Configure EPM service settings
This topic describes how to configure EPM service parameters.
Overview
In the Advanced area of the EPM service management console, you can review and update agent, service, and video recording configuration parameters, and custom security tokens.
When you make modifications in the configuration, they are not immediately saved, but the color of the Save button at the upper right corner changes to green, and you must click this button to save the change. To reset the configuration to its default, click Reset to CyberArk EPM Defaults.
Server configuration
The Server Configuration settings enable you to review and update several Server Configuration parameters.
In the EPM Management Console, go to Advanced à Server Configuration.
Server time settings
|
Parameter |
Description |
|---|---|
|
Deletion (Days) |
The period of time after which an End-user computer, which is acknowledged as "Disconnected", is deleted. Default value: 30 |
Time presentation
|
Parameter |
Description |
|---|---|
|
General Time Presentation |
Whether to use the browser time zone or a custom time zone for presentation of time in the EPM console. Default value: Custom time zone Valid values: Custom time zone, Browser computer time zone |
|
General Presentation Time Zone |
The time zone to use when the 'General Time Presentation' value is set to 'Custom time zone'. Default value: The time zone defined in the EPM Management Server. |
Common settings
|
Parameter |
Description |
|---|---|
|
Show events in Events Management based on policy targets |
Determines which events from applications managed by EPM policies are displayed in the Events Management page, according to specific, targeted users/computers.
Default value: Extended Valid values: Basic, Extended, All |
|
Sets the number of displayed results in the Events Management, Application Catalog, and Policies Audit pages. Set a lower number to improve performance. Default value: 250 Valid values: 250, 500, 750, 1000 |
Auto-synchronization of computer groups on the server
|
Parameter |
Description |
||
|---|---|---|---|
|
Synchronize Computer Groups |
Enables you to synchronize your computers and custom groups using a .csv file. Default value: Disable
|
RADIUS Servers Configuration
|
Parameter |
Description |
|---|---|
|
RADIUS Servers |
Details of the RADIUS servers that are integrated with EPM to enable multi-factor authentication before elevation. Default value: No entries |
Immediate enforcement agent
|
Parameter |
Description |
||
|---|---|---|---|
|
Enable downloading Immediate Enforcement Agent |
Whether users can download the Immediate Enforcement Agent MSI from the Download Center. Default value: Off
|
Credentials rotation
|
Parameter |
Description |
|---|---|
|
Security Key Encryption |
Enables the EPM to encrypt the Credentials Rotation security key. Default value: On |
Audit video configuration
The following parameters enable you to save audit videos on a network share. When this configuration is enabled, you cannot set the video file destination in Audit video configuration.
|
Parameter |
Description |
|---|---|
|
Enable Network Share for video files destination |
Enables EPM to save video audits on a network share. Default value: On |
|
Max. Movie Size (Mbytes) |
The maximum size of a single audit video file. Default value: 2048 |
|
Movie Upload Folder |
The network share where video audit files are saved. Default value: None (user-defined) |
|
Username |
The name of the user who has read/write access to the Movie Upload Folder. Default value: None (user-defined) |
|
Password |
The password of the user who has read/write access to the Movie Upload Folder. Default value: - |
|
Bandwidth |
The maximum bandwidth used by EPM agents while uploading video audit movies. Default value: 10 MB |
Custom tokens
By default, the EPM service uses the administrator access token to elevate applications. To implement a more stringent set of permissions, you can create a custom user access token and use it in an advanced Windows policy with the Elevate action. For more details, see Access Tokens.
|
We recommended you use the built-in tokens, as their content differs according to the Windows platform version. |
Add a custom token
-
In the EPM management console, go to Advanced > User access tokens, then click Create token.
-
Specify the name and description of the token.
-
Under User groups, add users and groups to include in or exclude from the token.
Click Add group and either type the name of a local or AD user or group, or click Find to use the CyberArk EPM Admin Utility to find it.
-
Under Token owner, select the user group that becomes the owner of any objects created by a process that uses this access token.
-
Under Privileges, click Set privileges and select the privileges that grant or deny access. When you update a token, you can choose to clear the existing privileges before applying the updated rules specified in the table.
-
Under Integrity Level, select the token’s integrity level.
By default, a token’s integrity level is High. This level enables resource managers, such as the file system, to use predefined policies that block processes of lower integrity or lower trustworthiness from reading or modifying objects created with the token.
-
Click Create.
My account
You can change your password and security question used to log in to EPM. If you forgot your password and request a password reset, your security question and answer are used to confirm that you, and no one else, requested a reset of your password.
Change your password
-
From the EPM Management Console, go to Advanced and then to My Account.
-
Enter your current password and your new password.
-
Click Change Password.
Change your security question
-
From the EPM Management Console, go to Advanced and then to My Account.
-
Enter your current password and your new security question and answer.
-
Click Change Security Question.
