Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management
About us

Default employee SID (DefaultEmployeeSid)

Default employee SID (DefaultEmployeeSid)

This registry key specifies the security identifier (SID) of the default employee used by the Data Governance topology harvest process. This setting is used by the ManagementServer internal service that manages the core Data Governance service dependencies.

Table 79: Registry setting: DefaultEmployeeSid
Location Registry
Path HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server
Value name DefaultEmployeeSid
Value type REG_SZ
Value SID of the user used by the Data Governance topology harvest process.
Note This key is present if you used the Data Governance Configuration wizard to install the Data Governance service.

Explicit exclusion of groups (ExclusionByDN)

Explicit exclusion of groups (ExclusionByDN)

On the Data Governance server, configure the following registry key to exclude groups from self-service group selection.

NOTE: You may want to mark certain groups as being ineligible for self-service requests, especially when Data Governance Edition is configured to allow for non-published groups to be presented. In this case, it is possible to mark either specific groups, or all groups within a particular Active Directory container as being ineligible for access requests.
Table 80: Registry setting: ExclusionByDN
Location Registry
Path

HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server\DeploymentData\SelfService

NOTE: If the "DeploymentData" and "SelfService" subkeys do not exist, create them.
Value name ExclusionByDN
Value type REG_SZ
Value

Create string values whose names match the distinguished name of the groups that are to be excluded.

NOTE: To exclude an entire container of groups, specify the distinguished name of the container, with an asterisk ("*") prefix. For example, to exclude all groups in the Users container of example.com. use the following syntax: "*CN=Users,DC=example,DC=com".

Filter accounts from Resource access report (FilterNoisyAccounts)

Filter accounts from Manage Access view (FilterNoisyAccounts)

Create the following registry key on the client computer where the Manager is installed to indicate whether noisy accounts (that is, accounts with indirect access granted through the BUILTIN\Administrators or BUILTIN\Users accounts), are to be filtered from the Manage Access view.

Table 81: Registry setting: FilterNoisyAccounts
Location Registry
Path HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Client
Value name FilterNoisyAccounts
Value type DWORD
Value

Valid values:

  • 0: do not filter out noisy accounts
  • 1: filter out noisy accounts (default)

Global agent installation location (GlobalAgentInstallLocation)

Global agent installation location (GlobalAgentInstallLocation)

By default, the agent will be installed in %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services. To change this default location, create the following new string value in the registry on the Data Governance server.

Table 82: Registry setting: GlobalAgentInstallLocation
Location Registry
Path HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server
Value name GlobalAgentInstallLocation
Value type REG_SZ
Value Agent installation location
Note All agents attempt to deploy the folder specified in this registry setting. If, when you deploy an individual agent, you select an alternate installation location on the Managed Hosts Settings dialog, the location specified takes precedence over the default location specified in the registry.
Related Documents