating the backups. A preview on the right will show when the -backups will be created in future. An end date can be optionally entered. +Now set the time interval for creating the backups. A preview on the right shows when the +backups are scheduled to run. An end date can be optionally entered. ![new backup profile - interval](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_258-en.webp) In the advanced settings, you can configure whether the backup should be activated directly. It is also possible to specify whether to create incremental backups. If the date and time are added to -the file name, a new backup is created with each run. If this is not done, the last backup is always -overwritten. The service user can be used to create the backup or a service user can be specified +the file name, a new backup is created with each run. If this isn't done, the last backup is always +overwritten. Use the service user to create the backup, or specify a service user with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup @@ -59,13 +60,13 @@ Backup run The backups are executed by the SQL server in the background. If an error occurs, this is indicated in “orange” in the backup list. Information about any errors issued by the SQL server is displayed -under all backups. A backup will be automatically deactivated if it does not run 5x in a row. This -will be marked in the list in red. The schedule cannot be reactivated directly. You will need to +under all backups. A backup will be automatically deactivated if it doesn't run 5x in a row. This +will be marked in the list in red. The schedule can't be reactivated directly. You will need to open it and amend it. Other backup actions -A selected schedule can be deleted via the ribbon. The wizard for a schedule can be called up by +A selected schedule can be deleted via the ribbon. The wizard for a schedule can be opened by double-clicking on it to make any changes. In addition, a backup can be started directly via the ribbon at any time. The backup service must be running for this purpose. You can also display this in the history. @@ -79,7 +80,7 @@ existing databases. Firstly, select the required database. You can now select In If necessary, firstly enter login data for the user that logs in to the SQL server – although the service user is generally used here. Now select the backup file. All the backups contained in the -file will then be displayed. Now simply click on Restore to restore the backup to the existing +file will then be displayed. Now click Restore to restore the backup to the existing database. ![Database restore](/images/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_261-en.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_settings.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_settings.md index 6bc2bd279f..7a0ffc56ec 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_settings.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_settings.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Backup settings -## What are backup settings? +## Backup settings overview Within the backup settings the default values for the execution of backups can be defined. diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md index 9c00fab637..b9206221c2 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -6,33 +6,33 @@ sidebar_position: 30 # Disaster recovery scenarios -#### Finding a quick solution in the event of a disaster +#### Finding a quick solution if there is a disaster -In our experience, Netwrix Password Secure is usually installed in IT in a central location. If the +In the experience, Netwrix Password Secure is usually installed in IT in a central location. If the system fails, it must be possible to gain access to the passwords again as quickly as possible. This -section is designed to help you quickly find a solution in the event of a problem. +section is designed to help you quickly find a solution if there is a problem. #### Prevention It is extremely important to create a sensible recovery plan and to make corresponding preparations. -Unfortunately, it is not possible to supply a finished recovery plan because it always needs to be +Unfortunately, it isn't possible to supply a finished recovery plan because it always needs to be created individually. The following points should be taken into account in this process: Creating backups -It is of course essential in the event of a disaster that you can access a backup that is as -up-to-date as possible. Therefore, it is necessary to regularly create +It is of course essential if there is a disaster that you can access a backup that is as +up-to-date as possible. Therefore, you must regularly create [Backup management](/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md). -Who is responsible in the event of a disaster? +Who is responsible if there is a disaster? -The first thing to decide is who should take action in the event of a disaster. Corresponding +The first thing to decide is who should take action if there is a disaster. Corresponding deputies should also be defined. The responsible employee should have the corresponding rights within Netwrix Password Secure. Providing the required passwords -What passwords do those people responsible need in order to restore Netwrix Password Secure? +What passwords do those people responsible need to restore Netwrix Password Secure? - Domain password to log into the specific computer - Password for the Server Manager @@ -75,7 +75,7 @@ Solution: Install the database server on new hardware. If the server name changes as a result, the licence needs to be reactivated. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. If the SQL instance name changes, the connection to the -database server needs to be reconfigured on the application server. This is carried out via the +database server needs to be reconfigured on the application server. This is performed via the basic configuration. Any existing offline databases will continue to function properly. @@ -93,7 +93,7 @@ it may be that the licence can only be released again by Netwrix. The basic conf completed to restore the connection to the database server. If the server name changes, the database profile on the client needs to be amended. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 4 @@ -108,7 +108,7 @@ Restore the database from the backup. The basic configuration must be completed connection to the database server. If the licence has already been activated multiple times, it may be that it can only be released again by Netwrix. -Any existing offline databases need to be recreated! +Any existing offline databases need to be recreated. Scenario 5 @@ -119,5 +119,5 @@ As for Scenario 4 but the Active Directory is also not available. Solution: As described for scenario 4. If the user was imported in end-to-end mode, you can also log in -without an AD connection. Users imported in Masterkey mode cannot log in. Therefore, it is +without an AD connection. Users imported in Masterkey mode can't log in. Therefore, it is recommended that you create special, local emergency users for such cases. diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md index da50be8937..329dfb438d 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md @@ -6,7 +6,7 @@ sidebar_position: 30 # License settings -## What are license settings? +## License settings overview Licenses for the Netwrix Password Secure are managed within the license settings. In addition, all current license details are displayed in the window provided for this purpose. @@ -15,8 +15,8 @@ current license details are displayed in the window provided for this purpose. ## Licenses -**CAUTION:** Version 7 licenses cannot be used for Netwrix Password Secure version 9. “Please -contact us”: http: //www.passwordsafe.de to obtain a version 9 license. +**CAUTION:** Version 7 licenses can't be used for Netwrix Password Secure version 9. “ +contact Netwrix support”: http: //www.passwordsafe.de to obtain a version 9 license. Licenses are linked via the Netwrix license server. Here are the details: @@ -25,26 +25,28 @@ Licenses are linked via the Netwrix license server. Here are the details: - Port 443 TCP (standard HTTPS port) Ensure that this server is accessible. You may also use Proxy servers. The license is retrieved from -the server and stored in the server configuration. The license will be checked every hour, and +the server and stored in the server configuration. The license is checked every hour and updated as required. The retention time is 30 days. If there is no internet connection, you can -continue to work for 30 days. If this period should cause problems, please contact us. +continue to work for 30 days. If this period should cause problems, contact Netwrix support. #### Integrating and managing licenses -After purchase, you will receive the required license information in the form of “customer name” and +After purchase, you receive the required license information in the form of “customer name” and “password”. Enter this information directly into the License Server Access area. Use the Select and Activate button to establish a connection to the license server. You can select the acquired licenses from a list. The license can be now used. -NOTE: Optionally, you may specify a proxy. By default, the proxy stored in the operating system is +:::note +Optionally, you may specify a proxy. By default, the proxy stored in the operating system is used. +::: -**CAUTION:** The licence is called up in the context of the service user. If you experience +**CAUTION:** The licence is opened in the context of the service user. If you experience connection problems, the firewall and, if relevant, the proxy should be checked. #### How to activate the license via license file -1. Transition the file attached to this email to the Netwrix Password Secure Server(s). +1. Transition the file attached to this email to the Netwrix Password Secure Servers. 2. Open the Netwrix Password Secure Server Manager. 3. Open the main menu and select the License settings area. 4. Open the License file tab. diff --git a/docs/passwordsecure/current/configuration/servermanager/mainmenu/main_menu.md b/docs/passwordsecure/current/configuration/servermanager/mainmenu/main_menu.md index 02a6c6bfc5..91c5e44fa0 100644 --- a/docs/passwordsecure/current/configuration/servermanager/mainmenu/main_menu.md +++ b/docs/passwordsecure/current/configuration/servermanager/mainmenu/main_menu.md @@ -6,11 +6,11 @@ sidebar_position: 90 # Main menu -## What is the main menu? +## Main menu overview The operation and structure of the Main menu/Backstage menu is the same for the [Main menu](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used -independently of the currently selected module. +independently of the selected module. - [General settings](/docs/passwordsecure/current/configuration/servermanager/databaseproperties/general_settings_admin_client.md) - [Backup settings](/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_settings.md) diff --git a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/database_settings.md index f8cea1f28a..046880d9c7 100644 --- a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/database_settings.md +++ b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/database_settings.md @@ -6,8 +6,8 @@ sidebar_position: 10 # Database settings -To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively -you can open the context menu with the right mouse button and click on "Properties". In the next +To open the settings of a database, select it and click "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click "Properties". In the next step you will be asked to enter your admin password. After that a window with the settings will open. diff --git a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md index ffe601dbd5..a5b1dc7683 100644 --- a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md +++ b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/hsm_connection.md @@ -6,22 +6,22 @@ sidebar_position: 30 # HSM connection via PKCS # 11 -## What is the HSM connection? +## HSM connection overview The HSM connection ensures that the certificates can be outsourced to the HSM. This ultimately leads -to an increased protection because the certificates are not directly in the server’s access. The +to an increased protection because the certificates aren't directly in the server’s access. The connection is effected via PKCS # 11. #### Requirements -In order to be able to connect an HSM, the following conditions have to be met: +To be able to connect an HSM, the following conditions have to be met: - An executable HSM has to be available. - The PKCS # 11 drivers have to be installed on the application server. - The device is set up via the Administrator database on the Server Manager. -**CAUTION:** Please note, if an HSM is to be used, the database also has to be set up thoroughly. It -is currently not possible to transfer an existing database to an HSM. +**CAUTION:** If an HSM is to be used, the database also has to be set up thoroughly. It +isn't possible to transfer an existing database to an HSM. #### Hardware compatibility @@ -44,6 +44,6 @@ The installation is set up on the Server Manager via the database settings. As soon as the HSM is connected, all server keys are transferred to the HSM. This is the database certificate. If the AD has been connected in Masterkey mode, the masterkey will also be transferred to the HSM. Then the certificates are no longer stored in the certificate store of the application -server, but centrally managed by the HSM. All other keys are not stored on the HSM, but derived from +server, but centrally managed by the HSM. All other keys aren't stored on the HSM, but derived from the masterkeys. Therefore, Netwrix Password Secure rarely accesses the HSM, for example, at server startup or at the AD Sync. As a result, the load on the HSM can be kept low. diff --git a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md index 311f022a43..0a0c6f962e 100644 --- a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md +++ b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Multifactor Authentication -## What is multifactor authentication? +## Multifactor authentication overview Multifactor authentication is used to secure the logon to the by an additional factor. The actual setup takes place in the client. The configured en can then be used by any user @@ -19,5 +19,7 @@ In the Databases module, select a database and open its settings via the ribbon. In the settings you define which second factors can be used. -NOTE: If you want to use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the +:::note +To use "Encipherment" for PKI certificates without KeyUsageFlag, uncheck the corresponding checkbox. +::: diff --git a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md index 8d92779b48..fa2fb8bcf3 100644 --- a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md +++ b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/databasesettings/session_timeout.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Session timeout Here you can set individually for each client when an inactive connection to the application server -is automatically terminated. Select the desired time period in the drop-down menu and save the +is automatically terminated. Select the desired time period in the dropdown menu and save the setting by clicking on **"Save"**. ![session timeout](/images/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session-timeout-en.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/managing_databases.md b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/managing_databases.md index 9b2c3c7b2c..2eb860bf79 100644 --- a/docs/passwordsecure/current/configuration/servermanager/managingdatabases/managing_databases.md +++ b/docs/passwordsecure/current/configuration/servermanager/managingdatabases/managing_databases.md @@ -15,13 +15,13 @@ button or also via the ribbon. ## Database settings -All database settings are saved in the database. It is necessary to log in to the database before -editing the settings. Any user that exists in the database can be used for this purpose. You can +All database settings are saved in the database. You must log in to the database before +editing the settings. Any user that exists in the database works for this purpose. You can always restore Global settings via the ribbon. Multifactor authentication -This area can be used to configure which services will be used for multi-factor authentication. The +Use this area to configure which services will be used for multi-factor authentication. The available services are: RSA Secure ID, SafeNet, YubiKey NEO, and YubiKey Nano. After selecting the required service, specify the respective access data. You must also configure various services. In this case, you can specify on the client which methods will be used by the individual users. @@ -40,7 +40,7 @@ If desired, the logbook, **notifications, session recordings** and also the **hi can be automatically cleaned up here. You merely have to enter how old the data needs to be before it is deleted. Logbook entries can be exported before the deletion process. -**CAUTION:** It is important to note that the logbook is also used for the filter functions. If the +**CAUTION:** Ok is also used for the filter functions. If the logbook is regularly cleaned up, it is possible that the full functions of the filter will no longer be available. @@ -49,19 +49,19 @@ be available. Show connection locks In the ribbon, all connection locks can be displayed. To do this, you must first log in to the -database. All locked users will be displayed in a list. The following is displayed: +database. All locked users are displayed in a list. The following is displayed: - User name (if known) - Reason for lock - Number of login attempts - Expiry of the lock. The user can be unlocked by right-clicking on an entry. -A user can be locked manually using the corresponding button. It is necessary to select the user, +A user can be locked manually using the corresponding button. You must select the user, configure the expiration of the lock and specify a reason. Show / disconnect sessions -You can use the corresponding button to display all currently connected clients. After selecting a +You can use the corresponding button to display all connected clients. After selecting a session, the connection can be disconnected. Migration @@ -70,7 +70,7 @@ Once a database has been selected, the can be started via the ribbon. This also version 7 databases to be merged into one. **CAUTION:** When the migration is started, the database is set to migration mode. For the duration -of the migration, it is not possible to log in to the database – users who are already logged in +of the migration, it isn't possible to log in to the database – users who are already logged in will be sent a corresponding message. The sessions will, however, remain open so that users can continue working as soon as the migration is complete. @@ -80,8 +80,8 @@ Management of the certificates is very important. This is described in the secti Display database users -This button can be used to call up statistics about the users in the respective databases. It shows -you which users are active in which database. Naturally, this list can also be exported. +Use this button to view statistics about the users in the respective databases. It shows +you which users are active in which database. This list can also be exported. #### Data backup diff --git a/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md b/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md index 50ab4adf26..71e7730692 100644 --- a/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md +++ b/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -18,8 +18,10 @@ In the new MSP version these have been replaced by the modules Customers (1) and In the MSP version, you will find the individual customer databases under the Customers module. -NOTE: The Backup module has been removed, because Netwrix Password Secure's own backup is not +:::note +The Backup module has been removed, because Netwrix Password Secure's own backup isn't suitable for environments with multiple customer databases. As a Managed Service Provider, you must back up your customer databases yourself using appropriate measures. +::: The Status and Web Application modules are identical in both versions. diff --git a/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/customers_module.md b/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/customers_module.md index 064b96752d..71b768e8e8 100644 --- a/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/customers_module.md +++ b/docs/passwordsecure/current/configuration/servermanager/msp/changesintheadminclient/customers_module.md @@ -8,7 +8,7 @@ sidebar_position: 10 #### Creating a new customer -Creating a new customer is done via the Customers module (1). Here, click on New (2) in the upper +Creating a new customer is done via the Customers module (1). Here, click New (2) in the upper left corner. This applies both to customers in a test phase and to customers who are to be billed immediately. @@ -16,8 +16,8 @@ immediately. When creating a new customer, the customer name is specified under **General** (1). -If (2) is not checked, a test customer is created without billing. This is then a customer in the -test phase. If (2) is checked, a customer will be created who will be charged by Netwrix from the +If (2) isn't checked, a test customer is created without billing. This is then a customer in the +test phase. If (2) is checked, a billed customer is created and Netwrix charges from the current month. At (3) a date is automatically entered that is four weeks in the future. This date can be changed by @@ -36,7 +36,7 @@ to the on-prem version. ![License settings new customer](/images/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/licence-new-customer-msp-en_1013x675.webp) After saving, the test customers are displayed under Test (1) and the customers to be billed under -Billed (2). When you click on a (test) customer, you will see the associated +Billed (2). When you click a (test) customer, you will see the associated information and activated options. By clicking the button Edit (3 + 4) you can make @@ -71,8 +71,8 @@ the statements of the last months (6) and a graphical representation of the cost #### Deactivating and reactivating a customer -Both test customers and customers to be billed can be deactivated, e.g. if a test customer cannot -continue testing until later or if a customer to be billed does not pay his invoice. When +Both test customers and customers to be billed can be deactivated, e.g. if a test customer can't +continue testing until later or if a customer to be billed doesn't pay his invoice. When deactivating, all data is retained and the customer can be completely restored. To deactivate a customer, select the database (1) and then Deactivate (2). diff --git a/docs/passwordsecure/current/configuration/servermanager/msp/msp.md b/docs/passwordsecure/current/configuration/servermanager/msp/msp.md index 62296b76f3..85a53383f4 100644 --- a/docs/passwordsecure/current/configuration/servermanager/msp/msp.md +++ b/docs/passwordsecure/current/configuration/servermanager/msp/msp.md @@ -10,6 +10,6 @@ Whether you are a partner or an end user of Netwrix Password Secure - this help getting started with MSP and guide you safely through the configuration and operation of the software. -We are pleased that you have chosen Netwrix Password Secure for your password protection needs. +Password Secure are pleased that you have chosen Netwrix Password Secure for your password protection needs. -We hope you enjoy discovering your new password manager! +Password Secure hope you enjoy discovering your new password manager. diff --git a/docs/passwordsecure/current/configuration/servermanager/operation_and_setup_admin_client.md b/docs/passwordsecure/current/configuration/servermanager/operation_and_setup_admin_client.md index 6aa2e4681b..58aba9f7f2 100644 --- a/docs/passwordsecure/current/configuration/servermanager/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/current/configuration/servermanager/operation_and_setup_admin_client.md @@ -13,8 +13,10 @@ The control elements such as the ribbon and the info and detail areas can be der section dealing with the client([Operation and Setup](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/operation_and_setup.md)). -NOTE: An initial password is required for the first login on Server Manager. The password is +:::note +An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. +::: #### Status module @@ -58,7 +60,7 @@ column headings. The period shown can be limited using . # Databases module Databases are managed in a dedicated module. All relevant information on the existing databases can -also be called up – completely without accessing the SQL server. +also be opened – completely without accessing the SQL server. ![Databases Admin Client](/images/passwordsecure/9.2/configuration/server_manager/operation_and_setup/installation_with_parameters_252-en.webp) @@ -67,12 +69,12 @@ also be called up – completely without accessing the SQL server. 2. Database overview In the database overview, all databases listed alphabetically. This section can be minimised using -the arrow symbol on the top, left edge. Right-click on one of the databases to display a context +the arrow symbol on the top, left edge. Right-click one of the databases to display a context menu with all available functions. 3. Notification area -The Info area displays all the information about the database currently selected in the database +The Info area displays all the information about the database selected in the database overview. This information is ivided into the three subsections “Database summary, Data sets and Database tables”. @@ -84,7 +86,7 @@ List of recent backups. Can be sorted by date The database log is used to monitor and control the specific databases. All relevant actions for the selected database are displayed in a comprehensible manner in one list. The categorisation is -carried out in the same way as the server log according to the colours applied. +performed in the same way as the server log according to the colours applied. #### Backups module diff --git a/docs/passwordsecure/current/configuration/servermanager/server_manager.md b/docs/passwordsecure/current/configuration/servermanager/server_manager.md index 52bd2bbc2d..2d56416fb9 100644 --- a/docs/passwordsecure/current/configuration/servermanager/server_manager.md +++ b/docs/passwordsecure/current/configuration/servermanager/server_manager.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Server Manager -## What is the Server Manager? +## Server Manager overview The Server Manager takes care of the central administration of the databases as well as the configuration of the backup profiles. In addition, it provides the very important interface to the diff --git a/docs/passwordsecure/current/configuration/servermanager/settlement_right_key.md b/docs/passwordsecure/current/configuration/servermanager/settlement_right_key.md index 3f7d391a2a..eb987c8a14 100644 --- a/docs/passwordsecure/current/configuration/servermanager/settlement_right_key.md +++ b/docs/passwordsecure/current/configuration/servermanager/settlement_right_key.md @@ -8,8 +8,8 @@ sidebar_position: 50 #### Problem Description -In the version 8.3.0.13378 passwords which cannot be decrypted for other users could be created. In -this case, individual users or even all users do not have the necessary legal key. If a user wants +In the version 8.3.0.13378 passwords which can't be decrypted for other users could be created. In +this case, individual users or even all users don't have the necessary legal key. If a user wants to reveal an affected password, the following message is displayed: ![installation_with_parameters_219_706x98](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_219_706x98.webp) @@ -63,7 +63,7 @@ should be adjusted. ###### Irreparable records (not repairable) -Irreparable passwords cannot be corrected automatically. Nevertheless, it may happen that passwords +Irreparable passwords can't be corrected automatically. Nevertheless, it may happen that passwords marked as irreparably can be corrected manually. First case @@ -80,7 +80,7 @@ current database again. Second case In the second case, there are users / roles who have the right key but not the right to claim. As -far as the number of irreparable passwords is limited, these can be used to check the form field +far as the number of irreparable passwords is limited, use them to check the form field permissions manually. ![installation_with_parameters_224_762x90](/images/passwordsecure/9.2/configuration/server_manager/settlement_right_key/installation_with_parameters_224_762x90.webp) diff --git a/docs/passwordsecure/current/configuration/servermanager/setup_wizard.md b/docs/passwordsecure/current/configuration/servermanager/setup_wizard.md index 78b4f3d76b..b210a49351 100644 --- a/docs/passwordsecure/current/configuration/servermanager/setup_wizard.md +++ b/docs/passwordsecure/current/configuration/servermanager/setup_wizard.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Setup wizard -## What is the setup wizard? +## Setup wizard overview The setup wizard contains all relevant settings for setting up Netwrix Password Secure. The individual points can also be changed later on. Separate sections are available for each. @@ -20,12 +20,14 @@ and properly documented. It can be subsequently changed in the ![setup-wizard-ac-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) -NOTE: The initial password is “admin”. +:::note +The initial password is “admin”. +::: #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the [License settings](/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md) +This step can also be performed later “in the [License settings](/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -48,7 +50,7 @@ can copy the server name from the login window of the SQL server. The user that will be used to create the database on the SQL Server is also specified. The user therefore needs **dbCreator** rights. Alternatively, you can use the service user for this purpose. -The “Advanced” button allows you to specify a **Connection String.** +The “Advanced” button lets you specify a **Connection String.** #### SMTP server @@ -58,17 +60,17 @@ later on. ![setup-wizard-ac-4-en](/images/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) -Once the data has been entered and successfully tested, the wizard can be completed by clicking on +After the data has been entered and successfully tested, the wizard can be completed by clicking on “Finish”. Security notes -As soon as the setup wizard has been completed, two security notes will be displayed in the +As soon as the setup wizard has been completed, two security notes are displayed in the **Status** module that need to be confirmed. -**CAUTION:** It is recommended that you only confirm the security notes when the corresponding point -has actually been carried out. It is absolutely essential to ensure that regular +**CAUTION:** Netwrix recommends that you only confirm the security notes when the corresponding point +has actually been performed. It is absolutely essential to ensure that regular [Backup management](/docs/passwordsecure/current/configuration/servermanager/mainmenu/backupsettings/backup_management.md) are created and the [Certificates](/docs/passwordsecure/current/configuration/servermanager/certificates/certificates.md) are backed up. diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/application.md index a2f807a1b2..cc438e03a8 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/application.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/application.md @@ -6,7 +6,7 @@ sidebar_position: 80 # Application -The following functions are currently available in the **Application module**: +The following functions are available in the **Application module**: Web & SAML applications: @@ -14,8 +14,10 @@ Web & SAML applications: - Manage - Delete -NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of +:::note +A detailed explanation of how to configure SAML can be found in the chapter “Configuration of SAML” +::: General functions: @@ -26,5 +28,7 @@ General functions: - Quick view - Connect password -NOTE: The Web Application module Applications is based on the client module of the same name +:::note +The Web Application module Applications is based on the client module of the same name “Applications”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/documents_web_application.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/documents_web_application.md index 8a87958f40..8e74ce03b7 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/documents_web_application.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/documents_web_application.md @@ -6,7 +6,7 @@ sidebar_position: 90 # Documents -The following functions are currently available in the **Document module:** +The following functions are available in the **Document module:** - New New document can be added in the following ways: @@ -26,5 +26,7 @@ The following functions are currently available in the **Document module:** - Print - History -NOTE: The Web Application module **Documents** is based on the client module of the same name +:::note +The Web Application module **Documents** is based on the client module of the same name “Documents”. Both modules differ in scope and design, but the operation is almost identical. +::: diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/forms_module.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/forms_module.md index bbcc9fad6f..610483c1cf 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/forms_module.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/forms_module.md @@ -6,7 +6,7 @@ sidebar_position: 50 # Forms module -The following functions are currently available in the **forms module**: +The following functions are available in the **forms module**: - Add - Open @@ -19,5 +19,7 @@ The following functions are currently available in the **forms module**: - Print - Export -NOTE: The Web Application module **forms** is based on the client module of the same name. Both +:::note +The Web Application module **forms** is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/logbook_web_application.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/logbook_web_application.md index 3308e1b963..47e604f3f5 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/logbook_web_application.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/logbook_web_application.md @@ -11,12 +11,14 @@ The **logbook module** exists of the following features: - Filter function - Quick view -NOTE: The Web Application module logbook is based on the same called client module logbook. Both +:::note +The Web Application module logbook is based on the same called client module logbook. Both modules differ in range and design. However, the handling is almost the same. +::: Differences to the logbook on the Client: -The following options are not available yet in the **Web Application**. If needed, you can use them +The following options aren't available yet in the **Web Application**. If needed, you can use them on the Client. - Documents diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md index 32999d4897..04bfba398a 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Organisational structure module -The following functions are currently available in the **organisational structure module**: +The following functions are available in the **organisational structure module**: - Adding/editing/deleting/authorizing users / organisational structures - Notifications @@ -18,8 +18,10 @@ The following functions are currently available in the **organisational structur - Changing passwords - Print -NOTE: The Web Application module organisational structure is based on the client module of the same +:::note +The Web Application module organisational structure is based on the client module of the same name. Both modules have a different scope and design but are almost identical to use. +::: ## AD connection in the Web Application @@ -68,6 +70,6 @@ Now you can add the appropriate roles and users. You can add users and roles in different ways: - Add the appropriate roles and users at the toolbar under **Search and add**. -- Click on the loupe to see all the users and roles. +- Click the loupe to see all the users and roles. ![installation_with_parameters_165](/images/passwordsecure/9.2/configuration/web_application/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/user_management.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/user_management.md index 5fb3565408..c9572a6b3e 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/user_management.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -6,11 +6,11 @@ sidebar_position: 10 # User management -## How are the users managed in the Web Application? +## User management in the Web Application The user management strongly depends on whether the Active Directory has been connected or not. In Master Key mode, the Active Directory remains the leading system. In all other modes, the user -administration is carried out via the organisational structure module. +administration is performed via the organisational structure module. #### Creating local users diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/password_module.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/password_module.md index f2b835195d..fd2e7a73d5 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/password_module.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/password_module.