ADSI Configuration setting
This setting provides a configurable performance enhancement for large installations by ensuring that for read and write operations, Defender always uses the domain controller to which the Active Directory Users and Computer (ADUC) tool is connected.
When this setting is enabled and the Allow serverless bind check box is cleared, Defender reads and writes data in Active Directory by using the domain controller to which ADUC is connected.
When this setting is enabled and the Allow serverless bind check box is selected, Defender relies on the Active Directory Service Interfaces Editor (ADSI Edit) tool to select a domain controller through which it can read and write data in Active Directory. This is also the default Defender behavior when this setting is not enabled.
Updating Administrative templates from .adm to .admx
You can follow the steps mentioned below to update administrative templates from .adm to .admx on both Domain Controller and Client computer.
Domain Controller
Before updating the templates, you should remove the existing .adm templates and then proceed updating the templates.
To remove the administrative templates on Domain Controller
- Open the Group Policy Management (gpmc.msc).
- Right click on the GPO you have created, set Enforced to disable.
- Again, right click on the GPO, and on the shortcut menu, click Edit.
Group Policy Management Editor opens.
- In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies.
- Right-click the Administrative Templates node, and then click Add/Remove Templates.
- In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.
To update the administrative templates on Domain Controller
- Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
- Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
- In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
- Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings.
|
NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor. |
- Right click the GPO in Group Policy Management, and then click Enforced to enable.
Client computer
To remove the administrative templates on client computer
- Open the Group Policy Management Editor (gpedit.msc).
- Expand Computer Configuration\Policies.
- Right-click the Administrative Templates node, and then on the shortcut menu, click Add/Remove Templates.
- In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.
To update the administrative templates on client computer
- Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
- Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.
- Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings
|
NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor. |