Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Managing Patch Manager Users and Security > Default Roles

Default Roles

Created by Caroline Juszczak, last modified by MindTouch on Jun 23, 2016

Views: 68 Votes: 0 Revisions: 3

By default, Patch Manager includes the server's local Administrators group in the following security roles, named for the original developer of the product:

Important Note: In Active Directory environments, users in the Domain Admins group are default members of every domain member system's local Administrator group. If you do not want to grant membership to these two Patch Manager security roles to all Domain Admins, modify your Patch Manager security role membership as needed.

EminentWare Users

This role grants access to the Patch Manager console. In order to be able to do anything in the console, users in this role must also be members of at least one other security role. Similarly, users in other roles must be a member of this role in order to access the console.

EminentWare Enterprise Administrators

This role grants full access to all Patch Manager functionality. This is the only security role authorized to manage memberships in security roles from within the Patch Manager console. That said, Windows users outside of this security roles could potentially alter memberships in the following ways:

  • By using the MMC Authorization Manager snap-in
  • By altering the EminentWare.BusinessObjects.xml file

Patch Manager uses the AuthZ credential management features native to Windows operating systems. If any users that are not in the EminentWare Enterprise Administrators security role have access to the MMC Authorization Manager snap-in, you should revoke that access if possible.

Patch Manager stores its authorizations in the following location:

%PROGRAMFILES%\SolarWinds\Patch Manager\Server\EminentWare.BusinessObjects.xml

If any local administrator on the Patch Manager server is not a member of the EminentWare Enterprise Administrators security role, you should block access to this file, and preferably the entire ~\Server folder, if possible.

Last modified