Mapping user configuration policies

The adclient daemon determines the group policies that apply to Linux, UNIX, or Mac OS X users using the same rules for inheritance and hierarchy that apply to Windows users. When a user logs into an agent-managed computer, the adclient process detects the log-in and does the following:

  • Contacts Active Directory.
  • Checks for the Group Policy Objects that are linked to each organizational unit the user is a member of.
  • Determines all of the configuration settings that apply to the user account, and retrieves those settings from the System Volume (SYSVOL).
  • Writes all of the configuration settings to a virtual registry on the local computer.
  • Starts the runmappers program to initiate the mapping of configuration settings using individual mapping programs for user policies.

The mapping programs in the /usr/share/centrifydc/mappers/user directory then read the virtual registry for the appropriate Linux-, UNIX-, or Mac OS X-specific user configuration settings and locate the appropriate configuration files to change, then modify those files accordingly.

After the user has logged on, the adclient daemon will periodically check with Active Directory to determine the current group policy settings for the user unless you disable group policy updates.