'Disallowed Servers for Auto-connect' setting
When applied to a computer running an Active Roles client application, such as the Active Roles Console, Web Interface or ADSI Provider, this setting determines the instances of the Active Roles Administration Service to which the client application is not allowed to auto-connect. This setting only affects the Administration Service instances that are published by Active Roles for auto-discovery.
If you enable this setting, you can specify a list of computer names identifying the computers running the Administration Service to which the client application is not allowed to auto-connect. In a computer name, you may use an asterisk wildcard character (*) to represent any string of characters. If a given computer is listed in this setting, then the client application is not allowed to auto-connect to the Administration Service on that computer unless the name or alias of that computer is listed in the Allowed Servers for Auto-connect or Additional Servers for Auto-connect setting.
If this setting is disabled or not configured, the client application normally auto-connects to any available Administration Service that is published by Active Roles for auto-discovery. However, you can use the Allowed Servers for Auto-connect and Additional Servers for Auto-connect settings to specify explicitly the instances of the Administration Service to which the client application should auto-connect.
'Additional Servers for Auto-connect' setting
When applied to a computer running an Active Roles client application, such as the Active Roles Console, Web Interface or ADSI Provider, this setting specifies the instances of the Active Roles Administration Service to which the client application auto-connects regardless of whether or not those instances are published by Active Roles for auto-discovery.
If you enable this setting, you can specify a list of computer names or aliases identifying the computers running the Administration Service to which the client application auto-connects even though it cannot discover the Administration Service on those computers by using Active Roles’s service connection points in Active Directory. If a given computer is listed in this setting, then the client application auto-connects to the Administration Service on that computer regardless of the Allowed Servers for Auto-connect and Disallowed Servers for Auto-connect settings.
If this setting is disabled or not configured, the client application auto-connects to any available Administration Service that is published by Active Roles for auto-discovery. However, you can use the Allowed Servers for Auto-connect and Disallowed Servers for Auto-connect settings to restrict auto-connection of the client application to specific instances of the Administration Service published for auto-discovery.
Loading the Administrative Template
The Administrative Template consists of the ActiveRoles.admx (ADMX) and ActiveRoles.adml (ADML) files. The ADML file is a language-specific complement to the ADMX file.
To load the Administrative Template to a domain-wide Group Policy object, you need to copy the ADMX and ADML files to the central store in the sysvol folder on a domain controller:
-
Copy the ADMX file to the %systemroot%\sysvol\domain\policies\PolicyDefinitions folder.
-
Copy the ADML file to the %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-US folder.
Create those folders if they do not exist. For more information about ADMX files, see Managing Group Policy ADMX Files Step-by-Step Guide.
Group Policy Object Editor automatically reads all ADMX files found in the central store of the domain in which the Group Policy object is created. You can configure Active Roles policy settings in Group Policy Object Editor by selecting User Configuration > Templates > Active Roles Snap-in Settings or Computer Configuration > Templates > Active Roles > Administration Service Auto-connect Settings, then apply the Group Policy object as appropriate.
Configuring federated authentication
Configuring federated authentication
Federated authentication (also known as claim-based authentication) allows users to access applications or websites by authenticating them against a certain set of rules, known as "claims". When federated authentication is configured, users are validated across multiple applications, websites or IT systems via authentication tickets or their token.
During claim-based authentication, authorization is performed by acquiring the identity-related information of users both for on-premises and cloud-based products. Based on the predefined claims to identify the users trying to access the applications or websites, a single token is created for each user. This security token is used to identify the user type once the user is successfully identified.
Active Roles supports federated authentication using the WS-Federation protocol, allowing users to access websites or sign in to an application once with the single sign-on option.