Scenario: Using a network access role to edit group policies
The steps in this section illustrate a specific scenario of how to configure and use a desktop right and a network access right that allows the user Josh.Adams to log on with his normal Active Directory credentials, open an application that enables him to edit group policies, then connect to a domain controller with administrative privileges so that he can edit a Group Policy Object.
- Install the Centrify Agent for Windows on the domain controller.
- Install the Centrify Agent for Windows on a Windows computer that hosts the Group Policy Management console that the Josh.Adams uses to access the domain controller remotely.
- Assign Josh.Adams the predefined Windows Login role and the custom role definition
gpedit
that includes a desktop right and a network access right. - Josh Adams logs on to his Windows computer using his Active Directory user name and password.
To use a role with network access rights, you cannot log on using a local user account. You must use a domain user account authenticated using Active Directory.
-
On his local computer, Josh right-clicks the Centrify icon in the system tray section of the task bar, then selects New Desktop.
-
In his list of available roles, Josh selects his
gpedit
role, then clicks OK. -
Josh opens the Group Policy Management console on his local computer, connects to the domain controller in the console, then selects the default domain policy Group Policy Object.
-
Josh right-clicks the default domain policy, then selects Edit to modify the group policy.
-
When he is done working with the group policies, he switches back to his default desktop.