Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
By default, Patch Manager includes the server's local Administrators group in the following security roles, named for the original developer of the product:
Important Note: In Active Directory environments, users in the Domain Admins group are default members of every domain member system's local Administrator group. If you do not want to grant membership to these two Patch Manager security roles to all Domain Admins, modify your Patch Manager security role membership as needed.
This role grants access to the Patch Manager console. In order to be able to do anything in the console, users in this role must also be members of at least one other security role. Similarly, users in other roles must be a member of this role in order to access the console.
This role grants full access to all Patch Manager functionality. This is the only security role authorized to manage memberships in security roles from within the Patch Manager console. That said, Windows users outside of this security roles could potentially alter memberships in the following ways:
Patch Manager uses the AuthZ credential management features native to Windows operating systems. If any users that are not in the EminentWare Enterprise Administrators security role have access to the MMC Authorization Manager snap-in, you should revoke that access if possible.
Patch Manager stores its authorizations in the following location:
If any local administrator on the Patch Manager server is not a member of the EminentWare Enterprise Administrators security role, you should block access to this file, and preferably the entire ~\Server folder, if possible.