McAfee EPOCDE-AA-BA Product Guide - Page 54
Registered LDAP servers, Windows authorization, Assign permissions, Active Directory User Login
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
7 Configuring advanced server settings Configuring Active Directory user login • Against the domain that your McAfee ePO server is joined to (default). • Against a list of one or more domain controllers. • Against a list of one or more DNS-style domain names. • Using a WINS server to look up the appropriate domain controller. If you use domain controllers, DNS-style domain names, or a WINS server, you must configure the Windows authentication server setting. Registered LDAP servers It is necessary to register LDAP servers with your McAfee ePO server to permit dynamically assigned permission sets for Windows users. Dynamically assigned permission sets are permission sets assigned to users based on their Active Directory group memberships. Users trusted via one-way external trusts are not supported. The user account used to register the LDAP server with ePolicy Orchestrator must be trusted via a bi-directional transitive trust, or must physically exist on the domain where the LDAP server belongs. Windows authorization The server setting for Windows authorization specifies which Active Directory (AD) server ePolicy Orchestrator uses to gather user and group information for a particular domain. You can specify multiple domain controllers and AD servers. This server setting supports the ability to dynamically assign permission sets to users that supply Windows credentials at login. ePolicy Orchestrator can dynamically assign permission sets Windows Authenticated users even if Active Directory User Login is not enabled. Assign permissions You must assign at least one permission set to an AD group other than a user's Primary Group. Dynamically assigning permission sets to a user's Primary Group is not supported, and results in application of only those permissions manually assigned to the individual user. The default Primary Group is "Domain Users." Active Directory User Login When you have configured the previously discussed sections, you can enable the User autocreation server setting. User autocreation allows user records to be automatically created when the following conditions are met: 54 McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide