立即与支持人员聊天
与支持团队交流

Defender 6.4 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Defender Properties

The Defender Properties command allows you to administer tokens, and view and manage the Defender properties for the selected user.

On Defender Properties page, you can use the User tokens list to view and administer security tokens for the user, view the serial number of each security token assigned to the user, and if the tokens have a PIN configured.

Below the User tokens list, you can use the following elements:

  • Add  Click this button to search for existing token objects in Active Directory and assign them to the user if necessary.
  • Defender ID  Allows you to view or change the Defender ID of the user.
  • Violation count  Displays the number of unsuccessful authentication attempts for the user. To reset violation count for the user, click the Reset Violation Count button, and then click Save.
  • Reset count  Displays how many times the violation count has been reset so far.
  • Last authentication  Displays the time and date of user’s last successful authentication.

In the Type column of the User tokens list, you can click a security token name to administer the token. On the page that opens, you can use the following buttons:

 

Table 36:

Buttons to administer tokens

Button

Description

Set PIN

Click to set a new PIN for the token. On the page that opens, use the New PIN and Confirm PIN text boxes to type the new PIN. If you want the user to change the new PIN on first use, select the Expire PIN check box. When finished, click the Set PIN button.

Clear PIN

Click to remove the current PIN from the token. The PIN is removed right after you click this button.

Temporary Response

Click to generate a temporary response for the token user. A temporary response is required when the user needs to authenticate but does not currently have a token available. On the page that opens use the following options:

  • Expires  Sets a validity period for the temporary response.
  • Allow response to be used multiple times  Allows you to set if the temporary response can be used more that once during the specified validity period. When this check box is cleared, the temporary response can only be used once.
  • Assign  Generates the temporary token response, assigns it to the user’s token, and displays the assigned response in a separate window.
  • Clear  Immediately removes the temporary token response from the user’s token.

Test Token

Click to open a page that allows you to test the token response for the selected token: In the Response text box, enter a token response, and then click Verify.

Reset

Click to re-synchronize the token.

Recover

Click to reset the passphrase for the token.

Unassign

Click to unassign the token from the user.

Set Defender Password

The Set Defender Password command allows you to set a Defender password for the selected user.

On Set Defender Password page, you can use the following elements:

  • New password  Type the new Defender password for the user.
  • Confirm password  Type the new Defender password to confirm it.
  • Expire password  Select this check box if you want the new Defender password to expire in a preconfigured period of time.
  • Set Password  Click this button to apply the new password.

Program Defender Token

The Program Defender Token command allows you to program a security token for the selected user. Clicking this command opens the following page:

On Program Defender Token page, select the token you want to program, and, if applicable, a token operational mode (synchronous or challenge-response). When finished, click the Program button.

For some token types, a new page with the following additional options may open:

  • Token serial  Displays the serial number of the token you have assigned to the user.
  • Activation code  Displays the code the user must enter to activate the assigned token. You can click the Copy button to copy the displayed activation code to the Windows Clipboard.
  • Send activation e-mail to  Allows you to send the token activation code to the user by e-mail. Type the recipient e-mail address in the text box, and then click Send to send the e-mail message containing the activation code to the user. This option is only available if you have enabled it via a Group Policy administrative template supplied with Defender. For more information, see Administrative templates.

Enabling additional features via Group Policy

You can use Group Policy to enable a number of optional features provided by the Defender Integration Pack for Active Roles. These features include the automatic sending of e-mails with token activation codes, propagation of token configuration settings via Group Policy, and the ability to set an expiry period for temporary responses. To enable these features, you need to use the Group Policy administrative template supplied with Defender.

To enable Defender features via Group Policy

  1. Install the Defender Group Policy administrative template (DefenderGroupPolicy.adm) on a domain controller.
  2. Configure the settings provided by the Defender Group Policy administrative template.

For more information, see Installing administrative templates.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级