Server-side extensions are software packages that extend the functionality of existing Microsoft Group Policy management tools. Group Policy provides one extension for the Group Policy Object Editor (GPOE):
Group Policy extends the namespace of the Group Policy Object Editor: that is, Group Policy adds several Unix-specific nodes to the scope and resultant views of the Group Policy Object Editor.
The vgptool command-line utility provides the same functionality as winlogon.exe. vgptool collects policy information by querying Active Directory for the SYSVOL path of GPOs, based on the location of the Unix host object in Active Directory. Once it collects the policy information, vgptool follows the same rules and standards of Group Policy application as Microsoft Group Policy, including enforced links, block inheritance, non-tattooing of policy settings, enabled or disabled links, link order, ACL filtering, and enabled/disabled GPOs. Safeguard Authentication Services also supports loopback policy processing.
Like gpupdate.exe, vgptool invokes client-side extension plug-ins to apply policy settings. You can register new client-side extensions with vgptool Refer to the vgptool man page for details. vgptool runs only when invoked from the Unix command line or when it is run by the Safeguard Authentication Services service as part of a policy refresh event.
Provides support for licensing policies.
Provides support for the Safeguard Authentication Services-related policies.
Provides support for some Windows security settings.
Provides support for macOS management settings.
Provides support for sudo policy option.
Provides support for dynamic file copy.
Provides support for the Unix file and script policies.
Provides support for OpenSSH.
Provides support for Samba.
Provides support for One Identity Defender policies.
Provides support for One Identity Privilege Manager for Unix policies.
Provides support for Administrative Templates.
Provides support for the Group Policy-related policies.
In Windows-only environments, administrators extend Group Policy through Administrative Templates. Administrative Templates provide policy description information as well as information used to build a graphical user interface to manage those policies. Group Policy stores this information in human-readable text-file format with an ADM extension.
Once you load the Administrative Templates into the Group Policy Object Editor (GPOE), the GPOE namespace is extended with new Unix-specific nodes.
On Unix, ADM policies are supported using Perl scripts that translate Windowsregistry.pol files into Unix configuration file settings. Group Policy refers to the translator scripts as xlators.
You can write custom xlator scripts in any language.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
