Security and Privacy settings

Privacy Settings

The Privacy Settings tab is where you can enable password protection for exported reports and data anonymization.

To modify privacy settings:

1. Log in to ADManager Plus and navigate to the Admin tab.
2. Under General Settings, click Security and Privacy.
3. On the Security and Privacy page, enable the Privacy settings for GDPR/HIPAA compliance option if you'd like to enable data anonymization.
4. Check the Enable anonymization of ADManager Plus users' data while deleting their accounts option to irreversibly anonymize the identifiable information of users while deleting them.
5. Check the Allow technicians to export LAPS password in reports option to allow technicians to export LAPS password values in AD Explorer and Workstation Computers reports.
6. Under Data Security:
   • Check the Exported Reports option to password protect reports that are exported from ADManager Plus, and specify the password that must be used to view the reports.
   • Check the ZIP files option to password protect product ZIP files like database backups, audit archive logs, etc., and specify the password that must be used to open them.
7. Check Credentials for Shared Path Access to enforce authentication for shared path access. This setting can be configured under Admin > Privacy/Security Settings > Security Hardening.
8. Check the Help improve ADManager Plus by sending us the usage statistics option to forward anonymous usage stats to the ADManager Plus server to help us serve you better.
9. Check the Hide password in product GUI option if you'd like to hide the password from being displayed in the UI during password-specific tasks.
10. Click Save.

Security Hardening

This option allows you to view and configure the various security settings that enhance product security, from a single location. To help you easily ascertain how secure your ADManager Plus instance is, a Product Security Hardening score is calculated based on the configured security settings and displayed in the security hardening dashboard.

To configure security hardening settings in ADManager Plus:

1. On the Security and Privacy page, navigate to the Security Hardening tab.
2. Click the Configure button next to the respective security settings to configure them. The following security configurations are available to harden the security of ADManager Plus:
   • Auto-install hotfixes: Automatically download and deploy hotfix updates whenever a hotfix update is available. Click Configure, and toggle the Enable this option to auto-download and install hotfixes option on to automatically download and install hotfix updates. ADManager Plus has to be restarted to finish installing an update and you can choose to do it manually or automatically.
     • Select the Restart ADManager Plus manually after installing hotfixes if you'd like to manually restart your instance at another time.
     • Select the Restart immediately after installing hotfixes if you'd like to restart your instance automatically after installing a hotfix update.
     • Select the Auto-restart at a scheduled time to specify the time at which you'd like for your instance to be restarted after installing a hotfix update.
     Note:

     • ADManager Plus will check for hotfix updates at 11pm every day by default.
     • To get a detailed list of the hotfix updates that were downloaded and installed, click the View History option.
     • Ensure that the creator.zoho.com endpoint is whitelisted in your environment to auto-install ADManager Plus hotfix updates.
     • The auto-install hotfix option is not applicable for environments with high availability configured.
   • Enforce HTTPS: Establish a secure connection between the web browsers and the ADManager Plus web server. Click here to learn how to enable HTTPS in ADManager Plus.
   • Change the default admin's password: Change the default password and use a strong one to strengthen the security of the admin account. Click here to learn how to change the default admin account's password.
   • Enforce two-factor authentication: Add an additional layer of security while logging in to ADManager Plus. For more information on 2FA services available in ADManager Plus, refer to this help document.
   • Enable CAPTCHAs: Configure CAPTCHA settings after a specific number of invalid login attempts to mitigate bot-based attacks. Click here to learn how to enable CAPTCHAs in ADManager Plus.
   • Block invalid login attempts: Block a particular technician's account once a specific number of consecutive unsuccessful login attempts have been made. Click here to learn how to block invalid user login attempts in ADManager Plus.
   • Enforce LDAP over SSL (LDAPS): Set up an LDAP over SSL connection to secure the information exchange between ADManager Plus and the LDAP servers. Click here to learn how to enable LDAPS in ADManager Plus.
   • Enforce secure TLS: Ensure older TLS versions are disabled. ADManager Plus supports TLS versions 1.0, 1.1, and 1.2. Click here to learn how to enforce secure TLS in ADManager Plus.
   • Secure installation directory: Ensure that the installation directory is either C:\Program Files or C:\Program Files(x86) to limit access to run or alter the product to admins only.
   • Enforce authentication for shared path access: Configure custom service account credentials for shared path access without using the credentials of a service account configured in ADManager Plus. This authenticated path can be used when specifying storage options for scheduled reports.
3. Enable the Don't show alerts even if the recommended settings are not configured option to hide alerts on security hardening, regardless of the state of the recommended settings.