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Password module -The **Password Module** currently provides the following functions: +The **Password Module** provides the following functions: - Create - Delete @@ -50,6 +50,8 @@ The **Password Module** currently provides the following functions: - Export - WebViewer Export -NOTE: The Web Application module Password module is based on the module of the same name that is +:::note +The Web Application module Password module is based on the module of the same name that is located in the client. Both modules differ in scope and design, but are nevertheless almost identical in terms of operation. +::: diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/roles_module.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/roles_module.md index 55a5e66583..e70420247a 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/roles_module.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/roles_module.md @@ -6,7 +6,7 @@ sidebar_position: 40 # Roles module -The following functions are currently available in the **roles module:** +The following functions are available in the **roles module:** - Add - Delete diff --git a/docs/passwordsecure/current/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/current/configuration/webapplication/functionalscope/tag_system.md index 8facda3781..43b1e69401 100644 --- a/docs/passwordsecure/current/configuration/webapplication/functionalscope/tag_system.md +++ b/docs/passwordsecure/current/configuration/webapplication/functionalscope/tag_system.md @@ -6,7 +6,7 @@ sidebar_position: 20 # Tag system -The tag system currently offers the following functions: +The tag system offers the following functions: - Add - Delete diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/filter_or_structure_area.md b/docs/passwordsecure/current/configuration/webapplication/operation/filter_or_structure_area.md index c58e38d331..a53f3e21e5 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/filter_or_structure_area.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/filter_or_structure_area.md @@ -6,7 +6,7 @@ sidebar_position: 30 # Filter or structure area -As is also the case on the client, it is possible to select between filter and structure. For this +As is also the case on the client, you can select between filter and structure. For this purpose, the following buttons are available on the navigation bar ![installation_with_parameters_169](/images/passwordsecure/9.2/configuration/web_application/operation/filter_or_structure/installation_with_parameters_169.webp) @@ -20,7 +20,7 @@ characteristics specific to the Web Application will be described here. Using the filter Operation of the “Web Application filter” barely differs from the operation of the client filter. It -is only necessary to note that the Clear filter and Apply filter buttons can be found above the +is only necessary to The Clear filter and Apply filter buttons can be found above the filter. The configuration settings can also be found directly above the Web Application filter. Configuring the filter diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/footer.md b/docs/passwordsecure/current/configuration/webapplication/operation/footer.md index 55ca383fb0..0da0536297 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/footer.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/footer.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Footer -The footer displays various different information about the currently selected record in multiple +The footer displays various different information about the selected record in multiple tabs. It can be activated or deactivated using the small arrow on the far right. The footer is hidden by default. @@ -27,7 +27,7 @@ The history can also be displayed via a corresponding tab. 4. Documents -The documents tab can be used to access all linked documents. +Use the documents tab to access all linked documents. 5. Notifications diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/header.md b/docs/passwordsecure/current/configuration/webapplication/operation/header.md index 4106d1d502..dc603492bc 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/header.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/header.md @@ -20,7 +20,7 @@ As is also the case on the client, the filter or structure area can be displayed 3. Modules -As is also the case on the client, modules like passwords, organisational structures, roles and +As is also the case on the client, modules like passwords, organisational structures, roles, and forms can be managed here. 4. Quick search @@ -30,15 +30,15 @@ fields of the complete database except the password field. The tags are still se 5. Quick search -Upcoming tasks like export, import, print and so on are displayed here. +Upcoming tasks like export, import, print, and so on are displayed here. 6. Notifications -here you will be informed about incoming notifications. The notification can also be called up by +here you will be informed about incoming notifications. The notification can also be opened by clicking on it. 7. Account -The user who is currently logged in can be seen under account. You can log out by clicking on the -account. It is also possible to call up the settings in +The user who is logged in can be seen under account. You can log out by clicking on the +account. It is also possible to open the settings in [Account](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/current/configuration/webapplication/operation/list_view.md index a7460e5986..08ed34cf8e 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/list_view.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/list_view.md @@ -6,11 +6,11 @@ sidebar_position: 50 # List view -## What is list view? +## List view overview The central element of the navigation in the Web Application is list view, which clearly presents the filtered elements. As list view in the Web Application provides the same functions as list view -in the client, we refer you at this point to the +in the client, Password Secure refer you at this point to the [List view](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/list_view.md) section. ![installation_with_parameters_176](/images/passwordsecure/9.2/configuration/web_application/operation/list_view/installation_with_parameters_176.webp) @@ -19,5 +19,5 @@ in the client, we refer you at this point to the The list view differs from that on the client in the following areas: -- List view cannot be individually configured +- List view can't be individually configured - There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/menu.md b/docs/passwordsecure/current/configuration/webapplication/operation/menu.md index cea26fbdc5..e6c339c949 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/menu.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/menu.md @@ -6,12 +6,12 @@ sidebar_position: 40 # Menu -## What is the menu? +## Menu overview The ribbon on the client has been replaced by a menu on the Web Application. The menu thus represents the central operating element on the Web Application. The functions available within the -menu are dynamic and are based on the currently available actions. Different actions are possible -depending on which view is currently being used. +menu are dynamic and are based on the available actions. Different actions are possible +depending on which view is being used. #### Menu bar @@ -26,7 +26,7 @@ The size of the menu can be maximised using this button. 2. New -This option can be selected to call up the wizard for adding a new record. +Select this option to open the wizard for adding a new record. 3. Open @@ -46,13 +46,13 @@ Copies the password to the clipboard. ###### Advanced menu -If the menu – as described above – is maximised, **all functions** are then available. The functions +If the menu – as described previously – is maximised, **all functions** are then available. The functions on the menu bar are repeated here. The menu is divided into a number of sections. These correspond 1 to 1 to the sections of the ribbon on the client. ![Menu](/images/passwordsecure/9.2/configuration/web_application/operation/menu_bar/installation_with_parameters_175-en.webp) -In our example, the menu looks like this: +In the example, the menu looks like this: 1. New Item @@ -65,19 +65,21 @@ The actions can be used, for example, to mark the password as a Favourite or als 3. Permissions -This section does not offer any additional functions than simply opening the permissions. +This section opens the permissions. 4. Clipboard -This section can be used to copy all available fields to the clipboard. +Use this section to copy all available fields to the clipboard. 5. Start -A website can be called up here. +A website can be opened here. -NOTE: As already described, the menu is dynamic and thus appears in a variety of different forms. +:::note +As already described, the menu is dynamic and thus appears in a variety of different forms. However, the basic function is always the same: The menu bar contains the basis functions, while the advanced menu contains all functions. +::: 6. Extras diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md index 441ad58af3..bcaab143ba 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -12,7 +12,7 @@ The navigation bar provides the following functions. 1. Filter -This function can be used to switch the view to the filter in the left section. You also have the +Use this function to switch the view to the filter in the left section. You also have the possibility to switch from filter to structure. 2. Tabs diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/settings_wc.md b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/settings_wc.md index 892b17702a..f5ba085ca1 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/settings_wc.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -6,13 +6,13 @@ sidebar_position: 20 # Settings -The settings are called up via the [Navigation bar](/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are +The settings are opened via the [Navigation bar](/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language -You can select German or English here by simply clicking on them. The change is made immediately and -does not require you to restart the browser. +You can select German or English here by clicking on them. The change is made immediately and +doesn't require you to restart the browser. #### Extras @@ -22,11 +22,11 @@ Here you have the possibility to manage templates for seals. Tag management -The tag management allows you to manage the tags. +The tag management lets you manage the tags. Image management -With the image management, you can manage your icons and logos easily and quickly. +With the image management, you can manage your icons and logos efficiently. ![image management](/images/passwordsecure/9.2/configuration/web_application/operation/navigation_bar/settings/installation_with_parameters_179-en.webp) @@ -58,7 +58,7 @@ The management of these settings is based on the client. Further information can global [User rights](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/userrights/user_rights.md) and [User settings](/docs/passwordsecure/current/configuration/advancedview/mainmenufc/usersettings/user_settings.md) -The following settings are not available on the Web Application: +The following settings aren't available on the Web Application: - Customizable window caption - Permitted document extensions @@ -67,4 +67,4 @@ The following settings are not available on the Web Application: Account -Here it is possible to change the password of the logged in user. +Here you can change the password of the logged in user. diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/user_menu_wc.md b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/user_menu_wc.md index ae78273a68..ac4ba8e58b 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/user_menu_wc.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -6,7 +6,7 @@ sidebar_position: 10 # User menu -The user menu can be found in the upper right corner of the Web Application. A right click on the +The user menu can be found in the upper right corner of the Web Application. A right click the logged in user opens it. #### Options in the user menu @@ -23,15 +23,15 @@ In the bin you can manage your deleted passwords. Help -A click on help takes you directly to the Netwrix Password Secure documentation page. +A click help takes you directly to the Netwrix Password Secure documentation page. Switch to Basic view -What the Basic view is able to do in the web view can be inspected here. +What the Basic view can do in the web view can be inspected here. Lock -This locks the user who is currently logged in and only needs to enter his password to use the web +This locks the user who is logged in and only needs to enter his password to use the web client again. Log out diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/operation.md b/docs/passwordsecure/current/configuration/webapplication/operation/operation.md index 68778ed9da..2501748a40 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/operation.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/operation.md @@ -10,8 +10,10 @@ Operation of the Web Application has been based as far as possible on the operat Password Secure client. Nevertheless, there are some differences that need to be noted and they are described here. -NOTE: There is also a Basic view in the Web Application. Everything worth knowing can be found at +:::note +There is also a Basic view in the Web Application. Everything worth knowing can be found at the following link: web view Basic view +::: #### Login @@ -37,21 +39,23 @@ parameters are used here: - **database** for transferring the database nam - **username** for transferring the user name -The parameters are simply attached to the URL for the Web Application and separated from one another +Attach the parameters to the URL for the Web Application and separated from one another with a **&**. Example -You want to call up the Web Application under **https://psr_Web Application.firma.com.** In the +You want to open the Web Application under **https://psr_Web Application.firma.com.** In the process, you want the login mask to be directly filled with the database **Passwords** and the user name **Anderson**. The following URL is then used: **https://psr_Web Application.firma.com/authentication/ login?database=Passwords&username=Anderson** -NOTE: It is possible to only transfer the database. The user name is not absolutely necessary. +:::note +You can only transfer the database. The user name isn't absolutely necessary. +::: #### Structure -The Web Application is split into a number of sections that are described below. +The Web Application is split into a number of sections that are described in the following sections. ![Operation](/images/passwordsecure/9.2/configuration/web_application/operation/installation_with_parameters_168-en.webp) @@ -61,11 +65,11 @@ The header provides access to some essential functions. 2. [Navigation bar](/docs/passwordsecure/current/configuration/webapplication/operation/navigationbar/navigation_bar.md) -It is possible to switch between module and filter view on the navigation bar. +You can switch between module and filter view on the navigation bar. 3. [Filter or structure area](/docs/passwordsecure/current/configuration/webapplication/operation/filter_or_structure_area.md) -As is also the case on the client, it is possible to select between filter and structure. +As is also the case on the client, you can select between filter and structure. 4. [Menu](/docs/passwordsecure/current/configuration/webapplication/operation/menu.md) @@ -73,7 +77,7 @@ The ribbon on the client has been replaced by a menu bar on the Web Application. 5. [List view](/docs/passwordsecure/current/configuration/webapplication/operation/list_view.md) -The records currently selected using the filter can be viewed in list view. +The records selected using the filter can be viewed in list view. 6. [Reading pane](/docs/passwordsecure/current/configuration/webapplication/operation/reading_pane_webclient.md) diff --git a/docs/passwordsecure/current/configuration/webapplication/operation/reading_pane_webclient.md b/docs/passwordsecure/current/configuration/webapplication/operation/reading_pane_webclient.md index 82f86651c8..d62fb2d7fb 100644 --- a/docs/passwordsecure/current/configuration/webapplication/operation/reading_pane_webclient.md +++ b/docs/passwordsecure/current/configuration/webapplication/operation/reading_pane_webclient.md @@ -6,10 +6,10 @@ sidebar_position: 60 # Reading pane -## What is the reading pane? +## Reading pane overview As with the list view, the reading pane on the Web Application is almost identical to that on the -client. Therefore, we also refer you here to the corresponding +client. Therefore, Password Secure also refer you here to the corresponding [Reading pane](/docs/passwordsecure/current/configuration/advancedview/operationandsetup/reading_pane.md) section. ![reading_pane](/images/passwordsecure/9.2/configuration/web_application/operation/reading_pane/reading_pane.webp) @@ -18,4 +18,6 @@ Various information is displayed on the header – as is the case with the clien tags for the records or information on whether the record is public or private. Password masking is also symbolised here. -NOTE: There are – as is usual in a browser – no context menus +:::note +There are – as is usual in a browser – no context menus +::: diff --git a/docs/passwordsecure/current/configuration/webapplication/problems_with_the_server_connection.md b/docs/passwordsecure/current/configuration/webapplication/problems_with_the_server_connection.md index 1e865a1aa2..b5f21c27e8 100644 --- a/docs/passwordsecure/current/configuration/webapplication/problems_with_the_server_connection.md +++ b/docs/passwordsecure/current/configuration/webapplication/problems_with_the_server_connection.md @@ -23,5 +23,5 @@ Port 11016 TCP must be released on the application server. CORS not configured -Make sure that the CORS configuration has been implemented. Further information can be found in +Ensure that the CORS configuration has been implemented. Further information can be found in chapter Installation Web Application diff --git a/docs/passwordsecure/current/configuration/webapplication/web_application.md b/docs/passwordsecure/current/configuration/webapplication/web_application.md index 2775bf6769..62947d8ba9 100644 --- a/docs/passwordsecure/current/configuration/webapplication/web_application.md +++ b/docs/passwordsecure/current/configuration/webapplication/web_application.md @@ -12,13 +12,13 @@ The previous WebAccess function has been replaced by the **Web Application” in Secure version** **8.3.0. The completely newly developed \*Web Application** will act as the basis for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be -constantly enhanced. All of the currently available functions can be viewed in the +constantly enhanced. All of the available functions can be viewed in the [Functional scope](/docs/passwordsecure/current/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/images/passwordsecure/9.2/configuration/web_application/installation_with_parameters_159.webp) **Netwrix Password Secure Web Application** enables platform-independent access to the database via -a browser. It