×![]()
×
×![]()
×
×
Security Settings in OS Deployer | Secure Communication & Server Hardening
OS Deployer provides a comprehensive set of security controls to help IT administrators harden their Central Server and agent environment. These settings are grouped into basic and advanced categories, allowing organizations to ensure secure communication, enforce identity verification, and protect sensitive data across endpoints.
Understanding Security Settings
Security settings in OS Deployer are designed to:
- Ensure encrypted communication between agents and the server
- Prevent unauthorized access or tampering
- Help meet internal and regulatory security standards
These options are available under Admin > Security Settings in the product console.
Basic Security Settings
| Setting | Description |
|---|---|
| Subscribe to Security Advisory | Receive official security advisories via email by subscribing directly from the product. |
| Enable Security Recommendation Notifications | Get personalized server-hardening recommendations sent to your email. |
| Remove Default Admin Account | Eliminate the default admin account after initial login to minimize risk. |
| Enable Secure (HTTPS) Communication | Force the server to communicate over HTTPS only. Disable port 8020 in your firewall as an additional precaution. |
| Enforce Two-Factor Authentication (2FA) | Require technicians to complete an additional verification step before logging in. |
| Restrict Agent Uninstallation | Prevent users from removing the agent via the Control Panel to maintain control over endpoints. |
| Restrict Agent Service Stop | Ensure endpoints remain connected by preventing users from stopping the agent service. |
| Enable HTTPS for LAN and WAN Agents | Secure communication between agents and the server using HTTPS encryption. |
Advanced Security Settings
| Setting | Description |
|---|---|
| Use Third-Party SSL Certificate | Import a certificate from a trusted Certificate Authority (CA) to secure HTTPS communication. A default certificate is included with the server. |
| Disable Older TLS Versions | Enhance communication security by disabling legacy TLS protocols. Note: Older operating systems like Windows XP or Server 2003 may become unmanageable. |
| Use Secure Gateway Server | Protect your main server by routing communication through a Secure Gateway Server—a reverse proxy that shields the Central Server from direct exposure. Recommended for roaming users and remote offices. |
| Enable Agent-Server Trusted Communication | Ensure agents are verified before communicating with the server over HTTPS. Requires a valid third-party certificate. |
| Enable Certificate-Based Agent Authentication | Validate agents using client certificates during server communication. Make sure agent versions are up to date. |
| Encrypt Database Backups | Protect scheduled database backups with password-based encryption. |
| Secure Software Repository | Control access to the shared software repository (network share) using secure credentials to restrict unauthorized usage. |
Best Practices
- Enable security settings during initial deployment for baseline hardening.
- Regularly review which TLS versions and certificates are in use.
- Periodically audit technician accounts and authentication settings.
- Monitor communications to detect outdated agents or insecure access.
Yes No
Visit our community