Next Topic

Previous Topic

Book Contents

Configuring User Policies

  1. Click the Directory Services > Domains > Users tab.
    • KDS user policies enable users to logon to the VSA or to Portal Access using their domain credentials.
    • Each domain credential can be applied to only one of two kinds of VSA logons:
      • VSA user logons - These logons are used by VSA administrators.
      • Portal Access logons - These logons are used by machine users who want to access their own machines remotely.
    • User groups are simply called "groups" in an Active Directory domain. Each group in this tab is identified by its canonical name. A canonical name provides the complete hierarchy of OUs/containers used to locate folders and items—such as computers, contacts or groups—in a domain, similar in format to the full path name of a file in a disk directory.
    • An additional column shows a count for the number of users in each group.
  2. Select a group that shows a count for one or more users.
    • The same member can be a member of multiple groups in an Active Directory domain.

      Note: Sort this tab by clicking the Sort Descending option in the Users Policies column heading. This ensures any groups with user counts greater than zero that don't yet have policies assigned are listed near the top of the tab.

  3. Select the Configure Users Policy button.
    • The Users Policy dialog displays, listing the Member Users in this group.
  4. Select a Member Group Policy.
    • Each user group in KDS can be assigned one of three different VSA logon policies. These policies are applied to all users belonging to the group. They cannot be applied to individual users within a group.
      • Do Not Include Users - Do not create VSA user logons or Portal Access logons for domain users listed in this user group.
      • Create Staff Members - Creates a staff member record. These users can be assigned Portal Access to a machine manually.

        Note: The user can only be manually assigned the portal access user of a machine—using the Users & Portal Users page—if the user was the last user logged on to that machine. The list of eligible machines are listed in the Last Logged-onto Machines field in the lower panel of this same page.

      • Create Staff and make Auto Portal Candidates - Designates domain users in this user group as Portal Access candidates. See Making Portal Access Candidates for details.
      • Create VSA Users - Creates VSA user logons for domain users listed in this user group.
    • Since each domain user can belong to multiple domain user groups, a domain user is assigned the highest ranking VSA logon policy assigned to any user group the domain user is a member of.
      • Create VSA Users outranks Create Staff and make Auto Portal Candidates
      • Create Staff and make Auto Portal Candidates outranks Create Staff Members
      • Create Staff Members outranks Do Not Include Users
  5. If Create VSA Users is selected:
    • Role Lookup - Select the role these users will use.
    • Scope Lookup - Select the scope these users will use.
    • If a scope with the same name as the organization does not already exist, a Word 60% / HTML 100% displays to the right of the Scope Lookup drop-down list of the User Policy dialog. Clicking the Word 60% / HTML 100% icon enables you to create a new scope that has the same name as the organization associated with the domain. Once the scope is created the Word 60% / HTML 100% no longer displays to the right of the Scope Lookup drop-down list and text at the top of the dialog indicates the default scope already exists.
    • If the same user is assigned to multiple groups, and different roles and scopes are assigned to each group, then when the user logs on to the VSA, these roles and scopes will be available in the roles/scope selector in the upper-right corner of the VSA window.

      Note: Roles/scope assignments using User Policies can be modified and reapplied multiple times. Successive changes will cause roles and scopes to accumulate, rather than be replaced. KDS never removes records in the VSA.

  6. Click Save to close this dialog.
    • The dialog closes and the policy you selected displays in the Users Policy column.
  7. If you've already configured KDS policies for computers and contacts, click the Apply Changes button.

    Note: The Apply Changes button should only be clicked when policies for both the Computer / Contact Policies and User Policies tabs are completed. The Apply Changes button applies changes made to both tabs.

  8. Now that policies are applied, return to the Agent Deployment Policy tab and check the Automatically install Agents when computer is discovered, if this checkbox is not already checked.