Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Managing Patch Manager Users and Security > Default Roles

Default Roles

Created by Caroline Juszczak, last modified by MindTouch on Jun 23, 2016

Views: 33 Votes: 0 Revisions: 3

By default, Patch Manager includes the server's local Administrators group in the following security roles, named for the original developer of the product:

Important Note: In Active Directory environments, users in the Domain Admins group are default members of every domain member system's local Administrator group. If you do not want to grant membership to these two Patch Manager security roles to all Domain Admins, modify your Patch Manager security role membership as needed.

EminentWare Users

This role grants access to the Patch Manager console. In order to be able to do anything in the console, users in this role must also be members of at least one other security role. Similarly, users in other roles must be a member of this role in order to access the console.

EminentWare Enterprise Administrators

This role grants full access to all Patch Manager functionality. This is the only security role authorized to manage memberships in security roles from within the Patch Manager console. That said, Windows users outside of this security roles could potentially alter memberships in the following ways:

  • By using the MMC Authorization Manager snap-in
  • By altering the EminentWare.BusinessObjects.xml file

Patch Manager uses the AuthZ credential management features native to Windows operating systems. If any users that are not in the EminentWare Enterprise Administrators security role have access to the MMC Authorization Manager snap-in, you should revoke that access if possible.

Patch Manager stores its authorizations in the following location:

%PROGRAMFILES%\SolarWinds\Patch Manager\Server\EminentWare.BusinessObjects.xml

If any local administrator on the Patch Manager server is not a member of the EminentWare Enterprise Administrators security role, you should block access to this file, and preferably the entire ~\Server folder, if possible.

Last modified
01:11, 23 Jun 2016