Javascript must be enabled to download our products and perform other essential functions on the website.

Buy Now Download Free Trial

This help page is for version 8.3. The latest available help is for version 9.3.

Security Protected Settings

There are many settings for PA Server Monitor which are available under:


There are a few settings that are important enough that some customers don't even want administrators to be able to make changes to them. For these cases, there are a few settings in:


A separate registry key is used so you can set additional access protections using the operating system to control who can change these settings. Be sure that the PA Server Monitor service can read these settings.


All settings below can be set to 1 or 0.

Older versions of the mobile application didn't support requesting a 2FA PIN. Set this to 1 to allow them to login without the PIN. Setting to 0 will require a PIN if 2FA is enabled for the user (see User Access).
When the Console on the Central Monitoring Service is run, if the user is a local administrator they are able to login without a username/password. To disable this, set this value to 1. See Remote Users for defining logins.
When exporting configuration data, sometimes passwords can be exported as well. Setting this value to 1 will disable exporting passwords.
The Execute Script monitor can request configured passwords for the device the script is running for. This can be disabled by setting this value to 0, or enabled by setting to 1.
SNAP Tunnels allow tunneling a connection to a remote device across the communication link between the Central Monitoring Service and a Satellite Monitoring Service. This is useful for getting to an RDP session on a remote device. Tunnels can be disabled completely by setting this value to 0 on the Central Monitoring Service, or set it to 0 on a Satellite to disable tunnels to that specific Satellite.
When a SNAP Tunnel is created, the creating user's access is checked to confirm they have access to the device. If connecting to an unmonitored device (perhaps by creating a tunnel from the External API) set this value to 1 to disable access checks.
The External API can create SNAP Tunnels and requires a username and password. To enable the legacy mode of not requiring credentials, set this value to 1.

PA Server Monitor

Help Map