Chat now with support
Chat mit Support

Active Roles 8.0.1 LTS - Feature Guide

Introduction Administrative rules and roles Using Active Roles Configuring and administering Active Roles FIPS compliance LSA protection support

Delegating user access to the Active Roles Console

By default, after installing Active Roles, every user can log in to the Active Roles Console (also known as the MMC Interface). To restrict user access to the Console, in the Configuration Center, use the MMC Interface Access > Modify menu, then select the Restrict Console (MMC Interface) access for all users option.

Doing so restricts all non-Active Roles Admin users from using the Active Roles Console.

TIP: You can give Active Roles Console access later to selected users with the User Interface Management - MMC Full control Access Template (AT) of the Active Roles Console. This AT gives access permission to the Server Configuration > User Interfaces > MMC Interface object.

For more information on how to use ATs, see Applying Access Templates in the Active Roles Administration Guide.

Configuring Active Roles logging settings

The Active Roles Configuration Center also allows you to manage the logging settings of the various Active Roles components. As part of this, you can:

  • Enable or disable logging for each Active Roles component.

  • Open the location of the various component log files.

  • Open the component logs directly in the Active Roles Log Viewer utility.

To view, configure and manage Active Roles logs, in the Configuration Center, navigate to the Logging page. Once opened, the page lists the following information:

  • Component: The name of the Active Roles component producing the log, such as the Administration Service or the Active Roles Console.

  • Logging: Indicates whether logging is enabled or disabled for the component, and shows the logging level (Basic or Verbose). While Basic logging includes only errors, warnings and informational messages in the log files, Verbose logging also adds debugging and tracing messages.

  • Log location: Indicates the full path of the log file.

The toolbar of the Logging page allows you to perform the following log management tasks:

  • To enable or disable logging for a component, or change the logging level, select the component in the list, then click Modify.

  • To open the folder that contains the log file(s) of a component, select the component in the list, then click Browse with Explorer.

  • To open the Administration Service log in the Active Roles Log Viewer utility, select Administration Service in the list of components, then click Open in Log Viewer. For more information, see Active Roles Log Viewer.

Configuring Solution Intelligence

You can enable or disable Solution Intelligence in the Active Roles Configuration Center for your Web Interface sites. Solution Intelligence is an optional Active Roles feature used by One Identity to gather standard telemetry data about your Active Roles deployment, containing load, performance and usage metrics, exception reports, and other diagnostic information used to improve Active Roles.

Solution Intelligence is disabled by default.

Active Roles Configuration Shell

The ActiveRolesConfiguration module (also known as the "Configuration Shell") provides cmdlets for configuring Active Roles Administration Service instances and Web Interface sites. The names of the cmdlets provided by this module start with the AR prefix, such as New-ARDatabase, New-ARService, or New-ARWebSite.

NOTE: Consider the following when planning to use the ActiveRolesConfiguration module:

  • This module is available on 64-bit operating systems only.

  • You can only install this module on computers where the Administration Service or Web Interface modules are also installed. Otherwise, the module will not provide all cmdlets.

The following table lists the cmdlets of the Configuration Shell.

Table 1: Configuration Shell Cmdlets

Command

Description

Get-ARComponentStatus

Returns the installation and configuration status of the Active Roles components.

New-ARDatabase

Creates a new Active Roles database.

Import-ARDatabase

Transfers Active Roles configuration data or management history data from one database to another.

Backup-AREncryptionKey

Backs up the current encryption key of the configuration database in the local Administration Service instance into a file.

Restore-AREncryptionKey

Restores the configuration database encryption key from a backup file to the local Administration Service instance.

Reset-AREncryptionKey

Creates a new encryption key for the configuration database in the local Administration Service instance.

New-ARService

Creates the Active Roles Administration Service instance on the local computer.

Get-ARService

Gets the status of the Active Roles Administration Service instance from the local computer.

Set-ARService

Modifies the Active Roles Administration Service instance on the local computer.

Start-ARService

Starts the Active Roles Administration Service instance on the local computer.

Stop-ARService

Stops the Active Roles Administration Service instance on the local computer.

Restart-ARService

Stops and starts the Active Roles Administration Service instance on the local computer.

Remove-ARService

Deletes the Active Roles Administration Service instance from the local computer.

Test-ARServiceDatabaseSettings

Verifies whether the specified Active Roles database settings would cause Management History issues due to setting separate Configuration and Management History databases.

Get-ARServiceStatus

Gets the Active Roles Administration Service status information from the local computer.

Get-ARVersion

Gets the version of the local Active Roles installation.

New-ARWebSite

Creates a new Active Roles Web Interface site.

Get-ARWebSite

Gets the Active Roles Web Interface sites from the web server.

Set-ARWebSite

Modifies the specified Active Roles Web Interface site on the web server.

Remove-ARWebSite

Deletes the specified Active Roles Web Interface site from the web server.

Get-ARWebSiteConfig

Gets Web Interface site configuration objects from the Active Roles Administration Service.

Export-ARWebSiteConfig

Exports the specified Web Interface site configuration to a file.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen