Defender Properties
The Defender Properties command allows you to administer tokens, and view and manage the Defender properties for the selected user.
On Defender Properties page, you can use the User tokens list to view and administer security tokens for the user, view the serial number of each security token assigned to the user, and if the tokens have a PIN configured.
Below the User tokens list, you can use the following elements:
- Add Click this button to search for existing token objects in Active Directory and assign them to the user if necessary.
- Defender ID Allows you to view or change the Defender ID of the user.
- Violation count Displays the number of unsuccessful authentication attempts for the user. To reset violation count for the user, click the Reset Violation Count button, and then click Save.
- Reset count Displays how many times the violation count has been reset so far.
- Last authentication Displays the time and date of user’s last successful authentication.
In the Type column of the User tokens list, you can click a security token name to administer the token. On the page that opens, you can use the following buttons:
Table 36:
Buttons to administer tokens
Set PIN |
Click to set a new PIN for the token. On the page that opens, use the New PIN and Confirm PIN text boxes to type the new PIN. If you want the user to change the new PIN on first use, select the Expire PIN check box. When finished, click the Set PIN button. |
Clear PIN |
Click to remove the current PIN from the token. The PIN is removed right after you click this button. |
Temporary Response |
Click to generate a temporary response for the token user. A temporary response is required when the user needs to authenticate but does not currently have a token available. On the page that opens use the following options:
- Expires Sets a validity period for the temporary response.
- Allow response to be used multiple times Allows you to set if the temporary response can be used more that once during the specified validity period. When this check box is cleared, the temporary response can only be used once.
- Assign Generates the temporary token response, assigns it to the user’s token, and displays the assigned response in a separate window.
- Clear Immediately removes the temporary token response from the user’s token.
|
Test Token |
Click to open a page that allows you to test the token response for the selected token: In the Response text box, enter a token response, and then click Verify. |
Reset |
Click to re-synchronize the token. |
Recover |
Click to reset the passphrase for the token. |
Unassign |
Click to unassign the token from the user. |
Set Defender Password
The Set Defender Password command allows you to set a Defender password for the selected user.
On Set Defender Password page, you can use the following elements:
- New password Type the new Defender password for the user.
- Confirm password Type the new Defender password to confirm it.
- Expire password Select this check box if you want the new Defender password to expire in a preconfigured period of time.
- Set Password Click this button to apply the new password.
Program Defender Token
The Program Defender Token command allows you to program a security token for the selected user. Clicking this command opens the following page:
On Program Defender Token page, select the token you want to program, and, if applicable, a token operational mode (synchronous or challenge-response). When finished, click the Program button.
For some token types, a new page with the following additional options may open:
- Token serial Displays the serial number of the token you have assigned to the user.
- Activation code Displays the code the user must enter to activate the assigned token. You can click the Copy button to copy the displayed activation code to the Windows Clipboard.
- Send activation e-mail to Allows you to send the token activation code to the user by e-mail. Type the recipient e-mail address in the text box, and then click Send to send the e-mail message containing the activation code to the user. This option is only available if you have enabled it via a Group Policy administrative template supplied with Defender. For more information, see Administrative templates.
Enabling additional features via Group Policy
You can use Group Policy to enable a number of optional features provided by the Defender Integration Pack for Active Roles. These features include the automatic sending of e-mails with token activation codes, propagation of token configuration settings via Group Policy, and the ability to set an expiry period for temporary responses. To enable these features, you need to use the Group Policy administrative template supplied with Defender.
To enable Defender features via Group Policy
- Install the Defender Group Policy administrative template (DefenderGroupPolicy.adm) on a domain controller.
- Configure the settings provided by the Defender Group Policy administrative template.
For more information, see Installing administrative templates.