Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Administrative templates

The Defender distribution package includes Group Policy administrative templates you can use to configure additional features and options not available in the Defender Administration Console by default.

These administrative templates are supplied in the following files:

 

Table 35:

Defender Group Policy administrative templates

File

Provided functionality

DefenderGroupPolicy.adm

  • An option to limit the maximum configurable expiry time for the Temporary Helpdesk Token response feature.
  • Configuration options for programming software tokens through the Active Roles Web Interface.
  • An option to include a Send Mail feature allowing the sending of the token activation code by e-mail for a newly programmed software token.

DefenderBindingGroupPolicy.adm

A configurable performance enhancement for large installations.

In the Defender installation package, you can find these files in the folder Setup\Group Policy Templates.

Installing and configuring administrative templates

Installing and configuring administrative templates

To install the administrative templates

Create a new Group Policy Object:

  1. On a domain controller, open Group Policy Management (gpmc.msc).
    1. In the left pane (console tree), expand the appropriate forest node, and then expand the Domains node.
    2. Right-click the appropriate domain node, and then on the shortcut menu click Create a GPO in this domain and Link it here.
    3. In the New GPO dialog box, type a name for the GPO being created, and click OK.
  2. Add the Defender Group Policy administrative templates to the GPO you have just created:
    1. In the left pane (console tree) of Group Policy Management, right-click the GPO you have created, and then on the shortcut menu click Edit.

      Group Policy Management Editor opens.

    2. In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration | Policies.
    3. Right-click the Administrative Templates node, and then on the shortcut menu click Add/Remove Templates.
    4. In the dialog box that opens, click the Add button to add the Defender administrative template files DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm to the Current Policy Templates list.
    5. When you are finished, close the dialog box.

 

The Defender administrative templates are installed to Computer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Defender.

To configure settings provided by the administrative templates

  1. Start Group Policy Object Editor (gpedit.msc).
  2. In the left pane, select Computer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Defender.
  3. In the right pane, double-click the setting you want to configure.

The DefenderGroupPolicy.adm file provides the following settings:

The DefenderBindingGroupPolicy.adm file provides the ADSI Configuration setting.

Temporary Responses setting

Temporary Responses setting

You can use this setting to set a maximum limit on the expiry time for temporary helpdesk token responses. To enable this setting, select the Enabled option, and then from the Maximum expiry time list, select the maximum length of time that a temporary helpdesk token response can remain valid.

Now when you assign a temporary helpdesk token response to a user, the maximum expiry time for the response is set to the value defined by this setting.

Active Roles Web Interface - Token Programming setting

Active Roles Web Interface - Token Programming setting

You can use this setting to select the token types and token programming modes you want to make available for programming through the Active Roles Web Interface.

To enable this setting, select the Enabled option. Under Token Types, select the token types you want to make available for programming through the Active Roles Web Interface. Under Token Programming Modes, select the token programming modes you want to make available through the Active Roles Web Interface.

Documentos relacionados