Skip to content

What are the Recommended Steps to Deploy the Securden Endpoint Privilege Manager?

Once Securden Endpoint Privilege Manager is installed, you need to deploy the agents on the endpoints that need to be governed using the EPM solution. Rolling out the endpoint privilege manager includes installing the agent on endpoints, discovering the applications being used, understanding the use of admin rights by users, and creating policies to support the workforce while fully enforcing the security measures.

While rolling out the Securden Agent on endpoints in your network, adhere to the following recommendations for a smooth experience.

1) Create a plan for installing the Securden Agent

The Securden agent must be installed on all endpoints that need to be managed using the EPM. These might run on Windows, Mac, and Linux. Securden provides the installation package for each operating system separately.

The Securden Agent can be pushed to domain joined Windows machines from the central server through integration with Active Directory and Azure AD. Securden also supports installation of the agent through GPOs and SCCM for large deployments.

However, for non-domain Windows devices, and devices running on Mac and Linux, the agent must be manually installed or deployed through a patch management solution.

Given the options, it is important to have a plan of action to cover all the required devices in your deployment plan.

2) Ensuring Connectivity from Endpoints to EPM

Once the agents are deployed on the endpoints, they connect with the EPM server to fetch policies, manage requests, report application usage data, among other critical functions. The agents can work with the latest information if connectivity with the server is severed. However, it is advisable to ensure that the agent on the endpoint is able to reach the server at the set time interval for critical functions such as request based admin access to work seamlessly.

3) Permissions for Connecting to Active Directory and Azure AD

If you are using Active Directory or Azure AD (Entra ID), you would have to grant Securden EPM the permissions required for importing users and devices. In Active Directory environments, you need to provide the username and password of a user account with the delegated permissions to read the entire directory.

You can also enforce Active Directory port verification before connecting to the AD. Navigate to Admin >> Configurations and find AD Port Check under Miscellaneous. You can enforce this option to enforce AD port verification before initiating connection.

If you are using Azure AD for this purpose, you need to grant the following API permissions to the enterprise application you create for Securden. You can refer to the detailed steps in the administrator’s guide.

  • User.Read.All

  • Group.Read.All

  • Domain.Read.All

Once the required domain devices are onboarded, you can install the Securden Agent on these endpoints.

4) Enforcing Device Validation

When importing and synchronizing computers from AD, you have the option to validate the device being imported. Sometimes, the active directory might retain the computer details of devices that have been removed and devices that don’t physically exist.

If validation is enforced, Securden will not import ghost machines that do not exist outside the Active Directory. Navigate to Admin >> Configurations and find Validate Devices During Import.

5) Ensuring the tamper proofing measures are enforced

The Securden Agent is installed on the endpoints, and it monitors and governs local administrator privileges. Securden provides measures that prevent users from uninstalling the Securden agent. Apart from these measures, you can enforce authnetication for uninstalling the Securden agent.

Navigate to the Admin >> Configurations in the web interface and find the Agent Uninstall Workflow under the Agent Configuration tab. Enforce this option and provide a password/passphrase for uninstalling the Securden Agent.

6) Road to Eliminating Admin Rights

Before removing admin rights, you need to enforce measures in place that would take care of end user needs to run certain applications with admin rights.

Agent Learning Mode

To get the most accurate insights on application usage, you need to gather data from the endpoints. The Securden Agent can run in learning mode where the agent simply collects data on admin rights usage and application usage.

Application Repository

Before creating new application control policies ensure that all the applications that are regularly used by employees are added to the application repository. The agent automatically onboards applications when in learning mode. If anything needs to be added, you can add them manually from the Applications tab in the web interface.

Creating Policies

You can create policies that would elevate the privileges of certain approved applications or make use of the built-in policies as a quick solution. These built-in policies can help in the short term, but it is advisable to create policies of your own from insights derived from the different reports accessible from the web-interface.

Removing Admin Rights

Once the policies are pushed into effect, you can go ahead and remove admin privileges from the local accounts. When removing admin rights, you can create an exclusion list and demote every other user account across the organization.

This way, you would know for sure which accounts have admin rights.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.