Lansweeper customers frequently ask our customer experience team about the best way to properly set up Lansweeper in a secure way. That's because when you first set up Lansweeper, by default, everyone has access to all of the Lansweeper features and menus to ensure the first-time usage goes smoothly. But allowing everyone full access may not be the most secure approach.
Fortunately, Lansweeper enables you to restrict access and customize what users can see or do in the platform, once they've been given access. You can assign built-in or custom user roles and permissions to groups or individuals, for more control over user actions.
In this blog post, we cover 5 recommendations for setting up Lansweeper in a secure way that meets the needs of all users.
1. Disable the Built-in Admin Setting
Under the Configuration/Website Settings menu, be sure to uncheck Allow Built-In Admin, so users can only log in with their Windows user account. This will ensure access is restricted to what you've configured for that role.
2. Restrict Access to the Web Console
Browse to the Configurations/Website Settings section of the web console and click Edit to grant full access to specific user groups. You'll see a popup of user groups to choose from, and you can also submit a group manually using the format NetBIOS domain name\group name. These groups of users will be able to access Lansweeper's help desk functionality to submit tickets, however, they will not be able to respond to tickets or access any other functionality within Lansweeper unless you explicitly grant them additional permissions. Read this article for more in-depth information on restricting access to the web console.
3. Create Roles
Browse to the Configuration/User Access & Roles section of the Web Console, and click Add Role to create a user role with a unique set of permissions. You can then assign the role to groups or users. Alternatively, you can choose one of our built-in role templates, which have predefined permissions for accessing various functions within Lansweeper. Read this article to learn what permissions pertain to each of the roles.
4. Assign Roles to User Accounts
Now that you've set up your accounts and user roles, it's time to connect them. Go to Users, and assign a built-in role or custom role to your user accounts. You can also assign roles to Active Directory user groups. Lansweeper will provide a list of groups to choose from, and you can also manually submit a group. We recommend assigning at least one user or group full access using the Administrator + Agent role, or a custom role that provides full access rights.
5. Obtain an SSL Certificate That's Valid for Your Web Console's Domain
Once you have a certificate, install it on the computer running your web console. You must add the public and private key of the certificate, e.g. using a .pfx file. You can bind the certificate to the HTTPS port of the Web Console. Here's an article that explains how to do this using IIS Express.
Apart from these five recommendations, Lansweeper security is automatically covered by a robust AD password/MFA policy, just like all of the other resources and servers.
Let's Work Together to Ensure Security
While Lansweeper provides many powerful security features you can use to restrict or enable access and protect your IT asset data, remember that security is everyone's responsibility. It's important to take some time to evaluate and apply the appropriate security measures for your infrastructure, based upon your specific business needs. Additionally, if your web server is publicly exposed for help desk purposes, for example, we recommend always changing the default logins and credentials immediately after set-up.
Finally, at Lansweeper, we are continuously looking for ways to strengthen the security of our code and our software. It's critical to stay on top of updates and patch management, to ensure you have access to the latest, most powerful security features our platform offers.
Security at Lansweeper
Security and compliance are top priorities for Lansweeper. We value the sensitivity of your asset data and are protecting that data adequately. Lansweeper has defined a security framework based on recognized industry standards and taking into account the legal, regulatory, contractual, and business requirements. The framework is supported by security governance principles, security processes, security policies, and security measures chosen to protect the information we have and manage.
We have committed ourselves to be a trustworthy service provider and can demonstrate this through our SOC 2 (ISAE 3000) attestation report, evaluated by a third-party auditor. Our SOC 2 report focuses on Lansweeper's systems and controls as they relate to security and demonstrates we have adequately designed and implemented our processes and controls to meet those high standards. Read more about Lansweeper's approach to security here.
Technical Product Evangelist at Lansweeper Maximizing IT Asset Management proficiency by empowering end-users to take full advantage of their toolset.