Authentication Services 4.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting

Unix policies

The Unix Settings node is installed by the Authentication Services Group Policy Microsoft Management Console (MMC) Snap-In. Group Policy defines Unix-specific policies that manage various Unix system settings. Policy items contained in this node are specific to Unix operating systems. You can configure Unix settings through Group Policy.

To open the Unix Settings node in the Group Policy Management Editor

  1. From the Control Center Group Policy link, select a GPO Name and click Edit GPO.
  2. Navigate to either Computer Configuration or User Configuration | Policies | Unix Settings.

Scripts

You can configure scripts to run automatically on Unix systems either at startup or when Group Policy is refreshed. Startup scripts run each time the Authentication Services service starts. Refresh scripts run each time the policy refresh threshold is met (every 90-120 minutes by default). In addition you can mark scripts as "run-once", indicating that the script should only run the first time.

Note: Un-apply the policy or modify the script to reset the "run-once" property.

Group Policy copies scripts added to the policy to the Group Policy Template (GPT). When the Group Policy agent executes the script, Group Policy passes all command line parameters to the script. The Group Policy agent executes scripts in the order listed. Use the Up and Down buttons in the script Properties dialog to reorder the scripts.

Unix Script policies cannot be overridden. You can block and enforce Unix Script policies with the block inheritance option and enforce links. You can also filter Script policies using ACL filtering. In all other cases, Group Policy executes all Unix Script policies linked to the host in the order they are encountered during Group Policy processing.

Refresh Scripts policy

The Refresh Scripts policy manages the script that is run each time policy is applied on the Unix host.

Configure a Refresh Script

To configure a refresh script

  1. Start Group Policy Editor.
  2. Expand the Unix Setting | Scripts node.
  3. Double click Refresh Scripts.

    The Refresh Script Properties dialog opens.

  4. Click Add.

    The New Script dialog opens.

    Note: Typically, you write and test the script on the target platform.

  5. Click Import.

    A file browse dialog appears.

  6. Select the script file and click Open.

    The script you choose automatically displays in the Name field.

    Note: If you do not have a script to import, add a name for the script, select it on the property page and click Edit Script. Group Policy opens a text editor to allow you to create it "on the fly".

  7. In the Parameters field, enter any parameters to pass to the script on the command line.
  8. Select Options:

    • Run As User: Check this box and enter a user name to force the script to run as a specific user on the Unix host.
    • Run once: Check this box to prohibit the script from running more than one time on the Unix host.
  9. Click Add.

    The new script displays in the list of configured scripts for this policy.

  10. Select the script in the list.

    The Script Preview pane displays the read-only contents of the script.

  11. Click Edit Script to edit the contents of configured scripts.

    Your text editor launches with the contents of the script so that you can edit and save the script.

  12. Close the text editor and save the contents.

    The Script Preview pane displays the updated script contents.

Related Documents