Delegating user access to the Active Roles Console
By default, after installing Active Roles, every user can log in to the Active Roles Console (also known as the MMC Interface). To restrict user access to the Console, in the Configuration Center, use the MMC Interface Access > Modify menu, then select the Restrict Console (MMC Interface) access for all users option.
Doing so restricts all non-Active Roles Admin users from using the Active Roles Console.
TIP: You can give Active Roles Console access later to selected users with the User Interface Management - MMC Full control Access Template (AT) of the Active Roles Console. This AT gives access permission to the Server Configuration > User Interfaces > MMC Interface object.
For more information on how to use ATs, see Applying Access Templates in the Active Roles Administration Guide.
Configuring Active Roles logging settings
The Active Roles Configuration Center also allows you to manage the logging settings of the various Active Roles components. As part of this, you can:
-
Enable or disable logging for each Active Roles component.
-
Open the location of the various component log files.
-
Open the component logs directly in the Active Roles Log Viewer utility.
To view, configure and manage Active Roles logs, in the Configuration Center, navigate to the Logging page. Once opened, the page lists the following information:
-
Component: The name of the Active Roles component producing the log, such as the Administration Service or the Active Roles Console.
-
Logging: Indicates whether logging is enabled or disabled for the component, and shows the logging level (Basic or Verbose). While Basic logging includes only errors, warnings and informational messages in the log files, Verbose logging also adds debugging and tracing messages.
-
Log location: Indicates the full path of the log file.
The toolbar of the Logging page allows you to perform the following log management tasks:
-
To enable or disable logging for a component, or change the logging level, select the component in the list, then click Modify.
-
To open the folder that contains the log file(s) of a component, select the component in the list, then click Browse with Explorer.
-
To open the Administration Service log in the Active Roles Log Viewer utility, select Administration Service in the list of components, then click Open in Log Viewer. For more information, see Active Roles Log Viewer.
Configuring Solution Intelligence
You can enable or disable Solution Intelligence in the Active Roles Configuration Center for your Web Interface sites. Solution Intelligence is an optional Active Roles feature used by One Identity to gather standard telemetry data about your Active Roles deployment, containing load, performance and usage metrics, exception reports, and other diagnostic information used to improve Active Roles.
Solution Intelligence is disabled by default.
Active Roles Configuration Shell
The ActiveRolesConfiguration module (also known as the "Configuration Shell") provides cmdlets for configuring Active Roles Administration Service instances and Web Interface sites. The names of the cmdlets provided by this module start with the AR prefix, such as New-ARDatabase, New-ARService, or New-ARWebSite.
NOTE: Consider the following when planning to use the ActiveRolesConfiguration module:
-
This module is available on 64-bit operating systems only.
-
You can only install this module on computers where the Administration Service or Web Interface modules are also installed. Otherwise, the module will not provide all cmdlets.
The following table lists the cmdlets of the Configuration Shell.
Table 1: Configuration Shell Cmdlets
|
Get-ARComponentStatus |
Returns the installation and configuration status of the Active Roles components. |
|
New-ARDatabase |
Creates a new Active Roles database. |
|
Import-ARDatabase |
Transfers Active Roles configuration data or management history data from one database to another. |
|
Backup-AREncryptionKey |
Backs up the current encryption key of the configuration database in the local Administration Service instance into a file. |
|
Restore-AREncryptionKey |
Restores the configuration database encryption key from a backup file to the local Administration Service instance. |
|
Reset-AREncryptionKey |
Creates a new encryption key for the configuration database in the local Administration Service instance. |
|
New-ARService |
Creates the Active Roles Administration Service instance on the local computer. |
|
Get-ARService |
Gets the status of the Active Roles Administration Service instance from the local computer. |
|
Set-ARService |
Modifies the Active Roles Administration Service instance on the local computer. |
|
Start-ARService |
Starts the Active Roles Administration Service instance on the local computer. |
|
Stop-ARService |
Stops the Active Roles Administration Service instance on the local computer. |
|
Restart-ARService |
Stops and starts the Active Roles Administration Service instance on the local computer. |
|
Remove-ARService |
Deletes the Active Roles Administration Service instance from the local computer. |
|
Test-ARServiceDatabaseSettings |
Verifies whether the specified Active Roles database settings would cause Management History issues due to setting separate Configuration and Management History databases. |
|
Get-ARServiceStatus |
Gets the Active Roles Administration Service status information from the local computer. |
|
Get-ARVersion |
Gets the version of the local Active Roles installation. |
|
New-ARWebSite |
Creates a new Active Roles Web Interface site. |
|
Get-ARWebSite |
Gets the Active Roles Web Interface sites from the web server. |
|
Set-ARWebSite |
Modifies the specified Active Roles Web Interface site on the web server. |
|
Remove-ARWebSite |
Deletes the specified Active Roles Web Interface site from the web server. |
|
Get-ARWebSiteConfig |
Gets Web Interface site configuration objects from the Active Roles Administration Service. |
|
Export-ARWebSiteConfig |
Exports the specified Web Interface site configuration to a file. |
