Access Director | User Guide | Group Policies

Configuring Access Director using Group Policies

 

Standard Settings

Contains settings to control the behavior of Access Director.

Set Local Security Group

If you enable this policy setting, Access Director will validate whatever current user is member of the defined group. If the group does not exist or user is not a member, Access Director will restrict the user from being assign privileges. User is required to be direct member, as service do not resolve local group or domain group membership. If you disable or do not configure this setting, Access Director does not validate against a Local Security Group allowing current user to be assigned privileges.

Scope: Machine

Value: Group name

Default Value: Access Director

Set time-span for assigning privileges

This policy setting sets the time-span for users to gain administrative privileges. If you enable this setting, time-span can be from to 1 to 60 minutes. If you disable do not configure this setting Access Director will use existing settings.

Scope: Machine

Value: 1 minute, 2 minutes, 5 minutes, 10 minutes, 15 minutes, 20 minutes, 30 minutes, 1 hour

Default Value: 2 minutes

Set user name presentation

This policy setting set the presentation of the user name for the Access Director Tray icon. If you enable this policy setting, user name can be set as Username, Full name or Domain\Username. If you disable or do not configure this policy setting, Access Director will use existing settings.

Scope: Machine

Value: 1: User name, 2: Full name, 3: Domain\User name

Default Value: 2: Full name

Advanced Settings

Contains settings to control advanced settings for Access Director.

Assign privileges at login

If you enable this policy setting, the current user will be assigned privileges at login. The users is not required to use tray icon to be assigned privileges. If you disable or do not configure this policy setting, the users is required to use tray icon to be assigned privileges.

Scope: Machine

Value: None

Default Value: Not configured

Enable resuscitate options

If you enable this policy setting, you can specify if Access Director will preserve local administrator membership during logoff/restart/shutdown (not recommended). If you disable or do not configure this policy setting, Access Director will remove the user from the local administrator group during an active time-span.

Scope: Machine

Value: 1: Preserve assignment during logout/login, 2: Preserve assignment during restart/shutdown, 3: Preserve assignment for all.

Default Value: Not configured

Enable user configuration

If you enable this policy setting, end users can be giving access to configure settings. Settings available: Allow Basis configuration (Assignment time, Identity), Allow Advanced configuration (AssignAtLogin (disable timer)), Allow Resuscitate configuration (Hidden from configuration window). If you disable or do not configure this policy setting, end users does not have access to configure settings.

Scope: Machine

Value: 1: Allow Basis configuration, 2: Allow Advanced configuration, 3: Allow Resuscitate configuration

Default Value: Not configured

Enable verbose logging

If you enable this policy setting, Access Director will do verbose logging to %TEMP%\AccessDirector.log. If you disable or do not configure this policy setting, Access Director will maintain standard logging.

Scope: Machine

Value: None

Default Value: Not configured

Audit Settings

Contains settings to control behavior of Access Director Audit settings.

Enable Audit

If you enable this policy setting the Access Director activity is logged in plain text in the audit log placed in %TEMP%\. If you disable or do not configure this policy setting, Access Director do not maintain an audit log.

Scope: Machine

Value: None

Default Value: Not configured

Enable reason for Assigning Privileges prompt

This policy setting allows you to specify whether Access Director will request ‘reason for Assigning Privileges’ prompt as part of the assignment process. If you disable or do not configure this setting, ‘reason for Assigning Privileges’ prompt is not available. Note: If the “Enable Audit” setting is disabled or not configured, this setting is ignored.

Scope: Machine

Value: None

Default Value: Not configured

Set Audit URL

If you enable this policy setting, Access Director will upload the audit logs to the defined URL .If you disable or do not configure this policy setting audit logs are not collected. Note: If the “Enable Audit” setting is disabled or not configured, this setting is ignored.

Scope: Machine

Value: None

Default Value: Not configured

Set Audit refresh interval

To specify the Audit refresh interval, click Enabled and then enter a value. The value that you specify is the number of seconds to use for the Connector refresh interval. For example, 1800 seconds is 30 minutes.

Scope: Machine

Value: None

Default Value: Not configured

Connector Settings

Contains settings to control behavior of Access Director Connector settings.

Enable Connector

If you enable this policy Access Director will be able to integrate to third-party solutions for assigning privileges validation. If enabled, a properly crafted web-service must be in place and a correct Connector URL must be specified.

Scope: Machine

Value: None

Default Value: Not configured

Set Connector URL

If you enable this policy setting, Access Director will attempt to validate assignments request using third-party integration. If URL is not available, Access Director will use cached information. Note: If the “Enable Connector” setting is disabled or not configured, this setting is ignored.

Scope: Machine

Value: None

Default Value: Not configured

Set Connector refresh

To specify the Connector refresh interval, click Enabled and then enter a value. The value that you specify is the number of seconds to use for the Connector refresh interval. For example, 1800 seconds is 30 minutes. Note: If the “Enable Connector” setting is disabled or not configured, this setting is ignored.

Scope: Machine

Value: None

Default Value: Not configured

Set Connector renewal interval

If you enable this policy setting, Access Director will require cached information to be renewed within the specified renewal interval. If cached information can’t be renewed within the renewal interval, user assigning privileges will be denied. To specify the Connector renewal interval, click Enabled and then enter a value. The value that you specify is the number of days to use for the Connector renewal interval. Note: If the “Enable Connector” setting is disabled or not configured, this setting is ignored.

Scope: Machine

Value: None

Default Value: Not configured

Localization Settings

Contains settings to control behavior of Access Director Localization settings.

Select Preferred UI Reference

This policy setting define whatever UI language will be based on the Windows Display Language or based on the users Keyboard layout. If you disable or do not configure this setting, ‘UI language’ will use Windows Display Language as reference. Note: If a language is configures and no applicable .LNG files is present, Access Director ‘UI language’ will default to English.

Scope: Machine

Value: None

Default Value: Not configured

Select Preferred UI Language

If you enable this policy setting, Access Director will use to the selected ‘UI language’. If you disable or do not configure this setting, ‘UI language’ will use Windows Display Language as reference. Note: If a language is configures and no applicable .LNG files is present, Access Director ‘UI language’ will default to English.

Scope: Machine

Value: None

Default Value: Not configured