Chat now with support
Chat with Support

Defender 6.5 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Domain Controller

Before updating the templates, you should remove the existing .adm templates and then proceed updating the templates.

To remove the administrative templates on Domain Controller

  1. Open the Group Policy Management (gpmc.msc).
  2. Right click on the GPO you have created, set Enforced to disable.
  3. Again, right click on the GPO, and on the shortcut menu, click Edit.

Group Policy Management Editor opens.

  1. In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies.
  2. Right-click the Administrative Templates node, and then click Add/Remove Templates.
  3. In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.

 

To update the administrative templates on Domain Controller

  1. Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
    1. Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
    1. In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
  2. Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings.

NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor.

  1. Right click the GPO in Group Policy Management, and then click Enforced to enable.

 

Client computer

To remove the administrative templates on client computer

  1. Open the Group Policy Management Editor (gpedit.msc).
  2. Expand Computer Configuration\Policies.
  3. Right-click the Administrative Templates node, and then on the shortcut menu, click Add/Remove Templates.
  4. In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.

 

To update the administrative templates on client computer

  1. Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
  2. Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.
  3. Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings

NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor.

Integration with Active Roles

The Defender installation package includes the Defender Integration Pack for Active Roles which extends the Active Roles functionality and allows you to perform Defender-related tasks from within the Active Roles console (MMC Interface) and the Active Roles Web Interface. For example, with this Integration Pack installed, you can assign, remove, test, recover, and program tokens, set Defender IDs and Defender passwords. Also you can enable the automatic deletion of tokens for deprovisioned users and use the Active Roles console to administer Defender objects and delegate specific Defender roles or tasks to the users you want.

Active Roles offers a practical approach to automated user provisioning and administration, for maximum security and efficiency. Active Roles provides total control of user provisioning and administration for Active Directory. For more information about Active Roles, please go to https://www.oneidentity.com/products/active-roles/.

NOTE: Always install OS with Native English language option. For any other language, add Language Pack [e.g German, French] to make Defender appear in ARS web console.

Installing Defender Integration Pack for Active Roles

Before installing the Defender Integration Pack for Active Roles, make sure the target system meets the system requirements listed in the Defender Release Notes.

To install the Defender Integration Pack for Active Roles

  1. On the target computer, run the ActiveRolesIntegrationPack.exe file supplied in the Defender installation package.
  2. Step through the Setup Wizard to complete the Integration Pack installation.

    In the Setup Wizard, you can select the following features for installation:

    • Active Roles Web Interface Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles Web Interface. The computer on which you plan to install this feature must have the Active Roles Web Interface installed. For more information about the commands this feature adds to the Active Roles Web Interface, see Commands added to the Active Roles Web Interface.
    • Active Roles Console Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles console (MMC Interface). After installing this feature, you can use the Active Roles console to manage Defender-related objects and perform Defender-related tasks. The steps you should perform in the Active Roles console to manage Defender objects are identical to those you perform in Microsoft’s Active Directory Users and Computers tool.For more information, see Managing Defender objects in Active Directory.
  3. After completing the Setup Wizard, restart the Active Roles Administration Service on the computer on which you have installed the Integration Pack.
  4. On each remote computer running the Active Roles Administration Service in your environment, install the Defender Integration Pack for Active Roles Administration Service.

    To install the Defender Integration Pack for Active Roles Administration Service, run the ActiveRolesAdminServiceIntegrationPack.exe file supplied in the Defender installation package, and then complete the wizard.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating