Most organisations use Microsoft Active Directory as their user directory. When implementing DualShield they will need to connect their DualShield authentication server to their Active Directory server, so that DualShield can carry out operations such as searching users, reading account properties etc. The access from DualShield to AD requires a user account with necessary access rights and privileges.
DualShield is capable of performing most of the tasks that are required of it, and requires no additional access rights other than those it would have by default as a Domain User.
There are however three optional features of the software that if used would require additional task access privileges to be designated.
In order for DualShield to be able to lock and unlock users, write access is required to the Active Directory property "Write lockoutTime”.
In order for DualShield to be enable or disable user accounts, write access is required to the Active Directory property “Write account restrictions”.
In order for DualShield to be enable or disable user accounts, write access is required to the Active Directory properties "Write Useraccount Control” and “Write pwdLastSet” .
Additionally, these features also need to obtain the permissions “Change Password” and “Reset Password”.
You will return to the form headed “Permission Entry for Dualshield”. Against the option “Applies to:” select the last option “Descendant User objects”. Next, in the section headed “Permissions:” select the permissions “Change password” and “Reset password”.
Scroll down to the properties section and select “Write account restrictions”.
Towards the end of the properties section then select “Write userAccountControl” then press the “OK” button.
You will now return to the window titled “Advanced Security Settings for DualShield”. Scroll through the list of permission entiries. The 6 option selections made above will each create an entry in the permission entries list (in the example below they are the permissions int the “access” column from the “Reset password” to the “Write account restrictions”). Click on the “Apply” button”.
A window will now open with the title of “Permissions”, click on the “Yes” button.
.You will now return to the window titled “Advanced Security Settings for Users”.
In the section “Permission entries:” you will be able to find 6 entries against DualShield click on the “OK” button.
.We have now return to the “Users Properties” window, and have created an account in the users folder called “DualShield” with the necessary security access rights, press “OK”.