Deploy

After you have prepared Active Directory, installed administrative consoles on at least one computer, and created at least one zone, you are ready to deploy on the computers to be managed.

Here are the key steps involved:

  • Download agent software from the Centrify Download Center or a network location.
  • Deploy the agent software on discovered computers that are ready for installation.
  • Determine whether there are any local accounts to migrate.

    Right-click discovered computers, then click Export Users and Groups to generate a text file containing information about local accounts. Review the text file to determine whether there are any local accounts to migrate to Active Directory.

    If there are local accounts that must be able to log on to the discovered computer, import the groups, then users and assign them the default UNIX Login role. For more information about migrating local accounts, see Migrating existing users to hierarchical zones.

  • Join the domain using the adjoin command.
  • Prepare basic group policies.

    The most common Windows computer configuration policies to deploy are:

    • Interactive Logon: Message text for users attempting to log on:—Enable and type a message that instructs the user to log on with an Active Directory user name and password.
    • Global Configuration Settings - MaxPollInterval:—Enable and set an interval if you are using Active Directory and the Centrify network time provider. Disable if you are using a native UNIX NTP daemon.
    • Enable Windows NTP Client—Enable if you are using Active Directory and the Centrify network time provider. Disable if you are using a native UNIX NTP daemon.

    The most common Centrify computer configuration policies to deploy are:

    • Set login password prompt—Enable and type a message that instructs the user to log on with an Active Directory user name and password.
    • Copy files—Enable to copy configuration files such as those required by autofs or sshd from the SYSVOL folder to managed computers.
    • Generate forwardable tickets—Disable to prevent logon tickets from being sent from one computer to another.