Limiting Access to the M-Files Admin Tools Console

Hello,

We are using M-Files on-premises. We are looking for a way to limit the access to the M-Files Admin Console.
In our organization there are multiple members in the Domain Admin group who can log on to any server. Having that in mind, it is possible for any of them to log onto any of the M-Files servers, click on the System Administrator and Full Access of Vault options and enable them for their domain admin user account. That way someone can access sensitive information - e.g. salary info or other.

Is there a way to limit the access to M-Files Admin only and not to the server on which M-Files is installed ?

I have tested disabling or deleting the M-Files login account for a domain admin user account but I still can access M-Files Admin.

Parents
  • Server administrators will always have full access to the system, one reason for this is to prevent you from accidentally locking yourself out of M-Files (forgotten password etc.). Also, if you are a local admin you have full access to that server anyway (including disk, registry, etc.) so protecting against malicious administrators on application level is always more or less futile.

    In high sensitive environments successful workaround has been combination of reviewing the admin login procedures (like adding alarms for admin logins or even requiring two persons to take action to log in to "sensitive" servers) and M-Files audit logging (for example exporting vault event logs to a remote file share with the Log Exporter add-on module) so that rogue actions like giving yourself full control in an HR vault or creating a new user can be traced (or alarms set for those kinds of actions).
    I hope this helps.
Reply
  • Server administrators will always have full access to the system, one reason for this is to prevent you from accidentally locking yourself out of M-Files (forgotten password etc.). Also, if you are a local admin you have full access to that server anyway (including disk, registry, etc.) so protecting against malicious administrators on application level is always more or less futile.

    In high sensitive environments successful workaround has been combination of reviewing the admin login procedures (like adding alarms for admin logins or even requiring two persons to take action to log in to "sensitive" servers) and M-Files audit logging (for example exporting vault event logs to a remote file share with the Log Exporter add-on module) so that rogue actions like giving yourself full control in an HR vault or creating a new user can be traced (or alarms set for those kinds of actions).
    I hope this helps.
Children
No Data