立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

ADSI Configuration setting

This setting provides a configurable performance enhancement for large installations by ensuring that for read and write operations, Defender always uses the domain controller to which the Active Directory Users and Computer (ADUC) tool is connected.

When this setting is enabled and the Allow serverless bind check box is cleared, Defender reads and writes data in Active Directory by using the domain controller to which ADUC is connected.

When this setting is enabled and the Allow serverless bind check box is selected, Defender relies on the Active Directory Service Interfaces Editor (ADSI Edit) tool to select a domain controller through which it can read and write data in Active Directory. This is also the default Defender behavior when this setting is not enabled.

Updating Administrative templates from .adm to .admx

You can follow the steps mentioned below to update administrative templates from .adm to .admx on both Domain Controller and Client computer.

 

Domain Controller

Before updating the templates, you should remove the existing .adm templates and then proceed updating the templates.

To remove the administrative templates on Domain Controller

  1. Open the Group Policy Management (gpmc.msc).
  2. Right click on the GPO you have created, set Enforced to disable.
  3. Again, right click on the GPO, and on the shortcut menu, click Edit.

Group Policy Management Editor opens.

  1. In the left pane (console tree) of Group Policy Management Editor, expand Computer Configuration\Policies.
  2. Right-click the Administrative Templates node, and then click Add/Remove Templates.
  3. In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.

 

To update the administrative templates on Domain Controller

  1. Navigate to %windir%\SYSVOL\sysvol\<DomainName>\Policies directory.
    1. Create a folder PolicyDefinitions and copy the DefenderGroupPolicy.admx file into this folder.
    1. In the PolicyDefinitions folder, create a language specific folder, such as en-US, and then copy the DefenderGroupPolicy.adml file into this folder.
  2. Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings.

NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor.

  1. Right click the GPO in Group Policy Management, and then click Enforced to enable.

 

Client computer

To remove the administrative templates on client computer

  1. Open the Group Policy Management Editor (gpedit.msc).
  2. Expand Computer Configuration\Policies.
  3. Right-click the Administrative Templates node, and then on the shortcut menu, click Add/Remove Templates.
  4. In the Add/Remove Templates dialog box, select DefenderGroupPolicy.adm and DefenderBindingGroupPolicy.adm files and click Remove.

 

To update the administrative templates on client computer

  1. Copy the DefenderGroupPolicy.admx file into %windir%\PolicyDefinitions folder directory.
  2. Copy the DefenderGroupPolicy.adml file into %windir%\PolicyDefinitions\en-us directory.
  3. Open the Group Policy Management Editor and navigate to the Computer Configuration\Administrative Templates\One Identity\Defender directory to see the policy settings

NOTE: Make sure that the policy configuration settings are retained after updating into .admx templates in the Group Policy Management Editor.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级