Direct Inward Dialing: +1 408 916 9393
This article lists some of the best practices that you can use to ensure additional protection for your ADManager Plus installation. You can implement these recommendations immaterial of whether you choose to deploy the product on-premises or on the internet.
By default, ADManager Plus will be installed in C:\ManageEngine folder. This will grant even non-admin users belonging to the Authenticated Users group, Full Control permission over the files in the bin directory.
It is designed this way so that any domain user can access the folder, and start or stop the product. But there are chances that this might allow any user of the Authenticated Users group, with a malicious intent, to tamper with the contents of the bin folder.
Removing Authenticated Users from ACL will not help, as this will allow only admin users to start ADManager Plus, as a service or application. Non-admin users will not be able to do this even if they are allowed to or when required, due to lack of privileges.
You have to modify the permissions of the folder. This can be done in two ways:
Click here for detailed information about this scenario, and the steps to modify the permissions of ADManager Plus installation folder.
The Employee Search, one of the popular features of ADManager Plus, is used as a Corporate Directory Search by many of our users. It is therefore enabled by default. Also, to use this search, a user doesn't have to log in to the product. However, there are chances that this search might be used by even unauthenticated users to look up other users and contacts in the organization, and view their personally identifiable information (PII).
Based on the specific needs of your organization, or for security reasons, you can:
Click here for the steps to customize or disable the Employee Search option.
If ADManager Plus' default admin password is not changed, there are chances that anyone who is aware of the default password might use it log in to the product, and perform malicious changes in your Active Directory (AD) or view information about AD objects.
We recommend that you change the default admin password, at least before you move to the deployment phase from the evaluation phase, for security reasons. You can change the default password in the 'My Account' section found in the top right corner of the product's web-console.
Click here for steps to change the default admin password.
If you need further information, have any questions, or face any difficulties in performing the recommended steps, please get in touch with us at firstname.lastname@example.org or +1-844-245-1108 (toll free).
Select a language to translate the contents of this web page:
Fill this form, and we'll contact you rightaway.
Our technical support team will get in touch with you at the earliest."