is irrelevant whether you are using Microsoft Windows, macOS or Linux, it is only +a browser. It is irrelevant whether you are using Microsoft Windows, macOS, or Linux, it is only necessary for javascript to be supported. As the **Netwrix Password Secure Web Application** has a responsive design, it can also be used on all mobile devices such as tablets and smartphones. diff --git a/docs/passwordsecure/current/enduser/advancedview.md b/docs/passwordsecure/current/enduser/advancedview.md index 4a2f16458c..c5e56ab6a4 100644 --- a/docs/passwordsecure/current/enduser/advancedview.md +++ b/docs/passwordsecure/current/enduser/advancedview.md @@ -8,13 +8,13 @@ sidebar_position: 50 Curious about how you can manage your team in Netwrix Password Secure? -Learn more about how to … +With the Advanced View, you can … - Share passwords masked / only for a limited time (i.e. with working students or interns) - Separately authorize the disclosure of passwords - View the password quality and monitor all actions in your team - View the reasons given by your team members for revealing passwords in plain text -- And much more! +- And much more. -Simply contact your IT department for further information on the advanced view of Netwrix Password +contact your IT department for further information on the advanced view of Netwrix Password Secure. diff --git a/docs/passwordsecure/current/enduser/browserextension.md b/docs/passwordsecure/current/enduser/browserextension.md index 69c596e1b5..c1ca2239d3 100644 --- a/docs/passwordsecure/current/enduser/browserextension.md +++ b/docs/passwordsecure/current/enduser/browserextension.md @@ -9,24 +9,26 @@ sidebar_position: 10 First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this also means that managing - and logging in with them - is easier and saves time! That's why you need the browser extension to save yourself the hassle of typing in passwords in future and to be logged -in to all your website accesses with just one click! +in to all your website accesses with just one click. Step 1 – Is your browser extension already installed? You can find out by: - Looking for this icon next to the URL input field in your browser. See the icon in the top bar of - the screenshot below. + the following screenshot. - Opening the Password Secure Web App, logging in and scrolling down: If not installed yet, you can find the download link in the footer. See the Download Edge Extension link in the bottom center of - the screenshot below. + the following screenshot. ![downloadextension](/images/passwordsecure/9.2/enduser/downloadextension.webp) -NOTE: If you need more information about installing the browser extension, please visit the -following topic in our documentation: +:::note +If you need more information about installing the browser extension, visit the +following topic in the documentation: [Installation Browser Extension](https://helpcenter.netwrix.com/bundle/PasswordSecure_9.0/page/Content/PasswordSecure/Installation/Browser/Installation_Browser_Add-on.htm) +::: -Step 2 – After downloading, the browser extension is simply dragged and dropped into the browser. -See the Get button in the upper-right section of the screenshot below. +Step 2 – After downloading, the browser extension is dragged and dropped into the browser. +See the Get button in the upper-right section of the following screenshot. ![getextension](/images/passwordsecure/9.2/enduser/getextension.webp) @@ -35,15 +37,15 @@ to "add the extension". ![addextension](/images/passwordsecure/9.2/enduser/addextension.webp) -Step 4 – Please open or reload the web application of Netwrix Password Secure (see link in email +Step 4 – open or reload the web application of Netwrix Password Secure (see link in email from your administrator) to connect your user profile with the extension. See the lock icon in the -screenshot below. +following screenshot. ![extensionadded](/images/passwordsecure/9.2/enduser/extensionadded.webp) -Step 5 – Now click on this icon in your browser to open the browser extension. See the Adopt Select -**Adopt Web Application profile**. Done! +Step 5 – Now click this icon in your browser to open the browser extension. See the Adopt Select +**Adopt Web Application profile**. Done. ![nodatabaseprofile](/images/passwordsecure/9.2/enduser/nodatabaseprofile.webp) -RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand! +RECOMMENDED: If not done yet, bookmark this page to have it quickly at hand. diff --git a/docs/passwordsecure/current/enduser/cleanuppasswords.md b/docs/passwordsecure/current/enduser/cleanuppasswords.md index f97813b05b..3e7e8a6aa7 100644 --- a/docs/passwordsecure/current/enduser/cleanuppasswords.md +++ b/docs/passwordsecure/current/enduser/cleanuppasswords.md @@ -6,21 +6,17 @@ sidebar_position: 20 # Clean up Your Passwords -For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This +For a clean relocation of passwords, you must clean up all your passwords beforehand. This means to check which secrets are still up-to-date or if there are any duplicates you can remove -first! +first. ## Transer Data from Your Browser -With Netwrix Password Secure, you now have the right tool to save and manage all your secrets handy -at one place and above all a safe alternative to browser-saved passwords! But how can you now -securely import them to your new solution? +Netwrix Password Secure saves and manages all your secrets in one place and provides a safe alternative to browser-saved passwords. To securely import them to your new solution, follow these steps: -Simply do this: - -Step 1 – Every time you login to a website now and your browser wants to autofill, this Password +Step 1 – Every time you log in to a website now and your browser wants to autofill, this Password Secure Pop-up will appear, asking you if you would like to save your secret in Netwrix Password -Secure. Just click **Create new**. See the screenshot below. +Secure. Just click **Create new**. See the following screenshot. ![createnew](/images/passwordsecure/9.2/enduser/createnew.webp) @@ -31,27 +27,26 @@ including URL to a new data set. Step 3 – Choose an organizational unit in which you want to save it and give your new data set a meaningful name to find it again quickly. (You now also have the option to add further information -and tags.) Now click **Save**. See the box to the right of Organizational unit in the screenshot -above. +and tags.) Now click **Save**. See the box to the right of Organizational unit in the previous screenshot. ## Check for Weak Passwords -Your passwords do not automatically become secure after they have been transferred to Netwrix +Your passwords don't automatically become secure after they have been transferred to Netwrix Password Secure. No matter how well protected a password is - if it is easy for a hacker to guess, -they don't need access to the password manager to use it. This is why our solution automatically +they don't need access to the password manager to use it. This is why the solution automatically checks the strength of your password and much more. Step 1 – Paste your password in the password field. See the box to the right of the Password field -in the screenshot below. +in the following screenshot. ![passwordfield](/images/passwordsecure/9.2/enduser/passwordfield.webp) -Step 2 – If it is not classified as "strong" (green), we strongly recommend using the integrated -password generator to assign a new, secure password: Therefore, just click on the white password -generator icon to the right of the password field. See the Strong button in the screenshot above. +Step 2 – If it isn't classified as "strong" (green), Password Secure strongly recommend using the integrated +password generator to assign a new, secure password: Therefore, just click the white password +generator icon to the right of the password field. See the Strong button in the previous screenshot. Step 3 – The password generator will open. A secure password is created automatically just click -“Apply”. (Learn more about the possibilities of our password manager in the next chapter.) +“Apply”. (See the next chapter for additional password manager features.) ![passwordgenerator](/images/passwordsecure/9.2/enduser/passwordgenerator.webp) @@ -63,7 +58,7 @@ permanently. ## Create Strong Passwords -The password generator offers three possibilities to create a secure password. To open it, click on +The password generator offers three possibilities to create a secure password. To open it, click “Create password” and then on the password generator icon right to the password field. Step 1 – Create a user defined password which gives you the most options such as including and @@ -75,10 +70,12 @@ Step 2 – Create a phonetic password that is easier to pronounce, but still com ![phonetic](/images/passwordsecure/9.2/enduser/phonetic.webp) -NOTE: This option is best suited for passwords that must be read and typed in, such as operating +:::note +This option is best suited for passwords that must be read and typed in, such as operating machines without an internet connection. +::: Step 3 – Create a password according to a set password rule in your company: If your IT has already -stored password guidelines for you, you can select them here and simply click on apply. +stored password guidelines for you, you can select them here and click apply. ![rule](/images/passwordsecure/9.2/enduser/rule.webp) diff --git a/docs/passwordsecure/current/enduser/createnewentry.md b/docs/passwordsecure/current/enduser/createnewentry.md index 9c43ada8c7..d79068f0d1 100644 --- a/docs/passwordsecure/current/enduser/createnewentry.md +++ b/docs/passwordsecure/current/enduser/createnewentry.md @@ -4,16 +4,16 @@ description: "Create a New Entry from Scratch" sidebar_position: 30 --- -# Create a New Entry from Scratch +# Create a New Entry -Follow the steps to create a new entry from scratch. +Create a new entry. Step 1 – First, click _Create new password_ on the upper left in Netwrix Password Secure. ![createnewpassword](/images/passwordsecure/9.2/enduser/createnewpassword.webp) -Step 2 – A form will open. Now choose the form you need, such as "Website," on the upper right. See -the form drop-down list in the screenshot below. +Step 2 – A form opens. Now choose the form you need, such as "Website," on the upper right. See +the form dropdown list in the following screenshot. ![selectform](/images/passwordsecure/9.2/enduser/selectform.webp) @@ -36,15 +36,19 @@ Step 3 – Let`s fill out the website form in this example. ![username](/images/passwordsecure/9.2/enduser/username.webp) - Enter the password manually or use the password generator by clicking on the button in the middle - (high number). The password generator will open. + (high number). The password generator opens. -NOTE: To learn more about the generating of passwords, see the -[Clean up Your Passwords](/docs/passwordsecure/current/enduser/cleanuppasswords.md) topic for additional information. +:::note +For details about generating passwords, see +[Clean up Your Passwords](/docs/passwordsecure/current/enduser/cleanuppasswords.md). +::: ![password](/images/passwordsecure/9.2/enduser/password.webp) -NOTE: By clicking on the **lock icon** right to the password generator, you can mask and unmask your +:::note +By clicking on the **lock icon** right to the password generator, you can mask and unmask your password. +::: - Enter the website URL that leads to the login. @@ -54,4 +58,4 @@ password. ![tags](/images/passwordsecure/9.2/enduser/tags.webp) -Step 4 – Click **Save**, and you are done! +Step 4 – Click **Save**, and you are done. diff --git a/docs/passwordsecure/current/enduser/organizepasswords.md b/docs/passwordsecure/current/enduser/organizepasswords.md index e8efc70ae4..8e3ee93fc3 100644 --- a/docs/passwordsecure/current/enduser/organizepasswords.md +++ b/docs/passwordsecure/current/enduser/organizepasswords.md @@ -11,9 +11,9 @@ sidebar_position: 40 The tab system is used to structure all your passwords: Tabs help you to make them easier to manage and find. You can create several tabs and switch between them within one click. -Follow the steps to add a team tab. +add a team tab. -Step 1 – Click on the **Plus** sign and a form will open. +Step 1 – Click the **Plus** sign. A form opens. ![newform](/images/passwordsecure/9.2/enduser/newform.webp) @@ -22,7 +22,7 @@ or use the search field to find the unit you need. ![search](/images/passwordsecure/9.2/enduser/search.webp) -Step 3 – Click **OK** to close the form and your new team tab will open automatically. +Step 3 – Click **OK** to close the form. Your new team tab opens automatically. ## Search with Tags @@ -33,39 +33,43 @@ assign any number of tags to your passwords to categorize and find them again qu ![assigntags](/images/passwordsecure/9.2/enduser/assigntags.webp) To find a password, just use the search field and enter a tag like the department or position you -are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for +are in (i.e., “Marketing”). Netwrix Password Secure searches not only for tags, but also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). ![searchresults](/images/passwordsecure/9.2/enduser/searchresults.webp) -NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in -which this word does not appear will be displayed (i.e., all social media accounts that are used +:::note +Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in +which this word doesn't appear will be displayed (i.e., all social media accounts that are used outside of marketing = "-social media marketing"). +::: ## Choose Your View Netwrix Password Secure offers two different views - the list and tile view. Just **switch the -button** on the upper right to change views! +button** on the upper right to change views. List View -The screenshot below shows the list view. +The following screenshot shows the list view. ![listview](/images/passwordsecure/9.2/enduser/listview.webp) Tile View -The screenshot below shows the title view. +The following screenshot shows the title view. ![switchbutton](/images/passwordsecure/9.2/enduser/switchbutton.webp) When in **tile view**, you can also drag and drop the buttons on another position. By hovering over -them with the mouse, you will see more information like the username, and you can login with one +them with the mouse, you see additional details like the username, and you can log in with one click. ![titleview](/images/passwordsecure/9.2/enduser/titleview.webp) -NOTE: The **list view** is suitable for many data sets while the tile view is particularly favorable +:::note +The **list view** is suitable for many data sets while the tile view is particularly favorable for the most frequently used secrets. +::: RECOMMENDED: Use the list view for all shared secrets and the tile view for personal accounts. diff --git a/docs/passwordsecure/current/enduser/overview.md b/docs/passwordsecure/current/enduser/overview.md index 0c153f6537..d31c43a03e 100644 --- a/docs/passwordsecure/current/enduser/overview.md +++ b/docs/passwordsecure/current/enduser/overview.md @@ -8,12 +8,12 @@ sidebar_position: 70 It is time to set up your new password management solution Netwrix Password Secure! The process won't take too long, but you should allow yourself a little time to get to know the product. As when -it comes to your IT security, it's important to make sure you get it right. Below is a step-by-step +it comes to your IT security, it's important to ensure you get it right. Below is a step-by-step guide to setting up a password manager and leading you through the first few steps. ## How to Log In -Where can I find my username and password? +Where can you find your username and password? You can find your login data in the email provided by your administrator. This email also contains the following information: diff --git a/docs/passwordsecure/current/faq/security/encryption.md b/docs/passwordsecure/current/faq/security/encryption.md index 06ec693fb1..60ff25eefb 100644 --- a/docs/passwordsecure/current/faq/security/encryption.md +++ b/docs/passwordsecure/current/faq/security/encryption.md @@ -13,19 +13,21 @@ requirements were assessed according to how safe they were. Parallel to the deve theoretical concepts of external security companies were examined in terms of feasibility, as well as compliance with IT security standards. Prototypes have been ultimately developed on the basis of these findings, which form the blueprint for the current Netwrix Password Secure version 9. The -following encryption techniques and algorithms are currently in use: +following encryption techniques and algorithms are in use: - AES-GCM 256 - PBKDF2 with 623,420 SHA256 iterations (client- and server-side) for the creation of user hashes - PBKDF2 with 610,005 SHA256 iterations for the encryption of the user keys - ECC (with the "NIST P-521" curve) for the private-public key procedure -NOTE: All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +:::note +All encryption algorithms used by Netwrix Password Secure are FIPS compliant. +::: ## Applied cryptographic procedures Applied cryptographic procedures The container encryption of the passwords is based on the -aforementioned algorithms. Each container has its own randomly generated salt. Each password, user, +previous algorithms. Each container has its own randomly generated salt. Each password, user, and role has its own key pair. When releases are granted for users and roles, the passwords within the database are hierarchically encrypted. Netwrix Password Secure also uses the following cryptographic methods to achieve maximum security: @@ -38,6 +40,6 @@ own certificate authority (CA) as an option. Latest version of the Secure Socket Passwords are only encrypted and transported to the client when they have been explicitly requested in advance. More… -**CAUTION:** Only secrets are encrypted. Metadata is not encrypted to ensure search speed. Secrets -are usually passwords. However, the customer can decide what kind of data they are. Note that -Secrets cannot be searched for. +**CAUTION:** Only secrets are encrypted. Metadata isn't encrypted to ensure search speed. Secrets +are usually passwords. However, the customer can decide what kind of data they are. +Secrets can't be searched for. diff --git a/docs/passwordsecure/current/faq/security/high_availability.md b/docs/passwordsecure/current/faq/security/high_availability.md index 1b3ad7ffad..809324251a 100644 --- a/docs/passwordsecure/current/faq/security/high_availability.md +++ b/docs/passwordsecure/current/faq/security/high_availability.md @@ -6,13 +6,13 @@ sidebar_position: 30 # High availability -## What is high availability? +## High availability overview High availability is designed to guarantee the further operation of Netwrix Password Secure in the -event of damage. A series of requirements need to be met in advance in order to use this feature +event of damage. A series of requirements need to be met in advance to use this feature **CAUTION:** As the configuration of high availability is complex, it is (generally) implemented -during a consultation. If you are interested in this feature, please contact us directly or contact +during a consultation. If you are interested in this feature, contact Netwrix support directly or contact your responsible partner. #### Requirements @@ -21,7 +21,7 @@ The following points should be observed during the configuration. - It is essential that MSSQL Enterprise Version is used for replicating the database (even in the case of a replication across multiple locations) -- To achieve a better level of protection, we recommend operating the Netwrix Password Secure +- To achieve a better level of protection, Netwrix recommends operating the Netwrix Password Secure database on its own cluster - A Netwrix Password Secure application server needs to be licensed for each location. Every application server has its own configuration database. @@ -31,7 +31,7 @@ Load balancer - To reduce the load on the server, a load balancer can be installed upstream of the application server - If no load balancer is used, the distribution of the database profiles for the users is generally - carried out via the registry + performed via the registry If a database is set up at ”location A” including an AD profile, the certificate needs to exported there and then imported onto the server at “location B”. The database is replicated using MSSQL @@ -39,5 +39,7 @@ technology and can be integrated as an existing database into Netwrix Password S B”. If the application server at “location A” fails, the server in the registry needs to be replaced (location B) and rolled out again to users using group rules (GPO). -NOTE: Only peer-to-peer transaction replication is tested. If a different type of replication is +:::note +Only peer-to-peer transaction replication is tested. If a different type of replication is used, it should be tested in advance. +::: diff --git a/docs/passwordsecure/current/faq/security/penetration_tests.md b/docs/passwordsecure/current/faq/security/penetration_tests.md index bc05ed4133..abaae6a7b7 100644 --- a/docs/passwordsecure/current/faq/security/penetration_tests.md +++ b/docs/passwordsecure/current/faq/security/penetration_tests.md @@ -10,14 +10,14 @@ sidebar_position: 20 The high security standards of Netwrix Password Secure are regularly attested by external pentests of different providers. New functions in particular are always subjected to penetration tests in -order to have them thoroughly checked before release. The resulting findings enable us to detect and +order to have them thoroughly checked before release. The resulting findings enable the team to detect and eliminate potential vulnerabilities in advance. -## Why we test regularly? +## Regular penetration testing -In pentesting, external and certified security auditors look specifically for security gaps and +In pentesting, external, and certified security auditors look specifically for security gaps and weaknesses in the software that an attacker could exploit. Attack scenarios are simulated on the client side, the source code is checked and the quality of the cryptographic process is assessed. In this way, the security of Netwrix Password Secure and the data stored in it is tested in advance in -order to be able to offer our customers effective protection and minimize the risk of success of an +order to be able to offer the customers effective protection and minimize the risk of success of an attack. diff --git a/docs/passwordsecure/current/index.md b/docs/passwordsecure/current/index.md index 090430e8b6..3b14ead3ee 100644 --- a/docs/passwordsecure/current/index.md +++ b/docs/passwordsecure/current/index.md @@ -4,7 +4,7 @@ description: "Why Netwrix Password Secure?" sidebar_position: 1 --- -# Why Netwrix Password Secure? +# Netwrix Password Secure overview ## Users depend on passwords diff --git a/docs/passwordsecure/current/installation/installation.md b/docs/passwordsecure/current/installation/installation.md index 133f1463c8..3b4dca6457 100644 --- a/docs/passwordsecure/current/installation/installation.md +++ b/docs/passwordsecure/current/installation/installation.md @@ -10,7 +10,7 @@ This section covers how to install each Netwrix Password Secure component. ## System landscape -A basic production Netwrix Password Secure system landscape consists of the three tiers described below. Version 9 supports multiple database servers across all sites, and Microsoft SQL Server tools synchronize them. You can deploy any number of application servers to handle client connections, which distributes load and reduces latency. This is especially valuable for installations spread across multiple geographic locations. +A basic production Netwrix Password Secure system landscape consists of the three tiers described in the following sections. Version 9 supports multiple database servers across all sites, and Microsoft SQL Server tools synchronize them. You can deploy any number of application servers to handle client connections, which distributes load and reduces latency. This is especially valuable for installations spread across multiple geographic locations. ## Client (presentation layer) diff --git a/docs/passwordsecure/current/installation/installation_server_manager.md b/docs/passwordsecure/current/installation/installation_server_manager.md index 838d6c1f7e..81b6f26c75 100644 --- a/docs/passwordsecure/current/installation/installation_server_manager.md +++ b/docs/passwordsecure/current/installation/installation_server_manager.md @@ -36,5 +36,7 @@ After the installation, you can login directly to the Server Manager. ![Server Authentication](/images/passwordsecure/9.2/installation/installation_server_manager/server-auth-en.webp) -NOTE: The initial password for the first login is “admin”. It should be changed directly after the +:::note +The initial password for the first login is “admin”. It should be changed directly after the logon. +::: diff --git a/docs/passwordsecure/current/installation/installationbrowseraddon/google_chrome.md b/docs/passwordsecure/current/installation/installationbrowseraddon/google_chrome.md index 277b83e401..630315edf2 100644 --- a/docs/passwordsecure/current/installation/installationbrowseraddon/google_chrome.md +++ b/docs/passwordsecure/current/installation/installationbrowseraddon/google_chrome.md @@ -13,12 +13,14 @@ it via the following link: [Add-on for Google Chrome](https://chrome.google.com/webstore/detail/netwrix-password-secure/bpjfchmapbmjeklgmlkabfepflgfckip). Alternatively, you can also access the Google Store via the Autofill Add-on. To do this, right-click -the icon to open the context menu. After a further click on Install Browser Extensions the Google +the icon to open the context menu. After a further click Install Browser Extensions the Google Chrome Add-on can be selected, whereupon you will be redirected directly to the Google Store. The installation is started via Add. The add-on is now installed and the icon is added to the browser. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet. +::: diff --git a/docs/passwordsecure/current/installation/installationbrowseraddon/microsoft_edge.md b/docs/passwordsecure/current/installation/installationbrowseraddon/microsoft_edge.md index 8b6534686f..26ab262e2c 100644 --- a/docs/passwordsecure/current/installation/installationbrowseraddon/microsoft_edge.md +++ b/docs/passwordsecure/current/installation/installationbrowseraddon/microsoft_edge.md @@ -14,5 +14,7 @@ downloaded from the following link: ![Add-on Edge](/images/passwordsecure/9.2/installation/browser/addon-edge-en.webp) -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/current/installation/installationbrowseraddon/mozilla_firefox.md b/docs/passwordsecure/current/installation/installationbrowseraddon/mozilla_firefox.md index f42bc00077..b5fb2eab85 100644 --- a/docs/passwordsecure/current/installation/installationbrowseraddon/mozilla_firefox.md +++ b/docs/passwordsecure/current/installation/installationbrowseraddon/mozilla_firefox.md @@ -12,9 +12,11 @@ The installation of the Firefox Add-on is done directly from the official Store. can be downloaded from the following link: [Add-on firefox](https://addons.mozilla.org/en-US/firefox/addon/password-safe-browser-add-on/). -After the download, the add-on is simply dragged and dropped into the browser. +After the download, the add-on is dragged and dropped into the browser. After confirming a security question, it is installed and an icon is created in the menu bar. -NOTE: It is also possible to find the Add-on link in the Web Application page footer, if it is not +:::note +It is also possible to find the Add-on link in the Web Application page footer, if it isn't installed yet +::: diff --git a/docs/passwordsecure/current/installation/installationclient/installation_client.md b/docs/passwordsecure/current/installation/installationclient/installation_client.md index d254888188..b4debfc5f3 100644 --- a/docs/passwordsecure/current/installation/installationclient/installation_client.md +++ b/docs/passwordsecure/current/installation/installationclient/installation_client.md @@ -19,8 +19,8 @@ You are required to read and accept the terms of service. These can also be prin The next step is to define the location of the client. The suggested location can be retained.You can also define whether additional components should be installed. -**CAUTION:** Please only install the Terminal Server Service (for Autofill Add-on) if terminal -server operation is intended! +**CAUTION:** only install the Terminal Server Service (for Autofill Add-on) if terminal +server operation is intended. ![installation wizard page 2](/images/passwordsecure/9.2/installation/installation_client/installation-client-3-en.webp) @@ -53,14 +53,14 @@ The Autofill Add-on is used for SSO applications. For connection to the database, the creation of a database profile is obligatory. The following information is required: -- Profile name: The name of the profile. This will be displayed on the client in the future +- Profile name: The name of the profile. This name appears on the client - IP address: The IP address of the Netwrix Password Secure V8 server is stored here - Database name: Specifies the name of the database ## Distributing database profiles via the registry There is also an option to distribute database profiles. The profiles are specified via a -corresponding registry entry. The next time Netwrix Password Secure is started, the profiles will be +corresponding registry entry. The next time Netwrix Password Secure starts, the profiles are saved in the local configuration file. The database connection can be made with the following keys: @@ -95,6 +95,8 @@ HKEY_CURRENT_USER\SOFTWARE\MATESO\Password Safe and Repository 8\DatabaseProfile ``` -NOTE: When the corresponding registry entry is set and no related database profile exists, the -profile will be created at the next start-up. Please note that profiles created like this cannot be +:::note +When the corresponding registry entry is set and no related database profile exists, the +profile is created at the next start-up. Profiles created like this can't be edited or deleted in the client. +::: diff --git a/docs/passwordsecure/current/installation/installationclient/installation_with_parameters.md b/docs/passwordsecure/current/installation/installationclient/installation_with_parameters.md index 3fb0d90acb..8f3eb83652 100644 --- a/docs/passwordsecure/current/installation/installationclient/installation_with_parameters.md +++ b/docs/passwordsecure/current/installation/installationclient/installation_with_parameters.md @@ -6,12 +6,12 @@ sidebar_position: 10 # Installation with parameters -## What is installation with parameters? +## Installation with parameters overview The installation of the Netwrix Password Secure client can also be optionally run on the command line. This method also requires the transfer of parameters. These can be combined with one another. In this case, the individual parameters are separated from one another by a blank space. The -parameters listed in the following section enable you to adapt the type of client installation. +parameters listed in the following section let you adapt the type of client installation. ## Running on the command line with parameters diff --git a/docs/passwordsecure/current/installation/installationwebapplication/apache.md b/docs/passwordsecure/current/installation/installationwebapplication/apache.md index 762531e32a..b3a243b568 100644 --- a/docs/passwordsecure/current/installation/installationwebapplication/apache.md +++ b/docs/passwordsecure/current/installation/installationwebapplication/apache.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Apache -In order to integrate the Web Application onto an Apache server, it is first necessary to enter all +To integrate the Web Application onto an Apache server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,11 +16,11 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. +You must enter the directory in which the certificate will be saved here. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. +Finally, you must enter where the certificate key is located here. ![apache-en](/images/passwordsecure/9.2/installation/installation_web_application/apache-en.webp) @@ -36,8 +36,10 @@ Manager. The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the Apache server. -NOTE: The configuration of the Apache server is always individual. Therefore, it is only possible to +:::note +The configuration of the Apache server is always individual. Therefore, it is only possible to roughly describe the process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/current/installation/installationwebapplication/installation_web_application.md b/docs/passwordsecure/current/installation/installationwebapplication/installation_web_application.md index ef9e8a1759..afcbdce52c 100644 --- a/docs/passwordsecure/current/installation/installationwebapplication/installation_web_application.md +++ b/docs/passwordsecure/current/installation/installationwebapplication/installation_web_application.md @@ -6,14 +6,14 @@ sidebar_position: 40 # Installation Web Application -**CAUTION:** This guide focuses on the initial installation of the Web Application and is not +**CAUTION:** This guide focuses on the initial installation of the Web Application and isn't relevant for further updates. ## Preparations for installation ### System requirements -Please ensured that all [Webserver](/docs/passwordsecure/current/installation/requirements/webserver/webserver.md) requirements have been met. + ensured that all [Webserver](/docs/passwordsecure/current/installation/requirements/webserver/webserver.md) requirements have been met. ### SSL certificate @@ -24,7 +24,7 @@ server and the Netwrix Password Secure server. ### Databases All databases that are to be used on the Web Application must be enabled for this purpose. With a -double click on the corresponding database the option "Access via Web Application" can be activated. +double click the corresponding database the option "Access via Web Application" can be activated. ## Installation @@ -37,14 +37,16 @@ firstly needs to be entered: Name the folder where the ZIP archive with the Web Application should be placed. -**CAUTION:** Do not use the Server Manager installation directory +**CAUTION:** Don't use the Server Manager installation directory -NOTE: If the web server is created on IIS, execute config.bat to handle integration of the web +:::note +If the web server is created on IIS, execute config.bat to handle integration of the web server. +::: ### Server IP -Please check if the IP address is correct otherwise no connection to the Web Application can be + check if the IP address is correct otherwise no connection to the Web Application can be established. If the IP address is wrong, you have to change it in the basic configuration of the Server Manager. @@ -68,26 +70,30 @@ You can personalize the Web App with your company’s branding by navigating to ## CORS configuration A button for the so-called CORS configuration can be found on the ribbon. It is essential that this -configuration is carried out before the Web Application can be used. A list of the permitted CORS -domains will be saved as a result. Requests received via the Web Application can then be checked -against this list. The request will only be successfully carried out if the origin header for a +configuration is performed before the Web Application can be used. A list of the permitted CORS +domains is saved as a result. Requests received via the Web Application are then checked +against this list. The request only succeeds if the origin header for a request is available in the permitted domains. -In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on +To add a domain, enter it at the bottom of the dialogue. Clicking on :material-plus-circle-outline: will add the entry to the list at the top. ![cors-en-new](/images/passwordsecure/9.2/installation/installation_web_application/cors-en-new.webp) -NOTE: In general, it is sufficient to add the IP address which was also saved as the Web server host +:::note +In general, it is sufficient to add the IP address which was also saved as the Web server host address. +::: -## Calling up the Web Application +## Accessing the Web Application -The process for calling up the Web Application is dependent on the configuration of the web server: +The process for accessing the Web Application depends on the configuration of the web server: - Web Application in root directory -> `https://hostname` - Web Application in a subdirectory -> `https://hostname/path-to-subdirectory` -- Port is not set to 443 -> `https://hostname:port/path-to-subdirectory` +- Port isn't set to 443 -> `https://hostname:port/path-to-subdirectory` -NOTE: In order for the redirect to be used, it is important to ensure on apache and nginx web +:::note +In order for the redirect to be used, you must ensure on apache and nginx web servers that no other host listens to port 80. +::: diff --git a/docs/passwordsecure/current/installation/installationwebapplication/microsoft_iis.md b/docs/passwordsecure/current/installation/installationwebapplication/microsoft_iis.md index 53771713f1..a991007fb8 100644 --- a/docs/passwordsecure/current/installation/installationwebapplication/microsoft_iis.md +++ b/docs/passwordsecure/current/installation/installationwebapplication/microsoft_iis.md @@ -35,10 +35,12 @@ The file config.bat can be found in the newly created Web Application directory executed when logged on as the administrator. This will integrate the Web Application into the IIS web server. -NOTE: If the system requirements have not been met, you will be informed that the URL Rewrite and/or +:::note +If the system requirements have not been met, you will be informed that the URL Rewrite and/or Application Request Routing modules need to be installed. In this case, follow the instructions on -the wizard that will then immediately open. In addition, it is necessary to install the WebSocket +the wizard that will then immediately open. In addition, you must install the WebSocket Protokoll. Afterwards, config.bat