Deploying Defender Desktop Login. using Microsoft Group Policy

Similar documents
formerly Help Desk Authority Quest Free Network Tools User Manual

formerly Help Desk Authority HDAccess Administrator Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Quest vworkspace Virtual Desktop Extensions for Linux

4.0. Offline Folder Wizard. User Guide

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Defender Delegated Administration. User Guide

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Object Level Authentication

Introduction to Version Control in

Defender 5.7. Remote Access User Guide

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Dell Statistica Document Management System (SDMS) Installation Instructions

formerly Help Desk Authority Upgrade Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

formerly Help Desk Authority HDAccess User Manual

Dell One Identity Cloud Access Manager How to Configure for High Availability

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Dell Statistica Statistica Enterprise Installation Instructions

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager Installation Guide

Quick Connect Express for Active Directory

Spotlight Management Pack for SCOM

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Dell InTrust Preparing for Auditing Cisco PIX Firewall

FOR WINDOWS FILE SERVERS

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Quest Collaboration Services How it Works Guide

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Desktop Authority vs. Group Policy Preferences

Quest Collaboration Services 3.5. How it Works Guide

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Foglight Cartridge for Active Directory Installation Guide

Quest Privilege Manager Console Installation and Configuration Guide

Dell InTrust Preparing for Auditing Microsoft SQL Server

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Security Analytics Engine 1.0. Help Desk User Guide

Foglight Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Quest ChangeAuditor 4.8

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

8.7. Target Exchange 2010 Environment Preparation

DATA GOVERNANCE EDITION

2.0. Quick Start Guide

Enterprise Reporter Report Library

Foglight. Managing Hyper-V Systems User and Reference Guide

Active Directory Change Notifier Quick Start Guide

Troubleshooting Guide 5.1. Quest Workspace ChangeBASE

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Spotlight on Messaging. Evaluator s Guide

New Features and Enhancements

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Foglight Managing Microsoft Active Directory Installation Guide

6.7. Replication: Best Practices and Troubleshooting

How to Deploy Models using Statistica SVB Nodes

ChangeAuditor 6.0. Web Client User Guide

Foglight. Dashboard Support Guide

Quest vworkspace. System Requirements. Version 7.2 MR1

10.2. Auditing Cisco PIX Firewall with Quest InTrust

Dell InTrust Preparing for Auditing CheckPoint Firewall

Web Portal Installation Guide 5.0

8.7. Resource Kit User Guide

Quest Management Agent for Forefront Identity Manager

6.7. Quick Start Guide

Top 10 Most Popular Reports in Enterprise Reporter

About Recovery Manager for Active

FOR SHAREPOINT. Quick Start Guide

Security Explorer 9.5. User Guide

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Foglight Experience Monitor and Foglight Experience Viewer

ActiveRoles 6.9. Replication: Best Practices and Troubleshooting

Dell InTrust 11.0 Best Practices Report Pack

Enterprise Single Sign-On 8.0.3

6.9. Administrator Guide

Security Explorer 9.5. About Security Explorer 9.5. New features. June 2014

Enterprise Single Sign-On Installation and Configuration Guide

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

Powershell Management for Defender

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

NetVault LiteSpeed for SQL Server version Integration with TSM

Dell Client Profile Updating Utility 5.5.6

Organized, Hybridized Network Monitoring

ActiveRoles 6.8. Web Interface User Guide

Dell Spotlight on Active Directory Deployment Guide

Built-in Plug-ins User s Guide

10.6. Auditing and Monitoring Quest ActiveRoles Server

Dell NetVault Backup Plug-in for SharePoint 1.3. User s Guide

NCD ThinPATH Load Balancing Startup Guide

Transcription:

Deploying Defender Desktop Login using Microsoft Group Policy

2012 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com email: legal@quest.com Refer to our Web site for regional and international office information. TRADEMARKS Quest, Quest Software, the Quest Software logo and itoken are trademarks and registered trademarks of Quest Software, Inc. Other trademarks and registered trademarks used in this guide are property of their respective owners. Disclaimer The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. Deploying Defender Desktop Login using Microsoft Group Policy Updated November 2012 Software Version 5.7 2 P age

Contents Introduction... 4 Deployment of Defender Desktop Login using Microsoft Group Policy... 4 Create a Defender Desktop Logon MSI package... 4 Create a network share and set the file permissions... 4 Create a Group Policy package for deployment... 5 Defender Desktop Login MSI Properties... 5 DSS... 5 SHARED_SECRET... 6 EXCLUSION_MODE... 6 EXCLUSION_GROUPS... 7 ALLOW_OFFLINE_LOGON... 7 OFFLINE_LOGON_DAYS... 8 OFFLINE_LOGON_COUNT... 8 DISPLAY_NOTIFICATIONS... 8 STORE_PASSWORDS... 9 MANAGE_PASSWORDS... 9 WAIT_FOR_NETWORK... 9 BLOCK_CREDENTIAL_PROVIDERS... 10 3 P age

Introduction This document describes: how to deploy the Defender Desktop Login software using Microsoft Group Policy the available configuration properties within the MSI package. This feature enhancement is available in Defender Desktop Login Client hotfix 5.5.0.1255 or above. Deploying Defender Desktop Login using Microsoft Group Policy There are three separate steps to perform to create the Defender Desktop Login package for deployment within your Microsoft Active Directory domain. Create a Defender Desktop Login MSI Package 1. Open the MSI Defender Desktop Login software package in your MSI editing package. 2. Customize and save the existing MSI package or create a MST transform file with the MSI Properties listed below. Create a Network Share and Set the File Permissions 1. Create a directory and copy the customized Defender Desktop Login software to this directory. 2. Set the appropriate share and security permissions on this directory and ensure inherits permissions are set on all files below. 4 P age

Create a Group Policy Package for Deployment 1. Navigate to Group Policy on your Windows Server. 2. Edit the existing Default Domain Policy or create new policy. 3. Expand Computer Configuration then Software Settings. 4. Right click Software installation and select New, then Package. 5. Navigate to your network share detailed in the above step and select the customized MSI file. 6. When the Deploy Software box is displayed, select Advanced. 7. Select the Modifications tab, then Add to add your MST transform file (if applicable). 8. Optionally, modify the other options as required, then select OK. This will deploy the Defender Desktop Login package to all computers within the selected Domain Group Policy. Optionally, you can configure Microsoft Group Policy to apply the package to selected OU s rather than all computers by creating a new policy. Defender Desktop Login MSI Properties The following MSI installation configuration options can be added on the command line or specified as a property in the MSI installation routine. These properties can be edited or have a MSI transform file associated using an MSI editor of your choice. These settings should be specified as shown below in bold. DSS This setting specifies a list of Defender Security Server(s) and port(s) for the Defender Desktop Login software to authenticate against. Each IP address or DNS name must have a port which is specified using a colon. For multiple entries, use a semi colon as shown below (without a space). Example Single: DSS=IP_Address:port DSS=10.0.0.1:1812 Multiple: DSS=DNS_Name1:port;DNS_Name2:port DSS=DefenderDC1:1812;DefenderDC2:1812 5 P age

SHARED_SECRET This setting specifies the shared secret which is used to securely communicate and authenticate against the Defender Security Server. SHARED_SECRET=Quest_Software EXCLUSION_MODE This setting determines how the Defender Desktop Login software authenticates users. 0 Everyone is Defender authenticated 1 Users in EXCLUSION_GROUPS are not Defender authenticated 2 Users in EXCLUSION_GROUPS are Defender authenticated EXCLUSION_MODE=0 If you choose 1 or 2 you must ensure that the groups are specified in the EXCLUSION_GROUPS property shown on the Defender Desktop Login Configuration, Exclusions tab: 6 P age

EXCLUSION_GROUPS This setting determines which groups the Defender Desktop Login software will exclude for user authentications. If a user belongs to this group, they will/will not be Defender two-factor authenticated (depending on the setting in EXCLUSION_MODE). In the example, local Administrators and DEFENDERQC\Domain Admins are excluded from Defender two-factor authentication. If you wish to specify multiple groups, you must separate each group with a semi colon (without a space). EXCLUSION_GROUPS=Administrators;DEFENDERQC\Domain Admin ALLOW_OFFLINE_LOGON This setting configures the Defender Desktop Login software to allow users to authenticate offline. 0 - Offline logons are disabled 1 - Offline logins are valid for number of days 2 - Offline logins are valid for a set number of successful logins If you choose 1 or 2 you must ensure that the OFFLINE_LOGON_DAYS or OFFLINE_LOGON_COUNT properties are specified. ALLOW_OFFLINE_LOGON=2 7 P age

OFFLINE_LOGON_DAYS This setting specifies the number of days the user can authenticate offline before they need to perform an online logon. OFFLINE_LOGON_DAYS=12 This setting requires the ALLOW_OFFLINE_LOGON property to be set to 1. OFFLINE_LOGON_COUNT This setting specifies the number of times the user can successfully authenticate offline before they need to perform an online logon. OFFLINE_LOGON_COUNT=45 This setting requires the ALLOW_OFFLINE_LOGON property to be set to 2. DISPLAY_NOTIFICATIONS This setting alerts users when an offline logon occurs and displays information about the number of offline logons/days remaining. 0 = No 1 = Yes DISPLAY_NOTIFICATIONS=1 8 P age

STORE_PASSWORDS This setting stores the user s current password so they are not prompted to re-enter it during each two-factor login. 0 = No 1 = Yes STORE_PASSWORDS=1 MANAGE_PASSWORDS This setting allows Defender Desktop Login to change a user s password when prompted or when expired. The options are: 0 = No 1 = Yes MANAGE_PASSWORDS=1 WAIT_FOR_NETWORK This setting will make the Defender Desktop Login software wait for the network to become available during startup. The time period is specified in seconds. The default value is 60 seconds. WAIT_FOR_NETWORK=60 9 P age

BLOCK_CREDENTIAL_PROVIDERS This setting allows the Defender Desktop Login to block other credential providers. If not specified, the default value is 0. 0 - Block all except Defender 1 - Block Microsoft 2 - Allow all BLOCK_CREDENTIAL_PROVIDERS=0 10 P age

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information