Administrative templates
The Defender distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Defender Administration Console by default.
In the Defender installation package, you can find the below mentioned files in Setup\Group Policy Templates folder.
These administrative templates are supplied in the following files:
Table 35:
Defender Group Policy administrative templates
|
DefenderGroupPolicy.admx |
- An option to limit the maximum configurable expiry time for the Temporary Helpdesk Token response feature.
- Configuration options for programming software tokens through the Active Roles Web Interface.
- An option to include a Send Mail feature allowing the sending of the token activation code by e-mail for a newly programmed software token.
- Allows serverless binding for Defender to read and write data in Active Directory.
|
|
DefenderGroupPolicy.adml |
- Allows Group Policy Object Editor to display a policy setting in the locale.
|
This chapter consists of the following sections.
Installing administrative templates
To install the administrative templates on Domain Controller
- Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
- Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
- In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
- Open the Group Policy Management window (gpmc.msc).
- In the left pane (console tree), expand the appropriate forest node, and then expand the Domains node.
- Right-click the appropriate domain node, and then on the shortcut menu click Create a GPO in this domain and Link it here.
- In the New GPO dialog box, type a name for the GPO being created, and click OK.
- Add the Defender Group Policy administrative templates to the GPO you have just created:
- In the left pane (console tree) of Group Policy Management, right-click the GPO you have created, and then on the shortcut menu click Edit.
Group Policy Management Editor opens.
- In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies\Administrative Templates.
You can now see One Identity node and Defender sub-node appearing automatically.
To install the administrative templates on client computer
- Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
-
Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.
-
Open the Local Group Policy Editor (gpedit.msc).
- In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.
You can now see One Identity node and Defender sub-node appearing automatically.
Configuring administrative templates
To configure settings for administrative templates
- Open the Group Policy Management Editor (gpedit.msc).
- On the left pane, select Computer Configuration\Administrative Templates\One Identity\Defender.
- In the right pane, double-click the setting you want to configure.
The DefenderGroupPolicy.admx file provides the following settings:
Temporary Responses setting
You can use this setting to set a maximum limit on the expiry time for temporary helpdesk token responses. By default, status of these settings are not configured.
To enable this setting
- Open the Temporary Responses setting.
- Click Enabled.
- From the Maximum expiry time drop down, select the maximum length of time that a temporary helpdesk token response can remain valid.
|
|
NOTE: Now when you assign a temporary helpdesk token response to a user, the maximum expiry time for the response is set to the value defined by this setting. |
- Click OK.
