Enabling additional features via Group Policy
You can use Group Policy to enable a number of optional features provided by the Defender Integration Pack for Active Roles. These features include the automatic sending of e-mails with token activation codes, propagation of token configuration settings via Group Policy, and the ability to set an expiry period for temporary responses. To enable these features, you need to use the Group Policy administrative template supplied with Defender.
To enable Defender features via Group Policy
- Install the Defender Group Policy administrative template (DefenderGroupPolicy.adm) on a domain controller.
- Configure the settings provided by the Defender Group Policy administrative template.
For more information, see Installing administrative templates.
Enabling automatic deletion of tokens
The Defender Integration Pack for Active Roles installs an additional deprovisioning policy that allows you to enable the automatic deletion of tokens for deprovisioned users.
To enable the automatic deletion of tokens
- Open the Active Roles console.
- In the left pane, expand Configuration | Policies | Administration.
- Right-click the Defender node, point to New, and then click Deprovisioning Policy.
- Step through the wizard.
- In the Policy to Configure step, in the list, expand the Defender node to select Unassign Tokens.
- Complete the wizard. Keep the default settings in the remaining wizard steps.
The new Unassign Tokens deprovisioning policy is now available for use and you can add it as a deprovisioning policy.
Delegating Defender roles or tasks
The Defender Integration Pack for Active Roles installs a number of additional predefined Access Templates. These Access Templates fall into the following two categories:
- Role-oriented Allow you to delegate specific Defender roles, such as Defender administrator or helpdesk operator. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender container.
- Task-oriented Allow you to delegate granular Defender tasks or provide full control over specific Defender components. For example, you can use these Access Templates to delegate such tasks as assign a token, program a token, and test a token. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender/Advanced container.
To delegate Defender roles or tasks by using Access Templates
- Open the Active Roles console.
- In the left pane, expand the Active Directory node, right-click the domain you want, and then on the shortcut menu click Delegate Control.
- In the dialog box that opens, click the Add button and step though the wizard.
- In the Access Templates step, select the Access Templates you want to use, and then click Next.
- The Access Templates you can use to delegate Defender roles are located in the Access Templates/Defender container.
- The Access Templates you can use to delegate granular Defender tasks are located in the Access Templates/Defender/Advanced container.
- In the Inheritance Options step, keep the default settings, and then click Next.
- In the Permissions Propagation step, select the Propagate permissions to Active Directory check box.
- Complete the wizard to delegate the roles or tasks.
Upgrading Defender Integration Pack for Active Roles
To upgrade Active Roles Integration Pack
- On the computer that has a previous version of Active Roles Integration Pack installed, run the ActiveRolesIntegrationPack.exe file.
In the Defender distribution package, you can find the ActiveRolesIntegrationPack.exe file in the Setup folder.
- Complete the Active Roles Integration Pack Setup Wizard.
- After upgrading restart Active Roles Administration Service.
To upgrade Active Roles Admin Service Integration Pack
- On the computer that has a previous version of Active Roles Admin Service Integration Pack installed, run the ActiveRolesAdminServiceIntegrationPack.exe file.
In the Defender distribution package, you can find the ActiveRolesAdminServiceIntegrationPack.exe file in the Setup folder.
- Complete the Active Roles Admin Service Integration Pack Setup Wizard.