Hardening PVWA servers in a domain

This topic describes the hardening procedures that you perform when a PVWA server is part of a domain.


When PVWA servers are part of a domain, you must back up the existing Group Policy Object (GPO), and create a new one.

Import a GPO file to an Active Directory domain

  1. Open the Group Policy Management Console (GPMC.msc).

  2. Under your domain, right-click Group Policy Objects, and select New.

  1. Enter a new name for the GPO, for example, CyberArk PVWAHardening, and then click OK.


    Specify a name that indicates the purpose of the GPO. This name is displayed to all users.

  2. In the list of Group Policy Objects, right-click the new GPO that you created, and select Import Settings….

    The Import Settings Wizard appears.

  3. In the Welcome to the Import Settings Wizard window, click Next.

    The Backup GPO window appears.

    You do not have to back up as this GPO is new.

  4. Click Next.

    The Backup location screen appears.

  5. Click Browse… , and select the location of the folder where the hardening settings are stored, for example, PVWA\Hardening, and then click Next.


    Make sure you have unzipped the folder where the hardening settings are stored, PVWA\Hardening.

    The Source GPO window appears.

  6. Select the GPO that you created, and then click Next.

    The Scanning Backup window appears.

  7. Click Next.

    The Completing the Import Settings Wizard window appears.

  8. Click Finish.

    The Import window appears and shows the progress of the GPO import.

  9. When the GPO import process is complete, click OK.

Link GPO to a dedicated OU containing CyberArk servers

  1. Make sure all servers are located under a dedicated OU, so the GPO will not affect any other server.

  2. In the Group Policy Management Console, right-click the OU, and then select Link an Existing GPO.

  1. Select the relevant GPO, for example, PVWA Hardening, and then click OK.