Installing administrative templates
To install the administrative templates on Domain Controller
- Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
- Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
- In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
- Open the Group Policy Management window (gpmc.msc).
- In the left pane (console tree), expand the appropriate forest node, and then expand the Domains node.
- Right-click the appropriate domain node, and then on the shortcut menu click Create a GPO in this domain and Link it here.
- In the New GPO dialog box, type a name for the GPO being created, and click OK.
- Add the Defender Group Policy administrative templates to the GPO you have just created:
- In the left pane (console tree) of Group Policy Management, right-click the GPO you have created, and then on the shortcut menu click Edit.
Group Policy Management Editor opens.
- In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies\Administrative Templates.
You can now see One Identity node and Defender sub-node appearing automatically.
To install the administrative templates on client computer
- Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
-
Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.
-
Open the Local Group Policy Editor (gpedit.msc).
- In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.
You can now see One Identity node and Defender sub-node appearing automatically.
Configuring administrative templates
To configure settings for administrative templates
- Open the Group Policy Management Editor (gpedit.msc).
- On the left pane, select Computer Configuration\Administrative Templates\One Identity\Defender.
- In the right pane, double-click the setting you want to configure.
The DefenderGroupPolicy.admx file provides the following settings:
Temporary Responses setting
You can use this setting to set a maximum limit on the expiry time for temporary helpdesk token responses. By default, status of these settings are not configured.
To enable this setting
- Open the Temporary Responses setting.
- Click Enabled.
- From the Maximum expiry time drop down, select the maximum length of time that a temporary helpdesk token response can remain valid.
|
NOTE: Now when you assign a temporary helpdesk token response to a user, the maximum expiry time for the response is set to the value defined by this setting. |
- Click OK.
Active Roles Web Interface - Token Programming setting
You can use this setting to select the token types and token programming modes you want to make available for programming through the Active Roles Web Interface.
To enable this setting
- Open the ActiveRoles Web Interface - Token Programming setting.
- Click Enabled.
- Under Token Types and Token Programming Modes sections, select one or more token types and token programming modes to make it available for programming through the Active Roles Web Interface.
- Click OK.