立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Automating administrative tasks

Defender Management Shell, built on Microsoft Windows PowerShell technology, provides a command-line interface that enables automation of Defender administrative tasks. With the Defender Management Shell, administrators can perform token-related tasks such as assigning tokens to users, assigning PINs, or checking for expired tokens.

The Defender Management Shell command-line tools (cmdlets), like Windows PowerShell cmdlets, are designed to deal with objects—structured information that is more than just a string of characters appearing on the screen. The cmdlets do not use text as the basis for interaction with the system, but use an object model that is based on the Microsoft .NET platform. In contrast to traditional, text-based commands, the cmdlets do not require the use of text-processing tools to extract specific information. Rather, you can access required data directly by using standard Windows PowerShell object manipulation commands.

Before installing the Defender Management Shell feature, make sure your computer meets the system requirements described in the Defender Release Notes.

All cmdlets are presented in verb-noun pairs. The verb-noun pair is separated by a hyphen (-) without spaces, and the cmdlet nouns are always singular. The verb refers to the action that the cmdlet performs. The noun identifies the entity on which the action is performed. For example, in the Add-TokenToUser cmdlet name, the verb is Add and the noun is TokenToUser.

Installing Defender Management Shell

To install the Defender Management Shell

  1. In the Defender distribution package, open the Setup folder, and run the Defender.exe file.
  2. Complete the Defender Setup Wizard.

    When stepping through the wizard, make sure to select the Defender Management Shell feature for installation. For more information about the wizard steps and options, see Defender Setup Wizard reference.

Uninstalling Defender Management Shell

To uninstall the Defender Management Shell

  1. Open the list of installed programs (appwiz.cpl).
  2. In the list, click to select the Defender entry.
  3. At the top of the list, click the Change button and step through the wizard that starts.
  4. In the Change, Repair, or Remove Installation step, click the Change button.
  5. In the Select Features step, click the Defender Management Shell feature, and then click Entire feature will be unavailable.
  6. Complete the wizard.

Opening Defender Management Shell

You can open the Defender Management Shell by using either of the following procedures. Each procedure loads the Defender Management Shell snap-in into Windows PowerShell. If you do not load the Defender Management Shell snap-in before you run a command (cmdlet) provided by that snap-in, you will receive an error.

To open the Defender Management Shell

  1. Start a 32-bit version of Windows PowerShell.
  2. At the Windows PowerShell prompt, enter the following command:

    Add-PSSnapin OneIdentity.Defender.AdminTools

Alternatively, you can complete the following steps related to your version of Windows:

 

Table 33:

Alternative steps to open the Management Shell

Windows 8, Windows Server 2012, and Windows Server 2012 R2

On the Apps screen (Windows logo key + Q), click the Defender Management Shell tile.

Windows 10, Windows Server 2016, and Windows Server 2019
  1. Click the Windows Start button, and then scroll through the alphabetical list on the left.
  2. Click One Identity to expand the list of components of Defender products installed on the system.
  3. Click Defender Management Shell.

Upon the shell start, the console may display a message stating that a certain file published by One Identity is not trusted on your system. This security message indicates that the certificate the file is digitally signed with is not trusted on your computer, so the console requires you to enable trust for the certificate issuer before the file can be run. Either press R (Run once) or A (Always run). To prevent this message from appearing in the future, it is advisable to choose the second option (A).

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级