How to configure an automatic rollback action to keep changes made by permitted service accounts

Cayosoft Guardian can automatically rollback unwanted changes and keep changes made by permitted accounts.

NOTE: Changes made by Cayosoft Guardiancannot be automatically rolled back.

This article describes how to configure automatic rollback exceptions and how to manage gMSA permissions.

How to configure automatic rollback exceptions

To configure automatic rollback for all changes except changes made by specific service accounts:

1. Open Change History node.
2. Click All changes, click +Add, enter a name for a new saved query, and click Add.
3. Click New Alert.
4. Enable Automatic rollback action and click Save.
5. Select Automatic rollback action and click Properties.
6. Specify service account(s) by entering the UPN, domain\name or samAccountName to exclude in the Permitted accounts.

7. Click Save.

   EditSettingsPicHere

NOTE: Automatic rollback is not supported with read-only gMSA, so it should be elevated.

How to manage permissions

Two types of gMSA accounts are used in Guardian: Admin gMSA and read-only gMSA. Each serves specific roles in Guardian's operation, especially in environments where administrative privileges are carefully managed or restricted. For more information about the permissions, see Using gMSA in Cayosoft Guardian.

To elevate the permission:

1. Double-click the domain name and navigate to the Controllers tab.
2. Click Grant admin rights.

3. Enter Admin account name and Admin account password.

   grantAdminRightsPicHere

4. Click Grant.

To revoke the permission:

1. Double-click the domain name and navigate to the Controllers tab.
2. Click Revoke admin rights.

3. Enter Admin account name and Admin account password.

   revokeAdminRightsPicHere

4. Click Revoke.