After upgrading from ActiveRoles Server 6.x to Active Roles 7.x, some Active Roles Admins may note reduced access or no access at all.
For example, they may be missing the Configuration node in the Active Roles Console, or one or more Active Directory Domains may not be present with no option to re-add them.
During the installation of Active Roles, the installer will prompt for the User or Group which will hold the Active Roles Admin Role.
In ActiveRoles Server 6.9 and previous versions, the Local Administrators group on the machine hosting ActiveRoles Server will be designated as Active Roles Admins by default.
In Active Roles 7.0 and later versions, the BUILTIN\Administrators group in the domain hosting Active Roles will be will be designated as Active Roles Admins by default.
Active Roles Admins have unlimited access within the Active Roles Console and Web Interface. Any assigned Access Templates are ignored and are redundant.
NOTE: If the Defender Active Roles Server Integration Pack is in use, Active Roles Administrators will also be able to modify Defender properties for all Users, including assigning and programming tokens.
For versions of ActiveRoles Server prior to ActiveRoles Server 6.9 Patch 2
This configuration setting is stored in the registry on the machine hosting ActiveRoles Server, and is unique for each instance.
If you have more than one ActiveRoles Server instance, you will need to make the changes on each host.
For ActiveRoles Server 6.9 Patch 2 and later
The above registry key is respected by default, but there is also a new optional configuration which can be used in environments where ActiveRoles Administration needs to be very strictly monitored and controlled. When this configuration is leveraged, the value of ActiveRoles Administrators Group is encrypted and stored in the ActiveRoles Server configuration database itself, and any value stored in the registry key above is ignored. Only a User who has the ActiveRoles Administrators Role for that instance may modify the ActiveRoles Administrators Group once this configuration has been implemented.
This was implemented as Enhancement Request TF00342457 and is discussed in the release notes for ActiveRoles 6.9.0 Generic Patch 2
For Active Roles 7.0 and later