Chat now with support
Tchattez avec un ingénieur du support

Authentication Services 4.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting

Group Policy

Microsoft Group Policy provides excellent policy-based configuration management tools for Windows. Group Policy allows you to manage Unix resources in much the same way. Group Policy allows you to consolidate configuration management tasks by using the Group Policy functionality of Microsoft Windows Server to manage Unix operating systems and Unix application settings.

To open Group Policy, click Group Policy on the left navigation panel of the Authentication Services Control Center.

Administrative interface

In order to achieve seamless integration with the Group Policy user interface, the Group Policy interface is written as a Microsoft Management Console (MMC) snap-in extension. It is specifically designed to transparently plug into the Group Policy Object Editor (GPOE) console. The policies necessary to provide Unix management from the GPOE are integrated into the existing GPOE policy namespace.

With Group Policy, administrators use the same familiar tools (the GPOE) to manage Unix group policies as they use to manage Windows group policies. Because Group Policy adheres to the same Group Policy association and application rules, administrators are able to quickly generate useful policies for management of Unix configuration settings without significant user interface training.

Unix agent technology

In order to deliver the expected Group Policy functionality for Unix, the Group Policy client-side components for Unix are designed to mirror the functionality of the Microsoft Group Policy client-side components for Windows. Specifically, Group Policy provides an extensible infrastructure for writing Unix client-side extensions (CSEs). The flexibility of Group Policy's client-side components allows Group Policy to offer a limitless resource for creating configuration management strategies.

Group Policy ships with several client-side extensions that provide the basis for managing many aspects of Unix operating systems and applications. Developers can extend Group Policy by adding CSEs. Administrators can use Administrative Template (ADM) files to add custom Unix policy settings.

Group Policy uses the same Group Policy object processing model that is used by the Windows winlogon service including scoping and filtering of Group Policy objects. Policy settings applied through Group Policy are "non-tattooing." The Group Policy agent also provides tools for calculating the Resultant Set of Policy (RSoP) before and after policy application.

Concepts

Group Policy consists of both agent and server software. You install the agent software on Unix computers and use it to apply Group Policy settings. The server software extends existing Microsoft frameworks for managing Group Policy. After installing the Group Policy agent-side extensions, administrators interact mostly with the server-side extensions which enable Unix policy configuration.

Documents connexes