Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Performing an unattended installation of Defender Desktop Login

DefenderDesktopLogin_x86.msi  Installs Defender Desktop Login on 32-bit systems.
DefenderDesktopLogin_x64.msi  Installs Defender Desktop Login on 64-bit systems.
0  Specifies that all users must authenticate via Defender.
1  Specifies that members of groups in the EXCLUSION_GROUPS parameter are not required to authenticate via Defender.
2  Specifies that only members of groups in the EXCLUSION_GROUPS parameter must authenticate via Defender.
0  Do not allow local users to bypass Defender authentication (default value)
1  Always allow local users to bypass Defender authentication
0  Specifies that users cannot log on if all Defender Security Servers are unavailable.
1  Specifies that users can only log on for a specified period of time from the moment when all Defender Security Servers become unavailable. If you specify this value, use the OFFLINE_LOGON_DAYS to set the number of days you want.
2  Specifies that users can only log on a specified number of times from the moment when all the Defender Security Servers become unavailable. If you specify this value, use the OFFLINE_LOGON_COUNT to set the number of times you want.
0  Specifies not to display any offline logon notifications.
1  Specifies to display offline logon notifications.
0  Specifies not to store the user’s password.
1  Specifies to store the user’s password.
0  Specifies that Defender Desktop Login can change user’s password.
1  Specifies that Defender Desktop Login cannot change user’s password.
0  Specifies to allow all credential providers.
1  Specifies to block all credential providers except Defender Credential Provider.
2  Specifies to block Microsoft’s credential providers.

Configuring Defender Desktop Login by using a configuration tool

3
When finished, OK to apply your changes and close the dialog box.

Configuring Defender Desktop Login by using Group Policy

1
Run the DefenderDesktopLoginGroupPolicy.exe file supplied in the Defender distribution package.
6
In the left pane of the window that opens, expand Computer Configuration | Policies, and then select Defender Desktop Login.
7
In the right-pane, double-click Desktop Login Settings and use the dialog box that opens to configure the Defender Desktop Login settings.
8
When finished, OK to apply your changes and close the dialog box.
3
In the wizard that starts, select the Skip to the final page of this wizard without collecting additional data check box, and then click Next.
6
In the left pane of the window that opens, expand Computer Configuration to select the Defender Desktop Login node.
7
In the right pane, double-click the Desktop Login Settings object to view the current Group Policy settings.

Defender Desktop Login Configuration tool reference

Add  Adds a new Defender Security Server entry to the list. In the dialog box that opens, type the server IP address or DNS name and communication port.
Edit  Allows you to edit the selected list entry.
Remove  Removes the selected list entry.
Up  Moves the selected list entry up.
Down  Moves the selected list entry down.
If Defender Desktop Login is configured by using Group Policy, this tab also provides the Group Policy Settings (read only) list that shows the Defender Security Servers used by Defender Desktop Login.
Require domain users to log on using Defender. Prevent local users from logging on. Specifies that all domain users who log on to a computer that has Defender Desktop Login installed must authenticate via Defender. Local users will be unable to log on.
Allow specified users to bypass Defender authentication. Specifies that users in groups added to the Groups list do not have to authenticate via Defender when logging on to computers that have Defender Desktop Login installed.
Require specified users to log on using Defender. Specifies that users in groups added to the Groups list must authenticate via Defender when logging on to computers that have Defender Desktop Login installed.
If Defender Desktop Login is configured by using Group Policy, you can click the Group Policy (read-only) tab to view a list of groups whose users must or do not have to authenticate via Defender Desktop Login.
Logins without the Defender Security Server are disabled  Users cannot log on if all the Defender Security Servers are unavailable.
Users may login for a set number of days after the previous login against the Defender Security Server  Users can only log on for a specified number of days from the moment when all Defender Security Servers become unavailable.
Users have a set number of logins after the previous login against the Defender Security Server  Users can only log on a specified number of times from the moment when all the Defender Security Servers become unavailable
Notify user when offline data is downloaded  When this check box is selected, each time an offline logon occurs, the user is provided with information about the remaining number of offline logons or the remaining number of days when the offline logon will be available.
Remember user's passwords  With this option selected users Active Directory (AD) passwords will be remembered and the user will not need to enter this during the logon process. Only Defender authentication is required. (The user will be prompted for the AD password on first use).
Automatically change user's password as required  Causes Defender to automatically change user’s password when it expires.
Credential Provider Filter  Provides a filter that allows you to display only specific credentials providers.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating