立即与支持人员聊天
与支持团队交流

Defender 5.11 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Enabling automatic deletion of tokens

The Defender Integration Pack for Active Roles installs an additional deprovisioning policy that allows you to enable the automatic deletion of tokens for deprovisioned users.

To enable the automatic deletion of tokens

  1. Open the Active Roles console.
  2. In the left pane, expand Configuration | Policies | Administration.
  3. Right-click the Defender node, point to New, and then click Deprovisioning Policy.
  4. Step through the wizard.
  5. In the Policy to Configure step, in the list, expand the Defender node to select Unassign Tokens.
  6. Complete the wizard. Keep the default settings in the remaining wizard steps.

    The new Unassign Tokens deprovisioning policy is now available for use and you can add it as a deprovisioning policy.

Delegating Defender roles or tasks

The Defender Integration Pack for Active Roles installs a number of additional predefined Access Templates. These Access Templates fall into the following two categories:

  • Role-oriented  Allow you to delegate specific Defender roles, such as Defender administrator or helpdesk operator. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender container.
  • Task-oriented  Allow you to delegate granular Defender tasks or provide full control over specific Defender components. For example, you can use these Access Templates to delegate such tasks as assign a token, program a token, and test a token. In the Active Roles console, you can find these Access Templates in the Configuration/Access Templates/Defender/Advanced container.

To delegate Defender roles or tasks by using Access Templates

  1. Open the Active Roles console.
  2. In the left pane, expand the Active Directory node, right-click the domain you want, and then on the shortcut menu click Delegate Control.
  3. In the dialog box that opens, click the Add button and step though the wizard.
  4. In the Access Templates step, select the Access Templates you want to use, and then click Next.
    • The Access Templates you can use to delegate Defender roles are located in the Access Templates/Defender container.
    • The Access Templates you can use to delegate granular Defender tasks are located in the Access Templates/Defender/Advanced container.
  5. In the Inheritance Options step, keep the default settings, and then click Next.
  6. In the Permissions Propagation step, select the Propagate permissions to Active Directory check box.
  7. Complete the wizard to delegate the roles or tasks.

Upgrading Defender Integration Pack for Active Roles

To upgrade Active Roles Integration Pack

  1. On the computer that has a previous version of Active Roles Integration Pack installed, run the ActiveRolesIntegrationPack.exe file.

    In the Defender distribution package, you can find the ActiveRolesIntegrationPack.exe file in the Setup folder.

  2. Complete the Active Roles Integration Pack Setup Wizard.
  3. After upgrading restart Active Roles Administration Service.

To upgrade Active Roles Admin Service Integration Pack

  1. On the computer that has a previous version of Active Roles Admin Service Integration Pack installed, run the ActiveRolesAdminServiceIntegrationPack.exe file.

    In the Defender distribution package, you can find the ActiveRolesAdminServiceIntegrationPack.exe file in the Setup folder.

  1. Complete the Active Roles Admin Service Integration Pack Setup Wizard.

Uninstalling Defender Integration Pack for Active Roles

To uninstall Defender Integration Pack for Active Roles

  1. Uninstall Defender Integration Pack for Active Roles.
  2. Uninstall Defender Integration Pack for Active Roles Administrative Service.
NOTE: Ensure that you uninstall the Defender Integration Packs for Active Roles in the sequence mentioned above.

To uninstall the Defender Integration Pack for Active Roles

  1. Open the list of installed programs (appwiz.cpl).
  2. In the list, click to select the ActiveRolesIntegrationPack.exe entry.
  3. At the top of the list, click the Uninstall button and step through the wizard that starts.
    NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
  1. Complete the wizard.

To uninstall the Defender Integration Pack for Active Roles Administration Service

  1. Open the list of installed programs (appwiz.cpl).
  2. In the list, click to select the ActiveRolesAdminServiceIntegrationPack.exe entry.
  3. At the top of the list, click the Uninstall button and step through the wizard that starts.
    NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
  1. Complete the wizard.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级