needs to be executed again. +::: If the website has been correctly created, this will be correspondingly indicated by the notification IIS page created. diff --git a/docs/passwordsecure/current/installation/installationwebapplication/nginx.md b/docs/passwordsecure/current/installation/installationwebapplication/nginx.md index ab7ec622fb..3ff63ef92f 100644 --- a/docs/passwordsecure/current/installation/installationwebapplication/nginx.md +++ b/docs/passwordsecure/current/installation/installationwebapplication/nginx.md @@ -6,7 +6,7 @@ sidebar_position: 30 # nginx -In order to integrate the Web Application onto an nginx server, it is first necessary to enter all +To integrate the Web Application onto an nginx server, it is first necessary to enter all of the relevant settings: ## Document directory @@ -16,12 +16,12 @@ The folder from which the Web Application should be operated is entered here. Th ## SSL certificate path -It is necessary to enter the directory in which the certificate will be saved here. The standard +You must enter the directory in which the certificate will be saved here. The standard path here is /etc/nginx/certs/Web Application.crt. ## SSL certificate key path -Finally, it is necessary to enter where the certificate key is located here. The default setting is +Finally, you must enter where the certificate key is located here. The default setting is /etc/nginx/certs/Web Application.key. ![ngnix installation](/images/passwordsecure/9.2/installation/installation_web_application/installation-webclient-9-en.webp) @@ -38,8 +38,10 @@ directly viewed on the Server Manager. The configuration then still needs to be integrated onto the nginx server. It can be directly copied on the Server Manager for this purpose. -NOTE: Every web server configuration is individual. Therefore, it is only possible to outline the +:::note +Every web server configuration is individual. Therefore, it is only possible to outline the normal process for a standard installation. +::: ## Standard configuration diff --git a/docs/passwordsecure/current/installation/requirements/application_server.md b/docs/passwordsecure/current/installation/requirements/application_server.md index bb16428681..3c0f91a29b 100644 --- a/docs/passwordsecure/current/installation/requirements/application_server.md +++ b/docs/passwordsecure/current/installation/requirements/application_server.md @@ -32,7 +32,7 @@ sidebar_position: 10 - Port 11011 TCP for communication with windows applications or web server IIS (incoming) - Port 11016 TCP for the Web services (incoming; only when using the Web Application) - Port 11018 TCP for real-time update (incoming) - - Port 11014 TCP for the backup service (usually does not need to be unlocked) + - Port 11014 TCP for the backup service (usually doesn't need to be unlocked) - Port 11015 TCP for Entra ID communication (incoming; only when using the Entra ID provisioning) - Port 11019 TCP for using Password Secure as Identity Provider (SAML) (incoming) diff --git a/docs/passwordsecure/current/installation/requirements/client_configuration.md b/docs/passwordsecure/current/installation/requirements/client_configuration.md index a04c4f5141..f69cf0d000 100644 --- a/docs/passwordsecure/current/installation/requirements/client_configuration.md +++ b/docs/passwordsecure/current/installation/requirements/client_configuration.md @@ -8,7 +8,9 @@ sidebar_position: 30 #### System Components -NOTE: Our Windows Application (Win App) is not available for MSP-customers! +:::note +The Windows Application (Win App) isn't available for MSP-customers. +::: | | | | | --------------------------- | ----------------------------------- | ---------------------- | diff --git a/docs/passwordsecure/current/installation/requirements/mobile_apps.md b/docs/passwordsecure/current/installation/requirements/mobile_apps.md index 89a0dc7ea5..4a870d899d 100644 --- a/docs/passwordsecure/current/installation/requirements/mobile_apps.md +++ b/docs/passwordsecure/current/installation/requirements/mobile_apps.md @@ -8,7 +8,7 @@ sidebar_position: 50 #### Required Version -**CAUTION:** Our mobile apps are only supported on devices with the official OS (no jailbreak, not +**CAUTION:** The mobile apps are only supported on devices with the official OS (no jailbreak, not rooted). | | | | diff --git a/docs/passwordsecure/current/installation/requirements/mssql_server.md b/docs/passwordsecure/current/installation/requirements/mssql_server.md index 2bbab17206..947bf506a6 100644 --- a/docs/passwordsecure/current/installation/requirements/mssql_server.md +++ b/docs/passwordsecure/current/installation/requirements/mssql_server.md @@ -9,9 +9,9 @@ sidebar_position: 20 #### Required Version RECOMMENDED: Using MS SQL Server Express can lead to significant performance issues because of the -various limitations. Our recommendation is to use MS SQL Server Standard as a minimum. +various limitations. The recommendation is to use MS SQL Server Standard as a minimum. -Please follow Microsoft recommendations for system requirements for SQL Server. + follow Microsoft recommendations for system requirements for SQL Server. | | | | | --------------------- | ------- | ----------- | @@ -19,7 +19,7 @@ Please follow Microsoft recommendations for system requirements for SQL Server. | MS SQL Server Version | 2019 | 2022 | **CAUTION:** If you plan to install the MS SQL Server on the machine with the Netwrix Password -Secure application server, please ensure to meet the combined minimum requirements for both systems. +Secure application server, ensure to meet the combined minimum requirements for both systems. #### Required Configuration diff --git a/docs/passwordsecure/current/introduction/introduction.md b/docs/passwordsecure/current/introduction/introduction.md index 9d5cd3dd79..e00cd67c8f 100644 --- a/docs/passwordsecure/current/introduction/introduction.md +++ b/docs/passwordsecure/current/introduction/introduction.md @@ -6,7 +6,7 @@ sidebar_position: 10 # Introduction -## Welcome to the official Netwrix Password Secure documentation! +## Welcome to the official Netwrix Password Secure documentation. All Netwrix product announcements have moved to the Netwrix Community. See announcements for Netwrix Password Secure in the diff --git a/docs/passwordsecure/current/introduction/versioning_scheme.md b/docs/passwordsecure/current/introduction/versioning_scheme.md index 893df26f5d..945bfd2823 100644 --- a/docs/passwordsecure/current/introduction/versioning_scheme.md +++ b/docs/passwordsecure/current/introduction/versioning_scheme.md @@ -14,7 +14,7 @@ The new format is: `YY.M.VVV` |---------|-------------|---------| | `YY` | Two-digit year | `26` = 2026 | | `M` | Month, no zero-padding | `3` = March | -| `VVV` | Release indicator (see below) | `100` = first major | +| `VVV` | Release indicator (see the following section) | `100` = first major | :::info[Build numbers] diff --git a/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_administrator_manual.md b/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_administrator_manual.md index 3899c1b3ec..2a463bc428 100644 --- a/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -13,15 +13,15 @@ Before you execute the migration, you must ensure that the following preparation - Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client - Check in the [Database properties](/docs/passwordsecure/current/configuration/servermanager/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed - If that should be the case, **contact your users and make sure that they have to synchronize the + If that should be the case, **contact your users and ensure that they have to synchronize the Offline Add-on and the mobile app**. **CAUTION:** If the OfflineClient or App does have not yet synchronized items, they are lost after -the migration mode is enabled! +the migration mode is enabled. - Backup all certificates using the Netwrix Password Secure Server Manager -**CAUTION:** Only certificate backups made through the Server Manager are valid! +**CAUTION:** Only certificate backups made through the Server Manager are valid. ![Certificates](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/certificates-ac-1-en.webp) @@ -29,7 +29,7 @@ the migration mode is enabled! - Delete or restore all non “permanent deleted” users If you have deactivated or non “permanent deleted“ users it would make sense to delete them - permanently, otherwise the migration would never finalize. Keep in mind, that every E2EE User must + permanently, otherwise the migration would never finalize. Remember that every E2EE User must log in, before you can complete the migration. - Only have **one active Netwrix Password Secure-Server** In the case of multiple Netwrix Password Secure-Servers, you need to stop all Netwrix Password @@ -39,8 +39,10 @@ the migration mode is enabled! ## Migration -NOTE: During the migration, the database is in read-only mode. So it is possible to read all records -from the database, but it is not possible to add new or edit existing records. +:::note +During the migration, the database is in read-only mode. So you can read all records +from the database, but it isn't possible to add new or edit existing records. +::: #### Start migration @@ -50,8 +52,8 @@ Clicking on the icon **“Start migration”** in the databases' module to start Select the database you want to migrate and enter the code-word. -Remember, The code word is “Start”. Please make sure that you have read the whole documentation. -Otherwise, data loss might occur! +Remember, The code word is “Start”. ensure that you have read the whole documentation. +Otherwise, data loss might occur. ![select database](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/start-migration-2-en.webp) @@ -63,7 +65,7 @@ As written in the message, export all required certificates via the Netwrix Pass Manager. If you have multiple servers in use import the certificates via the Server Manager at the end of the migration process. -**CAUTION:** If certificates are missing the migration cannot be continued. +**CAUTION:** If certificates are missing the migration can't be continued. #### Watch the migration process diff --git a/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_user_manual.md b/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_user_manual.md index 11eb4feb09..2342e843aa 100644 --- a/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_user_manual.md +++ b/docs/passwordsecure/current/maintenance/eccmigration/ecc_migration_user_manual.md @@ -8,11 +8,11 @@ sidebar_position: 20 ## Preparation: -If you use the Offline Add-on and the Mobile app it is necessary to synchronize them before your +If you use the Offline Add-on and the Mobile app you must synchronize them before your admin starts the migration. -**CAUTION:** If you do not synchronize your data, it is lost and no more accessible after the -migration! +**CAUTION:** If you don't synchronize your data, it is lost and no more accessible after the +migration. ## Migration @@ -21,5 +21,7 @@ the message **„Userdata migration finished”** appears. ![userdata_migration_finished_en](/images/passwordsecure/9.2/configuration/server_manager/ecc_migration/userdata_migration_finished_en.webp) -NOTE: The migration can only be carried out with the Web Application and NativeClient. A migration -just using the Extension, Autofill Add-on or the Mobile App is not possible. +:::note +The migration can only be performed with the Web Application and NativeClient. A migration +just using the Extension, Autofill Add-on or the Mobile App isn't possible. +::: diff --git a/docs/passwordsecure/current/maintenance/moving_the_server.md b/docs/passwordsecure/current/maintenance/moving_the_server.md index 73ced9900f..682d112744 100644 --- a/docs/passwordsecure/current/maintenance/moving_the_server.md +++ b/docs/passwordsecure/current/maintenance/moving_the_server.md @@ -8,12 +8,12 @@ sidebar_position: 20 ## Preparations -It is necessary to make some preparations so that the move can be completed without any problems. +You must make some preparations so that the move can be completed without any problems. #### 1. Installing the SQL server If the SQL server and the application server are on the same machine, the SQL server should be -installed on the new machine first. It is necessary to observe the +installed on the new machine first. You must observe the [MSSQL Server](/docs/passwordsecure/current/installation/requirements/mssql_server.md) for this process. #### 2. Installing the server @@ -28,7 +28,7 @@ is described under After the server has been installed, the [Basic configuration](/docs/passwordsecure/current/configuration/servermanager/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you want -to retain the old SQL server, it is necessary to give the configuration database a new name. +to retain the old SQL server, you must give the configuration database a new name. #### 4. Deactivating the old server @@ -43,13 +43,13 @@ After making these preparations, the data from the old server can be backed up. #### 1. Backing up the system If using a virtual machine, a backup of it should be created. The old version of the server can then -be restored in the event of problems. +be restored if there is problems. #### 2. Backing up the database -In order to transfer the data to the new server, a backup of the database should be created. -Although this is also possible via the Server Manager, we recommend carrying out the backup at the -SQL level: right click on the database, then on Tasks and Backup. The desired target folder is +To transfer the data to the new server, a backup of the database should be created. +Although this is also possible via the Server Manager, Netwrix recommends carrying out the backup at the +SQL level: right click the database, then on Tasks and Backup. The desired target folder is selected in the following window. ![insert backup](/images/passwordsecure/9.2/maintenance/sql-backup-en.webp) @@ -68,7 +68,7 @@ needs to be integrated. #### 1. Integrating the database at the SQL level Firstly, a new database is created on the SQL server. This option can be found in the SQL Management -Studio after right clicking on Databases. It is usually sufficient to simply enter the database +Studio after right clicking on Databases. It is usually sufficient to enter the database names. ![integrate the database](/images/passwordsecure/9.2/maintenance/sql-new-db-en.webp) @@ -79,8 +79,10 @@ is also essential to check whether the correct database has been selected in the ![restore db](/images/passwordsecure/9.2/maintenance/sql-restore-en.webp) -NOTE: This method can be also used to import backups that were directly created from the Server +:::note +This method can be also used to import backups that were directly created from the Server Manager. +::: #### 2. Setting up the server @@ -99,5 +101,5 @@ Finally, the database is integrated onto the server via the database wizard. ## Modifications on the client -If the IP and/or host name for the server has changed, it is necessary to create/roll out new +If the IP and/or host name for the server has changed, you must create/roll out new database profiles from the client. diff --git a/docs/passwordsecure/current/maintenance/update.md b/docs/passwordsecure/current/maintenance/update.md index 8281698a0f..36da019226 100644 --- a/docs/passwordsecure/current/maintenance/update.md +++ b/docs/passwordsecure/current/maintenance/update.md @@ -8,35 +8,37 @@ sidebar_position: 10 ## Reasons for regular updates -Our development team is constantly working on the further development of the software. This does not +The development team is constantly working on the further development of the software. This doesn't only involve fixing any problems but also primarily the development of new features to adapt the -software as best as possible to the requirements of our customers. Therefore, it is recommended that +software as best as possible to the requirements of the customers. Therefore, Netwrix recommends that you regularly install updates. The documentation always refers to the latest version available. If Netwrix Password Secure deviates -from the documentation (e.g. in appearance or also its functional scope), it makes sense to firstly +from the documentation (e.g. in appearance or functional scope), it makes sense to first update to the latest version. -NOTE: The update check on the server or the client can be used to easily install the latest version. -The update check on the client must be activated in the settings for users beforehand. We recommend +:::note +Use the update check on the server or the client to install the latest version. +The update check on the client must be activated in the settings for users beforehand. Netwrix recommends leaving the update check deactivated for normal users! Otherwise these users could independently -attempt to install updates. Since a new client cannot connect to an old server, this results in the +attempt to install updates. Since a new client can't connect to an old server, this results in the user not being able to log in. +::: ## Requirements The requirements should be checked or established before an update. -**CAUTION:** Please always check the Changelog for requirements or breaking changes before updating! +**CAUTION:** always check the Changelog for requirements or breaking changes before updating. ### Check the software maintenance package -The right to install updates is acquired with the software maintenance package. It is important to -note that you are permitted to install all updates as long as the software maintenance package is +The right to install updates is acquired with the software maintenance package. You must +You are permitted to install all updates as long as the software maintenance package is still active. If the software maintenance package has expired, you are only permitted to use those versions that were released during the term of the software maintenance package. Therefore, you should check whether the software maintenance package is still active before an update. This can be -easily checked on the Server Manager under +checked on the Server Manager under [License settings](/docs/passwordsecure/current/configuration/servermanager/mainmenu/license_settings.md). ### Creating a backup @@ -49,39 +51,41 @@ problem arises. ### Checking compatibility An attempt is always made to design the Server Manager so that it is backwards compatible. -Unfortunately this is not always possible. Therefore, you should always check which client version +Unfortunately this isn't always possible. Therefore, you should always check which client version the Server Manager is compatible with before an update. The version history for the relevant version will provide this information. **CAUTION:** If the password for logging in to the Server Manager on the database has been saved, it -is essential that it is noted down or temporarily saved elsewhere before an update! +is essential that it is noted down or temporarily saved elsewhere before an update. ### Latest installation files The