Mapping computer configuration policies

The Centrify agent, adclient, determines the group policies that apply to Centrify‑managed computers using the same rules for inheritance and hierarchy that apply to Windows computers. When the Linux, UNIX, or Mac OS X computer starts or when the computer policies are refreshed, adclient:

  • Contacts Active Directory.
  • Checks for the Group Policy Objects that are linked to each organizational unit of which the local computer is a member.
  • Determines all of the configuration settings that apply to the local computer, and retrieves those settings from the System Volume (SYSVOL).
  • Writes all of the configuration settings to a virtual registry on the local computer.
  • Starts the runmappers program to initiate the mapping of configuration settings using individual mapping programs for computer policies.

The mapping programs in the /usr/share/centrifydc/mappers/machine directory then read the virtual registry for the appropriate Linux-, UNIX-, or Mac OS X-specific computer configuration settings and locate the appropriate configuration files to change, then modify those files accordingly.

After the computer starts, the adclient daemon will periodically check with Active Directory to determine the current group policy settings for the computer unless you disable group policy updates.