Cybersecurity
DevOps Cloud
IT Operations Cloud
Groupwise 24.2
Windows Active Directory
This script is to address some points which the official Groupwise MMC Plugin does not support.
Installation: changes made by installation: - a folder to store the script and configuration files is created - that folder is shared with full access for domain administrators - script files and certificates are copied to the folder and edited with the fqdn of the server this is performed on - add two context menu entries to Active Directory Users and Computers when and where is installation needed: - initially on one domain controller for each Windows domain you want to use this with - if Groupwise CA changes - if you want to change the location of the script or the share name - if the GW configuration or credentials changes you only need to rerun the configure.ps1 from the directory where you installed the addon to Installation instructions: - log on to a DC of the Windows domain you want to use - make sure your account has enough permissions to perform all actions described above (Domain adminstrator rights may be needed) - make sure shares on the DC are reachable for all clients which will use this script - download GW certificate from https://<gw-ip>:<admin-port>/gwadmin-service/system/ca - run install.ps1 and enter the required data - give users who are allowed to use the script reading access to the new share - run configure.ps1 from the directory where you installed the addon to Client configuration and requirements: requirements: - user must be able to access the share where the addon was installed to via the fqdn of the server - the GW system you entered in configure.ps1 must be reachable from the client (address and port) - Active Directory Users and Computers must be installed changes made by the client configuration tool: - import the GW certificate to trusted root of your user - import the GWaddon certificate to trusted root and trusted publisher of your user - set Powershell ExecutionPolicy to RemoteSigned for the current user - add \\targetserver-fqdn to intranet sites configuration: - right click any user in ADUC and select "GWaddon client configuration" - this must be performed for each client / user combination - if installation is performed again users may need to run the configuration again - some of the changes done by "GWaddon client configuration" may prevented by GroupPolicies or similar. In those cases these changes have to be made on that level instead Usage: - right click any user in ADUC and select "GWaddon" Uninstall: - on the Server where Install was performed remove the folder selected during install - on Windows Server in the domain where this was installed, open "ADSI Edit" (search for the App in Windows) - right click on ADSI Edit -> connect to - Connection Point -> Select a well known Naming Nontext -> change the drop down selection to "Configuration" - press OK - navigate to CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=Domainname,DC=com - double click on user-Display - in the Tab "Attribute Editor" select "contextMenu" and press "Edit" - remove the two entries starting with "5,&GWaddon" and press OK - repeat for any additional language you installed the context menu for
GWAddon version 1.4
I will try to fix these issues as time allows and if there is enough demand