Enabling automatic deletion of tokens
The Defender Integration Pack for Active Roles installs an additional deprovisioning policy that allows you to enable the automatic deletion of tokens for deprovisioned users.
To enable the automatic deletion of tokens
- Open the Active Roles console.
- In the left pane, expand Configuration | Policies | Administration.
- Right-click the Defender node, point to New, and then click Deprovisioning Policy.
- Step through the wizard.
- In the Policy to Configure step, in the list, expand the Defender node to select Unassign Tokens.
- Complete the wizard. Keep the default settings in the remaining wizard steps.
The new Unassign Tokens deprovisioning policy is now available for use and you can add it as a deprovisioning policy.
Delegating Defender roles or tasks
The Defender Integration Pack for Active Roles installs a number of additional predefined Access Templates. These Access Templates fall into the following two categories:
- Role-oriented Allow you to delegate specific Defender roles, such as Defender administrator or helpdesk operator. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender container.
- Task-oriented Allow you to delegate granular Defender tasks or provide full control over specific Defender components. For example, you can use these Access Templates to delegate such tasks as assign a token, program a token, and test a token. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender/Advanced container.
To delegate Defender roles or tasks by using Access Templates
- Open the Active Roles console.
- In the left pane, expand the Active Directory node, right-click the domain you want, and then on the shortcut menu click Delegate Control.
- In the dialog box that opens, click the Add button and step though the wizard.
- In the Access Templates step, select the Access Templates you want to use, and then click Next.
- The Access Templates you can use to delegate Defender roles are located in the Access Templates/Defender container.
- The Access Templates you can use to delegate granular Defender tasks are located in the Access Templates/Defender/Advanced container.
- In the Inheritance Options step, keep the default settings, and then click Next.
- In the Permissions Propagation step, select the Propagate permissions to Active Directory check box.
- Complete the wizard to delegate the roles or tasks.
Upgrading Defender Integration Pack for Active Roles
To upgrade Active Roles Integration Pack
- On the computer that has a previous version of Active Roles Integration Pack installed, run the ActiveRolesIntegrationPack.exe file.
In the Defender distribution package, you can find the ActiveRolesIntegrationPack.exe file in the Setup folder.
- Complete the Active Roles Integration Pack Setup Wizard.
- After upgrading restart Active Roles Administration Service.
To upgrade Active Roles Admin Service Integration Pack
- On the computer that has a previous version of Active Roles Admin Service Integration Pack installed, run the ActiveRolesAdminServiceIntegrationPack.exe file.
In the Defender distribution package, you can find the ActiveRolesAdminServiceIntegrationPack.exe file in the Setup folder.
- Complete the Active Roles Admin Service Integration Pack Setup Wizard.
Uninstalling Defender Integration Pack for Active Roles
To uninstall Defender Integration Pack for Active Roles
- Uninstall Defender Integration Pack for Active Roles.
- Uninstall Defender Integration Pack for Active Roles Administrative Service.
NOTE: Ensure that you uninstall the Defender Integration Packs for Active Roles in the sequence mentioned above.
To uninstall the Defender Integration Pack for Active Roles
- Open the list of installed programs (appwiz.cpl).
- In the list, click to select the ActiveRolesIntegrationPack.exe entry.
- At the top of the list, click the Uninstall button and step through the wizard that starts.
NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
- Complete the wizard.
To uninstall the Defender Integration Pack for Active Roles Administration Service
- Open the list of installed programs (appwiz.cpl).
- In the list, click to select the ActiveRolesAdminServiceIntegrationPack.exe entry.
- At the top of the list, click the Uninstall button and step through the wizard that starts.
NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
- Complete the wizard.