Use the Defender Security Server Configuration tool to configure the Defender Security Server you have installed in Step 1: Install required Defender components. By default, this tool starts automatically when you complete the Defender Setup Wizard.
For more information on how to start and use the Defender Security Server Configuration tool, see Defender Security Server Configuration tool reference.
In this step, you create and configure a number of required Defender-related objects in Active Directory. The required objects are:
For detailed instructions on how to create and configure Defender objects in Active Directory, see “Managing Defender objects in Active Directory” in the Defender Administration Guide.
A Defender Security Policy object defines a number of authentication settings for Defender users, such as primary and secondary authentication methods, number of allowed failed authentication attempts, lockout and unlock conditions for the user accounts, and allowed logon hours. You can also use a Defender Security Policy object to enable and configure built-in security tokens, such as SMS token, e-mail token, and GrIDsure token.
After creating a Defender Security Policy object, you need to assign it to the appropriate user objects in Active Directory. You can assign a Defender Security Policy in one of the following ways:
- Explicitly Assign a policy directly to a user object in Active Directory.
- Implicitly Apply a policy to a user by assigning it to the Defender Security Server or Access Node to which the user belongs.
If you assign a Defender Security Policy to a Defender Security Server, that policy is applied to the users who authenticate through that Defender Security Server.
If you assign a Defender Security Policy to an Access Node object, that policy is applied to the users who are listed as members of that Access Node.
When a user is a member of an Access Node and no Defender Security Policy is defined for the user explicitly or implicitly, then a default Defender Security Policy applies to the user. For more information, see “Default Defender Security Policy” in the Defender Administration Guide.
To create a Defender Security Policy object
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane, expand the node representing the domain where you installed Defender.
- Expand the Defender container, right-click the Policies container, and then from the shortcut menu select New | Defender Policy.
For detailed instructions on how to create and configure a Defender Security Policy object, see “Managing Defender Security Policy objects” in the Defender Administration Guide.
A Defender Security Server object represents a computer on which the Defender Security Server component is installed. Therefore, when creating or configuring a Defender Security Policy object, make sure you specify the correct IP address of the corresponding computer in the object properties.
To create a Defender Security Server object
- On the computer where the Defender Administration Console is installed, start the Active Directory Users and Computers tool (dsa.msc).
- In the left pane, expand the node representing the domain where you installed Defender.
- Expand the Defender container, right-click the Security Servers container, and then select New | Defender Security Server.
For detailed instructions on how to create and configure a Defender Security Server object, see “Managing Security Server objects” in the Defender Administration Guide.