The Group Policy protection templates are global settings and apply to all agents.
NOTE: If you are planning to use multiple Group Policy Protection templates, see the Change Auditor Technical Insight Guide for more information about how multiple protection templates are evaluated. |
2 |
Click Protection. |
3 |
Select Group Policy in the Protection task list. |
4 |
Click Add to open the Group Policy Protection wizard and specify the GPOs to protect. |
6 |
Use the Browse or Search pages to locate and select the group policy container to protect. Click Add to add the selected container to the list. Repeat this step to add additional group policy containers. |
NOTE: The Search page is initially displayed which contains GroupPolicyContainer in the Find field and an * wildcard character in the Name field. Click Search to locate the Group Policy containers in your environment. |
7 |
By default, the create, modify attributes, and delete operations are selected; however, you can change this by using the drop-down arrow in the Operations cell in the list box and selecting or clearing the different operations. |
NOTE: The Allow option is selected by default indicating that the selected users or groups will be allowed to change the protected objects. However, you can select the Deny option at the top of this page and select individual users or groups that are NOT allowed to change the protected objects. When using the Deny option, you are allowing all users and groups to change the protected objects except for those selected on this page. |
10 |
Click Finish to save the template, close the wizard and return to the Group Policy Protection page. |
1 |
On the Group Policy protection page, select the template to modify and click Edit to open the Group Policy Protection wizard where you can modify the current list of objects and the authorized accounts. |
2 |
Click Finish to save your changes and return to the Group Policy protection page. |
1 |
On the Group Policy protection page, place your cursor in the Status cell of the template and click the arrow control and select Disabled. |
2 |
1 |
On the Group Policy Protection page, place your cursor in the Status cell for the object, click the arrow control, and select Disabled. |
2 |
1 |
On the Group Policy Protection page, select the template and click Delete | Delete Template. |
2 |
Click Yes to confirm. |
1 |
On the Group Policy Protection page, select the object to delete and click Delete | Delete Object. |
2 |
1 |
On the Group Policy Protection page, select the account and click Delete | Delete Override Account. |
2 |
1 |
On the Group Policy Protection page, select the account and click Delete | Delete Administration Account. |
2 |
The Group Policy Protection wizard opens when you click Add or Edit on the Group Policy Protection page. From here, you can define the Group Policy Objects to protect from unauthorized modifications.
The following table provides a description of the available fields and controls:
Create or modify a Group Policy Protection Template page: On the first page of the wizard, enter a name for the template and select the Group Policy objects to be protected. | |||||||
Once you have selected a container, click Add to add it to the list. | |||||||
The Search page initially contains GroupPolicyContainer in the Find field and an * wildcard character in the Name field. Click Search to locate the Group Policy containers in your environment.
When the ANR check box is checked, use one of the following methods to enter your search expression:
When the ANR check box is not checked, the search expression entered will be used to search only the Display Name of directory objects to locate a particular object.
Once you have selected a container, click Add to add it to the list at the bottom of the page. | |||||||
Use this page to modify the search options used to retrieve directory objects. | |||||||
| |||||||
By default, the create, modify attributes, and delete operations are selected. To change this use the drop-down arrow in the Operations cell and select and clear operations. | |||||||
(Optional) Select Accounts Allowed (Not Allowed) to Access Protected Objects page: By default all users and groups are prevented from changing the Group Policy containers selected for protection. However, you can use this page to specify individual users or groups that are allowed (not allowed) to change the protected objects.
| |||||||
Allow is selected by default indicating that the users and groups selected on this page will be the only accounts allowed to change the protected objects. Use the Browse or Search page to select the user or group accounts. | |||||||
Select the Deny option if you want to allow all users and groups to change the protected objects except for those selected on this page. Use the Browse or Search page to select the user or group accounts. | |||||||
After you have selected an account, click Add to add it to the list. | |||||||
After you have selected an account, click Add to add it to the list. | |||||||
Use the Options page to modify the search options used to retrieve directory objects. | |||||||
| |||||||
(Optional) Select Accounts Authorized to Manage This Protection Template page: By default members of the ChangeAuditor Administrators group are authorized to access the Administration Tasks tab and perform administration tasks, including defining Active Directory and Group Policy protection; however, once you enter a user or group account on this page you will be relinquishing your rights to modify the selected protection template to the users/groups specified on this page of the protection wizard.
| |||||||
Once you have selected an account, click Add to add it to the list. | |||||||
Once you have selected an account, click Add to add it to the list. | |||||||
Use the Options page to modify the search options used to retrieve directory objects. | |||||||
Use the buttons located above this list box to add and remove accounts.
|
When configured, you can prevent changes to objects in specified ADAM (AD LDS) instances.
The ADAM (AD LDS) protection page displays when you select ADAM (AD LDS) from the Protection task list in the navigation pane of the Administration Tasks tab. From here, you can start the ADAM (AD LDS) Protection wizard to define critical objects to protect from unauthorized modifications. You can also edit existing templates, disable and enable templates, and remove templates that are not longer being used.
The ADAM (AD LDS) Protection page contains an expandable view of all previously defined ADAM (AD LDS) protection templates. To add new ADAM (AD LDS) protection template, use the Add button. Once added, the following information is provided for each template:
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, see the Change Auditor User Guide for more information about how to gain access. |
• |
Excluded from Protection - indicates you selected the Allow option to allow only the selected accounts to change the protected objects. |
• |
Included in Protection - indicates you selected the Deny option to allow all accounts to change the protected objects except for those selected. |
• |
• |
• |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center