Best Practices
The following links represent a compiled list of recommended best practices for Verify Privilege Manager. You can reference these best practices as your system configuration is developed.
Administration
Security Algorithms
Introduces configurable Security Algorithms through: Verify Privilege Manager server settings, signature algorithms, and targeted agent settings.
Read and Write Access
Learn how to Prevent Read and Write Access to File Types or Locations using this best practice.
Service Accounts and IIS App Pool
IBM Security recommends Using a Service Account to run the IIS App pool.
Securing the IIS Server
This article presents a lit of items that can be implemented for Securing the IIS Server.
Active Directory
Active Directory Import - On-premise vs Cloud
Best Practice: Active Directory Import presents the nuances between on-premise and cloud import and provides instructions for each import.
Troubleshooting AD Sync
Best Practice: Troubleshooting AD Sync includes troubleshooting for: authentication, duplicates, and resource type keys.
Application Policies
Refer to this article for best practices specific to policy events.
Policy Feedback
Using Send Policy Feedback helps administrators to gather data, analyze patterns, and then assign actions to application events retrospectively.
Optimizing Compile Times
This method of Optimizing Compile Times uses an Exclusion Path to the application control agent to safeguard against increased compilation times that affect system performance.
Secondary File Filters
As a best practice you create an elevate policy with a priority elevates or allows specific scripts or files to run. Refer to Best Practice: Using a Secondary File Filter.
Installation and Upgrades
Upgrades
Best practices for upgrades include: DB backup and TMS folder backup prior to an upgrade, as well as a repair solution for upgrade errors.
macOS
Refer to this article for best practices specific to macOS System Preferences.
Notifications on macOS
The ability to manage notification settings on an endpoint allows the user to be able to see the notifications that isvp-manager sends out.