立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Getting help

This section provides instructions on how to get help information for the cmdlets added by the Defender Management Shell to the Windows PowerShell environment.

Alternatively, you can get detailed information about the Defender Management Shell cmdlets by viewing the DefenderManagementShell.chm file located in the Defender Management Shell installation folder (by default, this is %ProgramFiles%\One Identity\Defender\Management Shell).

 

Table 34:

Common help commands

To view this...

Run this command...

A list of all the Defender Management Shell cmdlets available to the shell.

Get-Command –module OneIdentity.Defender.AdminTools

Information about the parameters and other components of a Defender Management Shell cmdlet.

Get-Command <CmdletName>

You can use wildcard character expansion. For example, to view information about the cmdlets with the names ending in Token, you can run this command:
Get-Command *Token

Basic help information for a Defender Management Shell cmdlet.

Get-Help <CmdletName>

Detailed help information for a Defender Management Shell cmdlet, including descriptions of available parameters and usage examples.

Get-Help <CmdletName> -full

Basic information about how to use the help system in Windows PowerShell, including Help for the Defender Management Shell.

Get-Help

Cmdlets provided by Defender Management Shell

For detailed information about the Defender Management Shell cmdlets, please view the DefenderManagementShell.chm file located in the Defender Management Shell installation folder (by default, this is %ProgramFiles%\One Identity\Defender\Management Shell).

 

Administrative templates

The Defender distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Defender Administration Console by default.

In the Defender installation package, you can find the below mentioned files in Setup\Group Policy Templates folder.

These administrative templates are supplied in the following files:

Table 35:

Defender Group Policy administrative templates

File

Provided functionality

DefenderGroupPolicy.admx

  • An option to limit the maximum configurable expiry time for the Temporary Helpdesk Token response feature.
  • Configuration options for programming software tokens through the Active Roles Web Interface.
  • An option to include a Send Mail feature allowing the sending of the token activation code by e-mail for a newly programmed software token.
  • Allows serverless binding for Defender to read and write data in Active Directory.

DefenderGroupPolicy.adml

  • Allows Group Policy Object Editor to display a policy setting in the locale.

This chapter consists of the following sections.

Installing administrative templates

To install the administrative templates on Domain Controller

  1. Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
    1. Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
    1. In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
  2. Open the Group Policy Management window (gpmc.msc).
    1. In the left pane (console tree), expand the appropriate forest node, and then expand the Domains node.
    2. Right-click the appropriate domain node, and then on the shortcut menu click Create a GPO in this domain and Link it here.
    3. In the New GPO dialog box, type a name for the GPO being created, and click OK.
  3. Add the Defender Group Policy administrative templates to the GPO you have just created:
    1. In the left pane (console tree) of Group Policy Management, right-click the GPO you have created, and then on the shortcut menu click Edit.

      Group Policy Management Editor opens.

    2. In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies\Administrative Templates.

    You can now see One Identity node and Defender sub-node appearing automatically.

 

To install the administrative templates on client computer

  1. Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
  2. Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.

  3. Open the Local Group Policy Editor (gpedit.msc).

    1. In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.

You can now see One Identity node and Defender sub-node appearing automatically.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级