Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

6.2.2 Installing RSA Authentication Agent

After installation, the RSA Authentication Agent places new and enhanced dynamic link libraries (aceclnt.dll, sdmsg.dll) in the %SystemRoot%\System32\ folder, and starts new services.
If you install the RSA Authentication Agent on a computer where Advanced Login is already installed, the RSA logon window is displayed instead of the Advanced Login authentication window (after you have restarted the system).
To avoid this, you must set the WGSafeGina.dll in the following registry key: HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\
Winlogon\GinaDLL
This way, the Advanced Login authentication window is displayed at system start.

7 Enabling the Group Membership Modification Feature

You can add or remove Users and Access Points from groups directly through the Quest ESSO Console, without using a third-party group management console. To enable this feature, you must enable the Quest ESSO Controllers to modify group memberships, by delegating the Modify the membership of a group task to their dedicated technical accounts.
The following procedure must be performed only if Quest ESSO is used with Active Directory, ADAM or AD LDS directories.
1.
Launch the Active Directory Users and Computer tool on the Active Directory domain controller.
2.
Right-click the Organization of the users or machines you want to modify and select Delegate Control.
3.
Press the Next button and then the Add button.
4.
Select the group containing the technical accounts of the Quest ESSO Controllers (Active Directory only), or each technical account individually if necessary.
5.
Click the Next button and select the Modify the membership of a group check-box.
6.
Click the Next button and then the Finish button to close the Wizard.
For details on how to use this feature, refer to Quest ESSO Console Administrator Guide.

8 Centralizing Parameters Using Group Policy Objects (GPO)

This section describes how to apply registry-based policy settings to servers and user computers running Quest ESSO using the Group Policy Management Console. It is intended to system administrators who want to use Group Policy to manage Quest ESSO workstations.
You will add to the Administrative Templates extension administrative template files provided by Quest ESSO.
These files allow you to set Quest ESSO policy settings pertaining to the registry and distribute them to Quest ESSO workstations, in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Enatel registry key.
The following procedures apply only to Quest ESSO workstations that are members of a Windows domain.

8.1 Creating and Configuring Group Policy Objects Using an ADM File

1.
Start Active Directory Users and Computers.
2.
In the console tree, right-click the wanted container (site, domain, OU) and select Properties.
You will apply the Quest ESSO administrative template file to the users and computers in the selected container.
4.
Click New to create a new group policy (entitled User Access for instance).
5.
Click the Edit button.
The Add/Remove Templates window appears.
7.
Click the Add button, select the UserAccess-<language>.adm (where <language> represents the various supported languages) located on the Quest ESSO installation package and close the Add/Remove templates window.
The UserAccess folder appears under Computer Settings\Administrative Templates.
8.
In the UserAccess folder, select a sub folder and double-click a parameter.
The Licenses Properties window associated with this parameter appears, as shown in the following example:
Not Configured: the parameter is not taken into account unless specified by any other GPO.
Disabled: the parameter is not taken into account unless specified by a GPO with a higher priority.
Enabled: the parameter is taken into account.
1.
Start Group Policy Management.
2.
In the console tree, unfold the Domains file, right-click the Group Policy Objects container and select New.
3.
In the New GPO window, enter the name the new GPO and click the OK button.
4.
In the displayed window, click the Linked Group Policy objects tab.
The Add/Remove Templates window appears.
7.
Click the Add button, select the UserAccess-<language>.adm (where <language> represents the various supported languages) located on the Quest ESSO installation package and close the Add/Remove templates window.
8.
In the UserAccess folder, select a sub folder and double-click a parameter.
The Licenses Properties window associated with this parameter appears, as shown in the following example:
Not Configured: the parameter is not taken into account unless specified by any other GPO.
Disabled: the parameter is not taken into account unless specified by a GPO with a higher priority.
Enabled: the parameter is taken into account.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating