Role-Based security
Ghost Solution Suite provides a security system based on associating job and computer objects with user and group permissions. This allows IT personnel to be assigned to different security groups to manage operations on specific computer groups or job folders. Each security group can then perform only a defined scope of deployment operations on each computer group or job folder. In addition, each user can be assigned rights to access general console features.
Note: Security rights and permissions set in one console will be enforced in all Ghost Solution consoles.
Best Practices for Ghost Solution Suite Security
Ghost Solution Suite is based on defining groups of users and groups of computers and jobs, and then associating one with another. It is recommended that you first create user groups based on either administration duties or access to levels of deployment operations. For example, you will most likely set up a group with full Administrator rights. This group will have access to run all operations on all computers using all types of jobs.
No permissions need to be set on each computer group or job folders for the Administrator group because they have full rights to all features and resources. However, you may also want to set up a Technician group that has only basic access and permissions limiting deployment operations. This will prohibit members of the group from re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You can explicitly Allow or Deny the group from running these operations for each computer group in the Computers pane or each job folder in the Jobs pane.
After creating the technician group, you can limit their rights to set General Options and then set permissions on each computer groups and job folders for the group. You can select the computer group, right-click and select Security. Then select the group name in the left pane, and click Allow or Deny for a list of deployment operations. For example, you can select the Deny check box for Restore, Schedule Create Disk Image, and Schedule Distribute Disk Image.
Additional groups can be created with different rights and permissions depending on the needs and responsibilities in the IT team. If users are assigned to multiple groups, the Evaluate Permission and Evaluate Rights features will sort and display effective permissions and rights.
Defining the Options
Options Console
- This allows you to set Console options.
- Set basic console features for miscellaneous refresh actions and warning messages.
- Scan resource files for changes every ____ seconds. Specify how frequently (in seconds) that the Ghost Solution Suite Server Console updates its view of package files in the Resources view.
- Warns user when no tasks are assigned to the 'default' condition. When a job is assigned to computers and the Default condition has no tasks assigned, then a message box will appear. The job has no secondary default tasks assigned if a computer in the group does not meet the primary conditions.
- Refresh displayed data every ____ seconds. Refresh the display of data accessed from the Deployment Database. This allows you to refresh console data at defined intervals rather than updating every time the Deployment Server Console receives a command from the server, which can be excessive traffic in large enterprises.
Options Global
- Allows you to set Global options.
- Delete history entries older than _____ days. Specify the number of days an entry is kept in the history until it is deleted. If the number of days is set to 0, no entries will be kept in the history. If this option is not selected, log entries will remain in the history.
Ghost Solution Suite 3.x
- Tools > Options > Global tab.
- Select to Delete history entries older than <30> days and Remove inactive computers after <30> days.