Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.6 - Administration Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting Glossary

Unix agent technology

In order to deliver the expected Group Policy functionality for Unix, the Group Policy client-side components for Unix are designed to mirror the functionality of the Microsoft Group Policy client-side components for Windows. Specifically, Group Policy provides an extensible infrastructure for writing Unix client-side extensions (CSEs). The flexibility of Group Policy's client-side components allows Group Policy to offer a limitless resource for creating configuration management strategies.

Group Policy ships with several client-side extensions that provide the basis for managing many aspects of Unix operating systems and applications. Developers can extend Group Policy by adding CSEs. Administrators can use Administrative Template (ADM) files to add custom Unix policy settings.

Group Policy uses the same Group Policy object processing model that is used by the Windows winlogon service including scoping and filtering of Group Policy objects. Policy settings applied through Group Policy are "non-tattooing." The Group Policy agent also provides tools for calculating the Resultant Set of Policy (RSoP) before and after policy application.


Group Policy consists of both agent and server software. You install the agent software on Unix computers and use it to apply Group Policy settings. The server software extends existing Microsoft frameworks for managing Group Policy. After installing the Group Policy agent-side extensions, administrators interact mostly with the server-side extensions which enable Unix policy configuration.

How Safeguard Authentication Services Group Policy works

Safeguard Authentication Services Group Policy is a built-in component of Safeguard Authentication Services. After joining the domain, Unix hosts display as computer objects in Active Directory just like Windows servers and workstations. Group Policy Objects link to Unix computer objects in the same way as they link to Windows computer objects.

Group Policy allows Unix hosts to participate in the WindowsGroup Policy infrastructure. Group Policy uses the Kerberos and LDAP infrastructure provided by Safeguard Authentication Services to implement Group Policy on Unix in a way that mirrors the Windows Group Policy implementation.

Group Policy framework for Unix

Group Policy consists of server-side extensions to the Group Policy Object Editor and Unix client-side software. Using the Group Policy extensions to the Group Policy Object Editor (GPOE), administrators can create and edit Unix policies. The Group Policy agent is responsible for reading policy configuration data and applying policies to Unix hosts.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating