This section describes automatic and manual procedures for hardening CyberArk's CPM and PVWA servers. These procedures were tested and reviewed by CyberArk's Research and Development department and CyberArk's Security Team. The automatic procedure and the manual procedure complement each other and, therefore, both must be applied.
When the CPM and PVWA server environments are part of Active Directory domain ('In Domain'), the automatic hardening procedure is based on a prepared GPO (Group Policy Object) file. However, when the CPM and PVWA server environments are not a part of Active Directory domain ('Out of Domain'), it is based on an INF file.
This section describes how to harden CyberArk's CPM and PVWA servers that are installed on Windows 2012R2, Windows 2016, and Windows 2019 Servers in 'In Domain' deployments as well as in 'Out of Domain' deployments.
In this section: