Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.6 - Administration Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting Glossary

Apply mode

Some policies support the concept of an Apply mode. The Apply mode affects the way settings defined by policy are combined with local settings. There are two possible Apply modes:

  • Replace

    Settings defined in policy replace all local settings or configuration files.

  • Merge

    Settings defined by policy are merged with settings defined locally. For any conflicting settings the policy settings take precedence. Merge is the default for most policies that support Apply mode.

Configured policies that support Apply mode display the mode in the Apply Mode column in the Group Policy Object Editor.

Setting policy apply mode

To set the Group Policy Apply mode

  1. In Group Policy Object Editor, select a policy.
  2. To set the Apply Mode to Replace, open the Action menu and select the Remove local configuration option.

    Note: You can also right-click the policy to choose the Remove local configuration option from the context menu.

  3. To reset the Apply Mode to Merge, open the Action menu and select the Remove local configuration option again.

    Note: The policy must be configured in order to change the Apply mode. If the policy is not configured, the Remove local configuration option is not enabled on the Action menu.

    Note: Some policies, such as scripts, do not support Apply mode. If the policy does not support Apply mode, the Remove local configuration item in the Action menu is not available and the Apply Mode column in Group Policy Object Editor is blank.

Unix policies

The Unix Settings node is installed by the Safeguard Authentication Services Group Policy Microsoft Management Console (MMC) Snap-In. Group Policy defines Unix-specific policies that manage various Unix system settings. Policy items contained in this node are specific to Unix operating systems. You can configure Unix settings through Group Policy.

To open the Unix Settings node in the Group Policy Management Editor

  1. From the Control Center Group Policy link, select a GPO Name and click Edit GPO.
  2. Navigate to either Computer Configuration or User Configuration | Policies | Unix Settings.


You can configure scripts to run automatically on Unix systems either at startup or when Group Policy is refreshed. Startup scripts run each time the Safeguard Authentication Services service starts. Refresh scripts run each time the policy refresh threshold is met (every 90-120 minutes by default). In addition you can mark scripts as "run-once", indicating that the script should only run the first time.

Note: Un-apply the policy or modify the script to reset the "run-once" property.

Group Policy copies scripts added to the policy to the Group Policy Template (GPT). When the Group Policy agent executes the script, Group Policy passes all command line parameters to the script. The Group Policy agent executes scripts in the order listed. Use the Up and Down buttons in the script Properties dialog to reorder the scripts.

Unix Script policies cannot be overridden. You can block and enforce Unix Script policies with the block inheritance option and enforce links. You can also filter Script policies using ACL filtering. In all other cases, Group Policy executes all Unix Script policies linked to the host in the order they are encountered during Group Policy processing.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating