Chat now with support
Chat with Support

Please note, you may experience access issues between 6am - 7am Eastern time on Saturday, May 28 2022 due to planned maintenance

Defender 5.11 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Opening Defender Management Shell

You can open the Defender Management Shell by using either of the following procedures. Each procedure loads the Defender Management Shell snap-in into Windows PowerShell. If you do not load the Defender Management Shell snap-in before you run a command (cmdlet) provided by that snap-in, you will receive an error.

To open the Defender Management Shell

  1. Start a 32-bit version of Windows PowerShell.
  2. At the Windows PowerShell prompt, enter the following command:

    Add-PSSnapin OneIdentity.Defender.AdminTools

Alternatively, you can complete the following steps related to your version of Windows:

 

Table 33:

Alternative steps to open the Management Shell

Windows 8, Windows Server 2012, and Windows Server 2012 R2

On the Apps screen (Windows logo key + Q), click the Defender Management Shell tile.

Windows 10, Windows Server 2016, and Windows Server 2019
  1. Click the Windows Start button, and then scroll through the alphabetical list on the left.
  2. Click One Identity to expand the list of components of Defender products installed on the system.
  3. Click Defender Management Shell.

Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Either press R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).

Getting help

This section provides instructions on how to get help information for the cmdlets added by the Defender Management Shell to the Windows PowerShell environment.

Alternatively, you can get detailed information about the Defender Management Shell cmdlets by viewing the DefenderManagementShell.chm file located in the Defender Management Shell installation folder (by default, this is %ProgramFiles%\One Identity\Defender\Management Shell).

 

Table 34:

Common help commands

To view this...

Run this command...

A list of all the Defender Management Shell cmdlets available to the shell.

Get-Command –module OneIdentity.Defender.AdminTools

Information about the parameters and other components of a Defender Management Shell cmdlet.

Get-Command <CmdletName>

You can use wildcard character expansion. For example, to view information about the cmdlets with the names ending in Token, you can run this command:
Get-Command *Token

Basic help information for a Defender Management Shell cmdlet.

Get-Help <CmdletName>

Detailed help information for a Defender Management Shell cmdlet, including descriptions of available parameters and usage examples.

Get-Help <CmdletName> -full

Basic information about how to use the help system in Windows PowerShell, including Help for the Defender Management Shell.

Get-Help

Cmdlets provided by Defender Management Shell

For detailed information about the Defender Management Shell cmdlets, please view the DefenderManagementShell.chm file located in the Defender Management Shell installation folder (by default, this is %ProgramFiles%\One Identity\Defender\Management Shell).

 

Administrative templates

The Defender distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Defender Administration Console by default.

In the Defender installation package, you can find the below mentioned files in Setup\Group Policy Templates folder.

These administrative templates are supplied in the following files:

Table 35:

Defender Group Policy administrative templates

File

Provided functionality

DefenderGroupPolicy.admx

  • An option to limit the maximum configurable expiry time for the Temporary Helpdesk Token response feature.
  • Configuration options for programming software tokens through the Active Roles Web Interface.
  • An option to include a Send Mail feature allowing the sending of the token activation code by e-mail for a newly programmed software token.
  • Allows serverless binding for Defender to read and write data in Active Directory.

DefenderGroupPolicy.adml

  • Allows Group Policy Object Editor to display a policy setting in the locale.

This chapter consists of the following sections.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating