'Disallowed Servers for Auto-connect' setting
When applied to a computer running an Active Roles client application, such as the Active Roles console, Web Interface or ADSI Provider, this setting determines the instances of the Active Roles Administration Service to which the client application is not allowed to auto-connect. This setting only affects the Administration Service instances that are published by Active Roles for auto-discovery.
If you enable this setting, you can specify a list of computer names identifying the computers running the Administration Service to which the client application is not allowed to auto-connect. In a computer name, you may use an asterisk wildcard character (*) to represent any string of characters. If a given computer is listed in this setting, then the client application is not allowed to auto-connect to the Administration Service on that computer unless the name or alias of that computer is listed in the Allowed Servers for Auto-connect or Additional Servers for Auto-connect setting.
If this setting is disabled or not configured, the client application normally auto-connects to any available Administration Service that is published by Active Roles for auto-discovery. However, you can use the Allowed Servers for Auto-connect and Additional Servers for Auto-connect settings to specify explicitly the instances of the Administration Service to which the client application should auto-connect.
'Additional Servers for Auto-connect' setting
When applied to a computer running an Active Roles client application, such as the Active Roles console, Web Interface or ADSI Provider, this setting specifies the instances of the Active Roles Administration Service to which the client application auto-connects regardless of whether or not those instances are published by Active Roles for auto-discovery.
If you enable this setting, you can specify a list of computer names or aliases identifying the computers running the Administration Service to which the client application auto-connects even though it cannot discover the Administration Service on those computers by using Active Roles’ service connection points in Active Directory. If a given computer is listed in this setting, then the client application auto-connects to the Administration Service on that computer regardless of the Allowed Servers for Auto-connect and Disallowed Servers for Auto-connect settings.
If this setting is disabled or not configured, the client application normally auto-connects to any available Administration Service that is published by Active Roles for auto-discovery. However, you can use the Allowed Servers for Auto-connect and Disallowed Servers for Auto-connect settings to restrict auto-connection of the client application to specific instances of the Administration Service published for auto-discovery.
Loading the Administrative Template
The Administrative Template consists of the ActiveRoles.admx (ADMX) and ActiveRoles.adml (ADML) files. The ADML file is a language-specific complement to the ADMX file.
To load the Administrative Template to a domain-wide Group Policy object, you need to copy the ADMX and ADML files to the central store in the sysvol folder on a domain controller:
- Copy the ADMX file to the folder %systemroot%\sysvol\domain\policies\PolicyDefinitions
- Copy the ADML file to the folder %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-US
Create those folders if they do not exist. For more information about ADMX files, see Managing Group Policy ADMX Files Step-by-Step Guide at http://go.microsoft.com/fwlink/p/?LinkId=75124.
Group Policy Object Editor automatically reads all ADMX files found in the central store of the domain in which the Group Policy object is created. You can configure Active Roles policy settings in Group Policy Object Editor by selecting User Configuration/Policies/Administrative Templates/Active Roles Snap-in Settings or Computer Configuration/Policies/Administrative Templates/Active Roles/Administration Service Auto-connect Settings, and then apply the Group Policy object as appropriate.
Communication ports
This section provides a list of communication ports that need to be open in the firewall for Active Roles to function properly.