Hi,
We are familiar with the four-eyes protection, but this doesn’t answer our need.
We have Sysadmins and help desk users that need to distribute workstations or servers in regular basis even couple of times in hour, but we want to limit the users to have the ability to distribute only to maximum of 5 devices in a single action, is it possible?
The reason we need that is to have the protection against human mistake.
Regards,
Advanced options for targeting restrictions
The options listed in the following table take effect only if the corresponding registry keys are not set on the consoles or if the keys are set to the default values.
targetBySpecificListLimit
Specifies the maximum number of computers that can be targeted by individual selection.
targetBySpecificListWarning
Specifies the threshold for the number of computers that can be targeted by individual selection before the console displays a warning message.
I believe these are global settings for all console users, so setting the physical limit of 5 machines might make some admins lose their mind (e.g., if they had to send 200 actions to target 1000 machines with a task). Therefore, the warning might be more suitable for your environment, as it still allows targeting a large number of machines (although it doesn’t eliminate the risk), but doesn’t restrict others that DO need to send actions to large numbers of machines.
(Unless you set this as a minimum setting and then give access to more machines to specific users. I’m sure others will have more details about this feature.)
This information is from:
Btw, I found it interesting that when I did a quick search on the web about this, a few relevant results came back, including my reply to someone else about this very topic a while ago. Basically I suggested that people need to understand that IEM is a very powerful (dangerous?) tool and therefore people need to be trained properly, advised of the risks and take responsibility for what they do with it.
Hi,
good call thanks for the information, although it seem this doesn’t solve the Group targeting risk, is there any option get over that also?
can i do 4 eyes protection only on high number of targeted computers?
4 eyes protection is a per operator setting. If you require 4 eyes authentication for an operator, then it is required for all actions by that operator.