Direct Inward Dialing: +1 408 916 9393
This article lists some of the best practices that you can use to secure ADManager Plus. You can implement these recommendations, regardless of whether you choose to deploy the product on-premises or on the cloud.
By default, ADManager Plus will be installed in C:\ProgramFiles\ManageEngine folder. In builds before 7210, in a few cases, users without administrative privileges who were part of the Authenticated Users group were given Full Control permission for the files in the installation directory. But there are chances that this might allow any user of the Authenticated Users group, with a malicious intent, to tamper with the contents of the bin folder.
Starting from 7210 release, the Authenticated Users group will be removed access to the installation directory, and only users in the SYSTEM, Administrators, Domain Admins groups, and the user account linked during installation will have default access.
If you are using builds prior to 7210, to remove the Authenticated Users group from ACL you can either manually modify the permission settings or use the SecureDeployment.exe file to automatically modify the settings.
Click here for detailed information about this scenario, and the steps to modify the permissions of ADManager Plus installation folder.
The Employee Search, one of the popular features of ADManager Plus, is used as a Corporate Directory Search by many of our users. It is therefore enabled by default. However, to suit the specific needs of your organization, or for security reasons, you might want to display only specific details of users and contacts in the search result, or might even prefer not to have this option at all.
Based on the specific needs of your organization or for security reasons, you can:
Click here for the steps to customize or disable the Employee Search option.
If ADManager Plus' default admin password is not changed, there are chances that anyone who is aware of the default password might use it log in to the product, and perform malicious changes in your Active Directory (AD) or view information about AD objects.
We recommend that you change the default admin password, at least before you move to the deployment phase from the evaluation phase, for security reasons. You can change the default password in the My Account section found in the top right corner of the product's web-console.
Click here for steps to change the default admin password.
ADManager Plus supports smart card, two-factor authentication (TFA), CAPTCHA, etc. and also allows you to block users in case of bad passwords, to enhance the security for user logon process and prevent unauthorized users from logging in. Click the links below for steps to configure the various options to secure the logon process for your users.
ADManager Plus offers a series of security and data privacy options to improve your management and reporting experience, secure access to the product, secure data disposal, and more. To learn how to configure the security and privacy settings in ADManager Plus, click here.
If you need further information, have any questions, or face any difficulties in performing the recommended steps, please get in touch with us at support@admanagerplus.com or +1-844-245-1108 (toll free).
Select a language to translate the contents of this web page:
Fill this form, and we'll contact you rightaway.
Our technical support team will get in touch with you at the earliest."
