Specify the full path of the
dzdo validator. The settings in this group policy are used only when the Require dzdo command validation check group policy is enabled.
dzdo validator is a script that runs synchronously under the user’s Active Directory name. If the Require dzdo command validation check group policy is enabled, the
dzdo validator runs when users attempt to execute
dzdo commands. Command attempts that pass validation are allowed to run. Command attempts that fail validation are not allowed to run.
The default location of the
dzdo validator is
/usr/share/centrifydc/sbin/dzcheck. If you set this group policy to Not configured or Disabled, the validator located in this default location is used.
If you set this group policy to Enabled, the
dzdo validator that you specify is used.
Note that the authentication, privilege elevation, and audit and monitoring services distribution package does not include a
dzcheck script. Instead, a sample validator,
/usr/share/centrifydc/sbin/dzcheck.sample, is provided for reference. To configure and enable the
dzdo validator, modify the sample script or create a new script, then place that script in the default location (
/usr/share/centrifydc/sbin/dzcheck) or use a location and script name of your choice that you specify in this group policy.
You do not need to create a
dzcheck script to use
dzdo. You only need to create a script if you want to modify
dzdo behavior so that validation occurs when
dzdo commands attempt to run.
This group policy modifies the
dzdo.validator setting in the agent configuration file. For more information about configuring the
dzdo validator, see the “dzdo.validator” section in the Configuration and Tuning Reference Guide.