You can reset the passphrase for a user. For example, you can do so if the user has forgotten the passphrase and the passprhase has been locked. In order you could reset the passphrase, the user must provide to you the challenge code generated by the token.
To reset the passphrase for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate domain node to select the container that contains the user.
- In the right pane, double-click the user object.
- In the dialog box that opens, click the Defender tab.
- In the Tokens area, select the token, and then click the Recover button.
- In the dialog box that opens, use the Challenge text box to type the challenge code provided to you by the user, and then click the Get Response button.
- Copy the passphrase unlock code displayed in the Response box and provide the code to the user.
To manage Defender Security Policy for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate domain node to select the container that contains the user for whom you want to manage Defender Security Policy (typically, this is the Users container).
- In the right pane, double-click the user object.
- In the dialog box that opens, click the Policy tab. This tab allows you to view the current or assign a new Defender Security Policy to the user. The tab has the following elements:
- Assigned Policy Shows the Defender Security Policy that is currently assigned to the user. When there is no Defender Security Policy assigned to the user, this option displays <undefined>.
- Select Allows you to select an existing Defender Security Policy to assign to the user.
- Clear Unassigns the current Defender Security Policy from the user.
- Effective Click this button to view the Defender Security Policy settings that will apply to the user for a particular Defender Security Server/Access Node combination. The window that opens looks similar to the following:
The DSS list shows the Defender Security Server that is currently selected for the user. If necessary, select any other Defender Security Server.
The DAN list shows the Access Node of which the user is a member. If necessary, select any other Access Node.
The User option displays the current user.
The Effective Policy area displays the Defender Security Policy details and authentication settings that will be effective when the user authenticates via Defender.
To manage RADIUS payload for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate domain node to select the container that contains the user for whom you want to manage RADIUS payload (typically, this is the Users container).
- In the right pane, double-click the user.
- In the dialog box that opens, click the RADIUS Payload tab. This tab allows you to view the current or assign a new RADIUS payload to the user. The tab has the following elements:
The DSS list shows the Defender Security Server that is currently selected for the user. If necessary, select any other Defender Security Server.
The DAN list shows the Access Node that is currently selected for the user. If necessary, select any other Access Node.
The User option displays the current user.
The Effective Payload area displays the details of the RADIUS payload that will be effective when the selected user authenticates via Defender.
