Installation GuideEnd User GuideVideo TutorialsPolicy actions can be one of the following:
|
Item Action |
Account name |
Group Name |
Description |
|
Scramble user |
Account name |
None |
Set the password of this local account to a new generated value that can only become known though an audited ForestSafe procedure. |
|
Delete User |
User name |
None |
Delete the local account |
|
Rename User |
Old account Name |
New account name |
Rename the local account |
|
Join group |
Account name |
Group name |
Add the account to the local group |
|
Unjoin group |
Account name |
Group name |
Remove the account from the local group |
|
Add User |
Account name |
None |
Add the account |
Policy Status
A policy item may complete with a status of OKAY, NEUTRAL, ACC_ONLY, WARNING, FAILURE or NOT RESPONDING. If the command fails to run, the status is ERROR, if it is successful the status is OKAY.
There are also circumstances such as RENAME USER where failures are allowed. For example the second time a RENAME USER runs, the old user has been renamed and therefore no longer exist. There are also integrity failures; these have status WARNINGS. All of these exceptions are shown in the following table:
|
Action |
Result |
status |
|
DELETE USER |
User does not exist |
OKAY |
|
RENAME USER |
Old user does not exist and new User does. |
OKAY |
|
RENAME USER |
The old user and new user accounts exist |
WARNING |
|
RENAME USER |
The old user and new user do not exist |
WARNING |
|
JOIN GROUP |
The user does not exist |
WARNING |
|
JOIN GROUP |
The group does not exist |
WARNING |
|
UNJOIN GROUP |
The user does not exist |
WARNING |
|
UNJOIN GROUP |
The group does not exist |
WARNING |
|
SCRAMBLE USER |
The user does not exist |
WARNING |
|
|
|
|
Policy Simple example
A computer joins the domain. After the configured delay, policy is applied to the computer to scramble the administrator account which is successful.
In this example there are 2 status changes: PENDING->OKAY
Policy Complex example
A computer account is created in active directory. Later a netdom command is used to join a physical computer to the logical computer account. After a configured delay, policy is applied to the computer to scramble the administrator account which fails because the computer has been switched off. The computer is powered on and policy is automatically retried and applied successfully.
In the above example there are 4 state changes: ACC_ONLY->PENDING->NOT RESPONDING->OKAY