installation files can be downloaded from the -[customer information system](https://license.passwordsafe.de/kis). Please simply use the access -data that we sent to you by email to log in. +[customer information system](https://license.passwordsafe.de/kis). use the access +data that Password Secure sent to you by email to log in. ## Perform update ### Updating the Server Manager -The Server Manager is simply installed on top of the existing installation. The password from the +The Server Manager is installed on top of the existing installation. The password from the Server Manager should be made available at this point in any case. After the installation of the Server Manager, the database is only accessible when it is activated. If the password is only in the Netwrix Password Secure, it should be temporarily stored at this point. -NOTE: If the service has not been ended in advance, the installation wizard will give you the +:::note +If the service has not been ended in advance, the installation wizard will give you the opportunity to do so. If the service is still not ended at this stage, the computer will then need to be restarted. It is thus recommended that the Netwrix Password Secure services are ended before the update. +::: Further information on the installation wizard can be found in the section [Installation Server Manager](/docs/passwordsecure/current/installation/installation_server_manager.md). ### Patch level update for the databases -The databases are usually deactivated after updating the Server Manager because they do not yet have +The databases are usually deactivated after updating the Server Manager because they don't yet have the corresponding patch level. This should be immediately checked. After logging in to the Server Manager, the module “Databases” is immediately visible. If the databases have been deactivated, you can reactivate them directly in the ribbon via the corresponding button. The patch level will be @@ -89,9 +93,9 @@ updated during this process. ### Updating the client -The updates for the client are also simply installed over the existing installation. Further -information can be found in the section Installation of the client. Naturally, the update can also -be carried out using the installation parameters. +The updates for the client are also installed over the existing installation. Further +information can be found in the section Installation of the client. The update can also +be performed using the installation parameters. ### Updating the Web Application @@ -105,7 +109,9 @@ to the document directory on the corresponding web server. generated for creating the new version. This must not be executed if the Web Application has already been installed and it must be deleted without fail after a successful update. -NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using +:::note +If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the chapter [Webserver](/docs/passwordsecure/current/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 or newer. +::: diff --git a/docs/passwordsecure/current/msp_system.md b/docs/passwordsecure/current/msp_system.md index 11b1b86bd5..e119bbbc2e 100644 --- a/docs/passwordsecure/current/msp_system.md +++ b/docs/passwordsecure/current/msp_system.md @@ -19,7 +19,7 @@ customers with less than 20 users each. - 16 GB RAM - min. 100 GB HDD -**CAUTION:** Please note, that using a SQL Server with Express edition is not recommended because of +**CAUTION:** That using a SQL Server with Express edition isn't recommended because of diverse limitations there. If your customer's count is growing over time, you should add every 200 users a minimum of at least: @@ -43,7 +43,7 @@ If your customer's count is growing over time, you should add every 200 users a - 1 CPU - 4 GB RAM -RECOMMENDED: Currently, you should use an application server to handle a max of about 100 +RECOMMENDED:, you should use an application server to handle a max of about 100 customers. So if you reach 100 customers, you should set up a second Application Server or use some sort of load balancing between the application servers. @@ -53,6 +53,8 @@ recommended **CAUTION:** Every additional 100 customers/1000 users an additional Application Server - incl. loadbalancing - is recommended. -NOTE: Please note that individual variables - like the number of passwords per user - will affect +:::note +Individual variables - like the number of passwords per user - will affect performance. Especially for MSP-Systems it is required to monitor performance continuously, and add additional resources on demand. +::: diff --git a/docs/platgovsalesforce/changemanagement/datatracking/_category_.json b/docs/platgovsalesforce/changemanagement/datatracking/_category_.json new file mode 100644 index 0000000000..4efcde8323 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Data Tracking", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "enhanced_cpq_support" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_change_logs.md b/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_change_logs.md new file mode 100644 index 0000000000..03144488f4 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_change_logs.md @@ -0,0 +1,158 @@ +--- +title: "Data Tracking - Change Logs" +description: "Data Tracking - Change Logs" +sidebar_position: 3 +--- + +# Data Tracking - Change Logs + +## Overview + +Change Logs allow you to view details about modifications made to records on tracked objects. + +**Data Tracking – Change Logs** can be accessed from the **Change Logs** tab by selecting the **Data Tracking Changes** list view. + +1. Click the **Change Logs** tab. +2. Change the pinned list view from **Recently Viewed** to **Data Tracking Changes**. +3. Click a **Change Log Name** to open the record. + +![Data Tracking Changes - ListView](/images/platgovsalesforce/change_management/data_tracking_changes_listview.webp) + +:::info +The platform supports different change tracking behaviors that determine how changes are recorded and enforced when modifications are made to tracked records. + +#### Tracked, Non-Blocking + +When an object is configured as **Tracked, Non-Blocking**, the changes are monitored and recorded in Change Logs. + +- If the change is associated with an **approved Change Request**, the system records it as a **Compliant Change Log**. +- If the change occurs **without an approved Change Request**, the system records it as a **Non-Compliant Change Log**. + +This mode allows users to complete their changes while ensuring that all activity is tracked and evaluated for compliance. + +#### Tracked, Blocking + +When an object is configured as **Tracked, Blocking**, the system enforces stricter change control. + +- If a change is associated with an **approved Change Request**, the system records it as a **Compliant Change Log**. +- If a user attempts to make a change **without an approved Change Request**, the system blocks the operation. + +In this case, an error message is displayed and the change is not saved. This mode ensures that all modifications follow the required approval process before being applied. + +::: + +Alternatively, you can access Change Logs from the following navigation path: + +**Netwrix Dashboard → Reports → Change Enablement → Data Tracking Change Logs** + +--- + +## Reviewing Data-Record Change Logs + +The **Netwrix Platform Governance** Change Log has some features specific to data-record changes: + +![CPQ Change Log](/images/platgovsalesforce/change_management/discount_schedule_change_log.webp) + +- **Customization:** Data record Customization for the tracked object. +- **Metadata Type:** Always blank, because it’s not metadata. +- **Field Name:** Always “Data Change Tracking”. Can be used for creating filtered Change Log Reports and List Views. +- **Change Overview:** Data record name, API Name of the tracked object, and operation that was done. +- **Data Record Id:** Data record’s Salesforce Id. Use this to URL-hack directly to the updated record. +- **Data Record Name:** Data record name. +- **Data Record SObject API:** The tracked object’s API name. +- **Filters:** List of filters whose criteria matched this record. (Only populated when an object has filters applied.) + +--- + +## Filtering Change Logs + +In some cases, you may want **Change Logs** to be created only when specific conditions are met. + +For example: +- You may want to create an **Opportunity Change Log** only when an admin updates specific fields on a **Closed Won Opportunity**. +- You may want to **exclude Change Logs** for **User-Defined CPQ Discount Schedules**. + +**Netwrix Platform Governance** allows you to apply filters to tracked objects using either a **Report** or a custom **Apex Class**. + +--- + +### Using a Report as a Filter + +Using a **Report** is the simplest way to implement a filter. + +Create a report that returns a list of **record Ids**. If a tracked record update matches the report’s filter criteria, a **Change Log** will be created for that record. + +#### Report Requirements + +The report must meet the following requirements: + +- The **Show Me** filter must return **all records being filtered**. +- The **standard date filter** must be set to the **Created Date** of the record type being filtered. +- The **first column** in the report must be the **Id** of the record. + +Example: Do not create Change Logs for changes in “User-Defined” CPQ Discount Schedules +This report returns only the Discount Schedule Ids of records that do not have the “User Defined” checkbox checked. + +![Data Tracking - Report Filter](/images/platgovsalesforce/change_management/data_tracking_report_filter.webp) + +--- + +### Using an Apex Class as a Filter + +If your filtering logic is too complex to implement with a report, you can create a custom **Apex Class**. + +**Netwrix Platform Governance** provides support for custom logic by allowing Apex classes to act as filters. + +#### Apex Class Requirements + +The Apex class must: + +- Be declared as **global**. +- Implement the **`FLODocs.IChangeLogFilter`** interface. + +To implement this interface, the class must include the following method: + +```apex +global Set getFilteredIds(Datetime start, Datetime end) +``` + +:::important +The start and end times should be used by your filtering logic to return a Set of record Ids that have been modified during that time interval. +::: + +#### Example: Do not create Change Logs for changes in “User-Defined” CPQ Discount Schedules. + +Here’s an example that does the same job as the Report filter above. + +```apex +global without sharing class DiscountScheduleFilter implements FLODocs.IChangeLogFilter { + global Set getFilteredIds(Datetime lastModifiedStart, Datetime lastModifiedEnd) { + Map schedules + = new Map([SELECT Id + FROM SBQQ__DiscountSchedule__c + WHERE SBQQ__UserDefined__c = false + AND LastModifiedDate > :lastModifiedStart + AND LastModifiedDate < :lastModifiedEnd]); + return schedules.keySet(); + } +} +``` + +--- + +### Applying a Filter to a Tracked Object + +After the **Netwrix Platform Governance** scanner runs, a **Customization** record is automatically created for the corresponding **Report** or **Apex Class**. + +To configure the filter: + +1. Navigate to the **Customization** record associated with the filter. +2. In the **Change Enablement** tab, locate the **Filtered Data Records** field. +3. Update this field by selecting the **Data Record Customization** that corresponds to the tracked object. + + +#### Example: Apply the `DiscountScheduleFilter` Apex class to the **CPQ Discount Schedule** object by linking the appropriate **Data Record Customization** in the **Filtered Data Records** field. + +![DiscountScheduleFilter - Apex Class Filter](/images/platgovsalesforce/change_management/data_tracking_apex_filter.webp) + + diff --git a/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_troubleshooting.md b/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_troubleshooting.md new file mode 100644 index 0000000000..55ac042fb2 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/data_tracking_troubleshooting.md @@ -0,0 +1,144 @@ +--- +title: "Data Tracking - Troubleshooting" +description: "Data Tracking - Troubleshooting" +sidebar_position: 4 +--- + +# Data Tracking - Troubleshooting + +This section describes common issues and known errors that users may encounter while working with **Data Tracking**. It provides guidance to help identify the cause of a problem and outlines recommended steps to resolve or mitigate it. + +The topics below highlight frequently reported scenarios, configuration issues, or system behaviors that may affect normal operation. Reviewing these items can help quickly diagnose problems and reduce troubleshooting time. + +--- + +## Missing Customizations + +If you are unable to find a Salesforce object or field to track, this is usually related to missing Customizations. + +Although tracking is performed on Salesforce objects and fields, their configuration depends on the **Customization** level. This means that: + +- Objects and fields must first exist as Customizations in the system. +- If they are not available, they cannot be selected for tracking or filtering. + +### What to check + +- Make sure the scanner has been executed for the relevant Salesforce types. +- Verify that the corresponding Customization exists in the system. + +This applies to: +- Data Tracking configuration +- Filters used for generating Change Logs + +### Solution + +If the Customization is missing, you need to run the scanner for the specific Salesforce types. + +Refer to the following link for instructions on how to run the scanner for specific Salesforce types: + +[**Manual Scanner**](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) + +--- + +## Deployment Errors + +When selecting certain standard Salesforce objects for tracking, you may encounter issues that prevent the trigger and its corresponding test class from being successfully deployed. + +Some Salesforce objects have specific characteristics that can affect deployment. + +### Known Issue + +Objects that do not have a **Name** field (such as `Case` or `WorkOrder`) may behave differently when: + +- Automatically generating the test class +- Achieving the required minimum **75% code coverage** for deployment + +These cases have already been addressed in the current implementation. + +### What to keep in mind + +- Other standard objects may still have unique behaviors that could cause deployment conflicts. +- Errors during deployment are often related to how the test class is generated for those objects. + +### Suggested Actions + +- Review the deployment error message to identify the affected object. +- Check if the object has any structural differences (e.g., missing common fields like `Name`). + +If you encounter a new conflicting object, further investigation or customization may be required. + +--- + +## Test Class Dependencies + +The test class generated for each tracking trigger is created using a dynamic template. This template includes the necessary structure and relationships required to create valid test records. + +### How it works + +When a trigger is created, a corresponding test class is automatically generated. This test class: + +- Inserts sample records +- Ensures the required **75% code coverage** for deployment + +To determine which fields and values are required for these test records, the system relies on: + +**Test Class SObject Dependency (Custom Metadata Type)** and its associated records. + +### Example + +When tracking an Approval Rule object (`sbaa__ApprovalRule__c`), the generated test class follows a predefined structure: + +```apex +@isTest +public class SsbaaApprovalRulecTest { + @isTest + public static void testTrigger() { + try { + + sbaa__ApprovalRule__c record_1 = new sbaa__ApprovalRule__c(); + record_1.Name = 'test'; + record_1.sbaa__TargetObject__c = 'Opportunity'; + insert record_1; + + } catch(Exception e) {} + } +} +``` + +The required field values used in this test class are defined in the Custom Metadata configuration. + +### Configuration Reference + +**Test Class SObject Dependency – Custom Metadata Type** + +![Test Class SObject Dependency](/images/platgovsalesforce/change_management/data_tracking_test_dependency.webp) + +**Example Configuration – ApprovalRule (CPQ) – Tracked Non-Blocking** + +![ApprovalRule1](/images/platgovsalesforce/change_management/test_dependency_approval1.webp) +![ApprovalRule2](/images/platgovsalesforce/change_management/test_dependency_approval2.webp) + +In this example, the configuration defines that a test record for `sbaa__ApprovalRule__c` must include: + +- A value for the `Name` field (e.g., `"test"`) +- A specific value for the `sbaa__TargetObject__c` field (e.g., `"Opportunity"`) + +### Common Issue + +If the required dependencies are not properly defined: + +- The test class may fail during execution +- Deployment may fail due to insufficient code coverage or invalid data + +### Suggested Actions + +- Verify that the correct dependencies are configured in the **Custom Metadata Type** +- Ensure all required fields and relationships are properly defined +- Update or add missing dependency records if needed + +Proper configuration of these dependencies is essential for successful test class generation and deployment. + +:::note +The **Test Class SObject Dependency – Custom Metadata Type** is not a protected component. This means you can add or modify dependencies as needed without requiring a new package version. +::: +--- \ No newline at end of file diff --git a/docs/platgovsalesforce/changemanagement/datatracking/enhanced_cpq_support.md b/docs/platgovsalesforce/changemanagement/datatracking/enhanced_cpq_support.md new file mode 100644 index 0000000000..694858ad8c --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/enhanced_cpq_support.md @@ -0,0 +1,37 @@ +--- +title: "Data Tracking" +description: "Data Tracking" +sidebar_position: 100 +--- + +# Data Tracking + +Salesforce CPQ (Configure, Price, Quote Software) sales tool provides accurate pricing with any +given product configuration scenario. Behind the scenes, CPQ uses configuration data stored in +custom objects. Manually monitoring this configuration data is the hardest part of SOX compliance. +In the CPQ application, for example, important rules about products, prices, discounts, and +approvals are stored as data in custom objects. Getting visibility into these changes is incredibly +time-consuming, and there are few options for preventing changes that can put your processes and +compliance in jeopardy. + +This is not unique to CPQ. Billing and other applications that touch revenue related data are all +potentially in scope and in your auditor's sights. + +Platform Governance for Salesforce solves this major pain point by treating configuration data with +the same scrutiny it applies to other Apex metadata in your Org. It is the only native solution to +give you visibility into these changes. You can create mitigating controls to automatically block +changes to critical CPQ rules. For example, you can now designate the fields on the **Discount +Schedule** and **Discount Tier** objects to be under change control, and generate compliance logs if +the fields are changed. + +As a result, you no longer have to rely on field history reports and manual review to ensure CPQ and +other configuration data is protected. Auditors are satisfied, audit costs go down and IT leadership +can rest easy knowing there are no surprises. + +You must have an Enterprise Compliance license to benefit from this feature. + +The basic steps for CPQ data tracking: + +1. Ensure your org has been [scanned](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) at least once. +2. [Set up data tracking](set_up_data_tracking.md) for each tracked customization. +3. [Add](set_up_data_tracking.md) the tracked customizations to a policy. diff --git a/docs/platgovsalesforce/changemanagement/datatracking/non_triggerable_objects.md b/docs/platgovsalesforce/changemanagement/datatracking/non_triggerable_objects.md new file mode 100644 index 0000000000..521df0839c --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/non_triggerable_objects.md @@ -0,0 +1,82 @@ +--- +title: "Non-Triggerable Objects" +description: "Learn how to track changes for Non-Triggerable Salesforce objects using Field History Tracking" +sidebar_position: 2 +--- + +# Non-Triggerable Objects + +Some **Standard Salesforce objects are not triggerable**, which means it is not possible to generate and deploy triggers for them in the Salesforce environment. Because of this limitation, **Netwrix Platform Governance** cannot block the creation of records for these objects. + +As a result, the tracking process for these objects is different. + +For **Non-Triggerable objects**, such as **Price Book Entry**, **Netwrix Platform Governance** uses Salesforce’s built-in **Field History Tracking** to monitor changes. + +--- + +## Enable Tracking for a Non-Triggerable Object + +Follow these steps to enable tracking: + +### 1. Open the Object in Salesforce + +Navigate to: **Setup → Object Manager** + +Then select the object you want to track. + +### 2. Enable Field History Tracking + +If Field History Tracking is not already enabled: + +1. Go to **Details** +2. Click **Edit** +3. Enable **Track Field History** +4. Click **Save** + +### 3. Select Fields to Track + +1. Go to **Fields & Relationships** +2. Click **Set History Tracking** +3. Select the fields you want to track +4. Click **Save** + +### 4. Configure Tracking in the Netwrix Configuration App + +1. Open the **Netwrix Configuration** app. +2. Navigate to the **Data Tracking - Object Config** tab. +3. Set the object's tracking mode to: **Tracked, Non-Blocking** +4. Click **Save All Records**. + +:::important +If a user attempts to configure one of these objects as **Tracked, Blocking**, Salesforce will return a validation error. +::: + +## Enable the Non-Triggerable Standard Object Data Scanner + +To track changes for non-triggerable objects, the **Non-Triggerable Standard Object Data Scanner** must be enabled in the Netwrix Lightning app. + +### Enable the Scanner + +1. Open the **Netwrix Dashboard**. +2. Navigate to: **Scanner → Scheduler** +3. Enable **Non-Triggerable Standard Object Data Scanner**. + +![Non-Triggerable Standard Object Data Scanner](/images/platgovsalesforce/change_management/data_scan_scheduler.webp) + +## How the Data Scanner Works + +The **Data Scanner runs every hour** and searches for new **Field History records** created since the previous scan. + +When new field history records are found, the scanner: + +1. Identifies the data records that were modified. +2. Creates a **Change Log** for each updated record. + +Each Change Log is marked as either: + +- **Compliant** — if an open and approved **Change Request** is associated with the record update. +- **Non-Compliant** — if no approved Change Request can be associated with the update. + +:::important +A **Change Log is not created when a data record is deleted**, because Salesforce does not generate **Field History records** for deleted records. +::: diff --git a/docs/platgovsalesforce/changemanagement/datatracking/set_up_data_tracking.md b/docs/platgovsalesforce/changemanagement/datatracking/set_up_data_tracking.md new file mode 100644 index 0000000000..58b8390088 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/datatracking/set_up_data_tracking.md @@ -0,0 +1,178 @@ +--- +title: "Set Up Data Tracking" +description: "Set Up Data Tracking" +sidebar_position: 1 +--- + +# Overview - Data Tracking + +Data Tracking allows **Netwrix Platform Governance** to track changes and generate **Change Logs** for any data changes in selected objects. + +It is commonly used for **Salesforce CPQ** and other **sensitive records** that require additional visibility or governance. + +When Data Tracking is enabled for an object, **Netwrix Platform Governance** automatically: + +- Monitors updates to records in that object. +- Creates **Change Logs** whenever a record is created or updated. +- Helps administrators review and audit data changes by using reports. + +This helps organizations maintain better **control, transparency, and compliance** over important Salesforce data. + +:::info +When Data Tracking is enabled for an object, **all changes to records within that object can be tracked**. + +Because of this, it is recommended to review which objects should be monitored before enabling Data Tracking. Work with your **security, compliance, or audit teams** to define a list of sensitive objects before enabling Data Tracking. +::: + +## Prerequisites + +Here are the requirements to set up Data Tracking: + +1. **Enterprise Compliance** license. +2. Access to the **Netwrix Configuration** app. You must have the **Netwrix Administrator** and + **Netwrix Grant Permissions** permission sets to access the app. + Access can be granted to user through the following path: + **Setup** > **Users** > **Permission Sets Assignments** > **Edit Assignments** + + ![You must have these permissions to open the Configuration tool](/images/platgovsalesforce/change_management/netwrix_permissions_assignment.webp) + +# Set Up Data Tracking + +1. Open the Salesforce App Launcher. +2. Search **Netwrix Configuration** app and open it. + + ![Review the recommended objects for data tracking](/images/platgovsalesforce/change_management/netwrix_configuration_app.webp) + + +## Select Objects to Track + +In this section, users can apply tracking recommendations to one or more objects in the list. To do this, select the desired objects and click **Apply Recommendations**. + +![Review the recommended objects for data tracking](/images/platgovsalesforce/change_management/data_tracking_recommended.webp) + +The available tracking options for objects are: + +- **Not Tracked**: Changes to data records are not monitored. +- **Tracked, Blocking**: Changes to data records are blocked if there is no approved Change Request. +- **Tracked, Non-Blocking**: Changes to data records are logged. If there is no approved Change Request, the Change Log marks the change as non-compliant. + +:::note +While metadata changes in Salesforce can be tracked but not blocked, **Data Tracking** allows you to block most data record changes that are not pre-approved. + +Changes to records in **Non-Triggerable objects** cannot be blocked. See the [**Non-Triggerable Objects**](non_triggerable_objects.md) section for more information about how these objects behave. +::: + +Users can also choose whether tracking should apply to **Updates Only** for each object. + +- **No**: Tracks changes to both new and existing records. +- **Yes**: Tracks changes to existing records only. Changes to new records are not tracked. + +If you want to enable tracking for objects that are not included in the recommended list, follow these steps: + +1. Click **Show Additional Objects for Tracking (Advanced)**. The **Additional Objects** list appears. +2. Search for the object by typing its name. +3. Set the **Tracking** and **Update Only** values for each object you want to configure. +4. Click **Save All Records**. +5. Wait until the **Deployment Status** is complete, then click **Done**. + + ![Wait for the Deployment Status to complete](/images/platgovsalesforce/change_management/data_tracking_deployment.webp) + +:::note +To track objects that support triggers, **Netwrix Platform Governance** automatically creates and deploys a trigger and a test class for each selected object. + +For Salesforce objects that do not support triggers, see the [**Non-Triggerable Objects**](non_triggerable_objects.md) section. +::: + +:::important +Some **Salesforce standard objects** may cause issues when enabling **Data Tracking**. + +If you experience problems while attempting to track certain objects, refer to the [**Troubleshooting**](data_tracking_troubleshooting.md) section for more information about known limitations and possible solutions. +::: + +:::tip +We recommend using Data Tracking only for **critical configuration objects**. + +Data Tracking is not designed for **high-volume objects** such as Opportunities or Quotes. For these types of objects, Salesforce’s standard **Field History Tracking** feature is a better option for monitoring changes. +::: + +## Select Fields to Track + +In some cases, users may need to monitor only specific sensitive fields within a tracked object, rather than tracking all changes to the object. + +To support this, you can configure which fields should have additional tracking control. + +1. Open **Netwrix Lightning** app. +2. Open **Customizations** tab. +3. Select the **CustomField Tracking** list view. + + ![Open CustomField Tracking List View](/images/platgovsalesforce/change_management/data_tracking_customfield.webp) + +4. Select a customization and edit the **Data Change Tracking** field. +5. Click **Save** at the bottom of the form to apply your changes. + +:::note +## Fields Excluded from Tracking (Default) + +By default, **Netwrix Platform Governance** does not track changes in certain field types or standard system fields. + +### Field Types Not Tracked + +Changes to the following field types are not tracked: + +- ADDRESS +- BASE64 +- EMAIL +- JSON +- LOCATION +- PHONE +- TIME +- URL + +### Standard Fields Not Tracked + +Changes to the following standard Salesforce fields are also not tracked: + +- CreatedDate +- CreatedById +- LastModifiedDate +- LastModifiedById +- SystemModStamp +- IsDeleted +- LastActivityDate +- LastViewedDate +- LastReferencedDate +- Name +- Description +- OwnerId +::: + +## Add Tracked Objects to a Policy + +By adding the tracked object to a policy, you can define the appropriate change level for it. +For Data Records, select the change level in the **Application Configuration Changes (Data)** field. + +![Application Configuration Changes (Data)](/images/platgovsalesforce/change_management/application_configuration_changes.webp) + +1. Open **Change / Approval Policies** and select the **All Policies** list view. +2. Select the policy where you want to track the object. +3. Open the **Related** tab. +4. Click **Add Customizations**. +5. In the **Search Customization** box, type **(Data Records)**. +6. Select the customization for the tracked object that includes **"(Data Records)"** in its name. +7. Click **Add** to move the selection to the **Selected Customizations** pane. +8. Click **Save** to finish. + +## Adding Data Records to Change Requests + +When creating a Change Request, users can add **Existing Data Records** and **Proposed Data Records**, similar to how metadata components are added. + +![Adding Data Records to Change Requests](/images/platgovsalesforce/change_management/add_records_change_request.webp) + +1. Click **Add** from the panel. +2. Select the tracked object. +3. Optionally filter by the record name. +4. Select one or more records. +5. Click **Confirm Selection** button. + +To add **Proposed Data Records** (for example, new records that will be created), select the object (data record customization). In the **Name** field, enter **"TBD"**. Create one proposed entry for each new record that will be added. + diff --git a/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md b/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md index e0c2464466..3765ee00ff 100644 --- a/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md +++ b/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md @@ -30,8 +30,8 @@ can rest easy knowing there are no surprises. You must have an Enterprise Compliance license to benefit from this feature. -The basic steps for CPQ data tracking: +The basic steps for CPQ data tracking: -1. Ensure your org has been [scanned](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) at least once. -2. [Set up data tracking](/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md) for each tracked customization. -3. [Add](/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md) the tracked customizations to a policy. +1. Ensure your org has been [scanned](../installingstrongpoint/running_scanner.md) at least once. +2. [Set up data tracking](datatracking/set_up_data_tracking.md) for each tracked customization. +3. [Add](datatracking/set_up_data_tracking.md) the tracked customizations to a policy. diff --git a/docs/platgovsalesforce/changemanagement/using_change_logs.md b/docs/platgovsalesforce/changemanagement/using_change_logs.md index 5ae646dea8..e84bfcaa2c 100644 --- a/docs/platgovsalesforce/changemanagement/using_change_logs.md +++ b/docs/platgovsalesforce/changemanagement/using_change_logs.md @@ -12,7 +12,7 @@ the Salesforce record. Change Logs are accessed from the **Change Logs** tab or 1. Click **Change Logs** tab. 2. Change the **Recently Viewed** pinned list to show the types of Change Logs to view. For - example, **Data Tracking Changes** or **Profile and PermissionSet** changes. The **Details** and + example, **Data Tracking Changes** or **Fast Scan Permission Changes** changes. The **Details** and **Diff Summary** differ slightly depending on the selected **Metadata Type**. 3. Click a **Change Log Name** to open it. diff --git a/static/images/platgovsalesforce/change_management/add_records_change_request.webp b/static/images/platgovsalesforce/change_management/add_records_change_request.webp new file mode 100644 index 0000000000..36e516fd5f Binary files /dev/null and b/static/images/platgovsalesforce/change_management/add_records_change_request.webp differ diff --git a/static/images/platgovsalesforce/change_management/application_configuration_changes.webp b/static/images/platgovsalesforce/change_management/application_configuration_changes.webp new file mode 100644 index 0000000000..c37fa3a571 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/application_configuration_changes.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_scan_scheduler.webp b/static/images/platgovsalesforce/change_management/data_scan_scheduler.webp new file mode 100644 index 0000000000..4fb9ec9c43 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/data_scan_scheduler.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_apex_filter.webp b/static/images/platgovsalesforce/change_management/data_tracking_apex_filter.webp new file mode 100644 index 0000000000..5a8bf944e0 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/data_tracking_apex_filter.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_changes_listview.webp b/static/images/platgovsalesforce/change_management/data_tracking_changes_listview.webp new file mode 100644 index 0000000000..2cacced22c Binary files /dev/null and b/static/images/platgovsalesforce/change_management/data_tracking_changes_listview.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_customfield.webp b/static/images/platgovsalesforce/change_management/data_tracking_customfield.webp index c1dd094480..68c748b33f 100644 Binary files a/static/images/platgovsalesforce/change_management/data_tracking_customfield.webp and b/static/images/platgovsalesforce/change_management/data_tracking_customfield.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_deployment.webp b/static/images/platgovsalesforce/change_management/data_tracking_deployment.webp index 673df8ebaf..838ab82891 100644 Binary files a/static/images/platgovsalesforce/change_management/data_tracking_deployment.webp and b/static/images/platgovsalesforce/change_management/data_tracking_deployment.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_recommended.webp b/static/images/platgovsalesforce/change_management/data_tracking_recommended.webp index eba45d1a41..ebf0f9f3f8 100644 Binary files a/static/images/platgovsalesforce/change_management/data_tracking_recommended.webp and b/static/images/platgovsalesforce/change_management/data_tracking_recommended.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_report_filter.webp b/static/images/platgovsalesforce/change_management/data_tracking_report_filter.webp new file mode 100644 index 0000000000..081811ad2a Binary files /dev/null and b/static/images/platgovsalesforce/change_management/data_tracking_report_filter.webp differ diff --git a/static/images/platgovsalesforce/change_management/data_tracking_test_dependency.webp b/static/images/platgovsalesforce/change_management/data_tracking_test_dependency.webp new file mode 100644 index 0000000000..884afa5883 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/data_tracking_test_dependency.webp differ diff --git a/static/images/platgovsalesforce/change_management/discount_schedule_change_log.webp b/static/images/platgovsalesforce/change_management/discount_schedule_change_log.webp new file mode 100644 index 0000000000..07d3c72c7d Binary files /dev/null and b/static/images/platgovsalesforce/change_management/discount_schedule_change_log.webp differ diff --git a/static/images/platgovsalesforce/change_management/netwrix_configuration_app.webp b/static/images/platgovsalesforce/change_management/netwrix_configuration_app.webp new file mode 100644 index 0000000000..1dfb1fe392 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/netwrix_configuration_app.webp differ diff --git a/static/images/platgovsalesforce/change_management/netwrix_permissions_assignment.webp b/static/images/platgovsalesforce/change_management/netwrix_permissions_assignment.webp new file mode 100644 index 0000000000..23aff04fe5 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/netwrix_permissions_assignment.webp differ diff --git a/static/images/platgovsalesforce/change_management/test_dependency_approval1.webp b/static/images/platgovsalesforce/change_management/test_dependency_approval1.webp new file mode 100644 index 0000000000..e3e47781bb Binary files /dev/null and b/static/images/platgovsalesforce/change_management/test_dependency_approval1.webp differ diff --git a/static/images/platgovsalesforce/change_management/test_dependency_approval2.webp b/static/images/platgovsalesforce/change_management/test_dependency_approval2.webp new file mode 100644 index 0000000000..94f4355dd1 Binary files /dev/null and b/static/images/platgovsalesforce/change_management/test_dependency_approval2.webp differ