The Configure a User Allow Entry policy manages the Safeguard Authentication Services users.allow file. This file controls which users are allowed to log in to the host machine. If any allow rules are set, then a user must be allowed access through one of the configured allow rules or the user is denied.
To set up an allow entry
The Configure a User Deny Entry policy manages the Safeguard Authentication Services users.deny file. This file dictates users and groups that are explicitly denied access to the machine. Deny rules take precedence over allow rules.
To setup a users deny policy
Display specifiers are Active Directory objects that provide information about how other objects in the directory display in client applications.
Note: The Register Display Specifiers link only displays in the Control Center when display specifiers are not already registered with Active Directory. If the display specifiers are registered, Control Center does not display the link.
Because it is common to use the Find dialog in ADUC to manage users and groups, One Identity recommends that you register display specifiers with Active Directory. Registering display specifiers provides the following benefits:
Note: You must have Enterprise Administrator rights to register display specifiers.
You can inspect exactly which changes are made during the display specifier registration process by viewing the DsReg.vbs script found in the Safeguard Authentication Services installation directory. You can use this script to unregister display specifiers at a later time.
To register display specifiers with Active Directory
Note: The Register Display Specifiers link only displays in the Control Center when display specifiers are not already registered with Active Directory. If the display specifiers are registered, Control Center does not display the link.
While it is registering the display specifiers with Active Directory, Control Center displays a progress indicator. When the process is complete, Control Center indicates that display specifiers are registered.
Alternatively, you can register display specifiers from the command line, as follows:
DsReg.vbs /add
Note: To register One Identity Active Roles Server display specifiers with One Identity Active Roles Server, navigate to the installed location for Safeguard Authentication Services and run the following command:
DsReg.vbs /add /provider:EDMS
You must install the One Identity Active Roles Server management package locally or DsReg.vbs returns an "Invalid Syntax" error.
To see all the DsReg.vbs options, run the following command:
DsReg.vbs /help
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center