Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Windows XP SP2/SP3<br />
• Windows Vista<br />
• Windows 7<br />
If you intend to use the x64 (64-bit) <strong>Scripting</strong> <strong>Driver</strong>, you must install an x64 (not IX64) version of<br />
Windows.<br />
2.2.3 Windows PowerShell<br />
If you intend to use Windows PowerShell, follow these steps:<br />
1. Install the latest version of the .NET Framework available from Microsoft (http://<br />
www.microsoft.com). You must install the x86 or x64 version of .NET that corresponds to the<br />
version of the <strong>Scripting</strong> <strong>Driver</strong> you intend to use.<br />
2. Install Windows PowerShell 1.0, also available from Microsoft (http://www.microsoft.com/<br />
technet/scriptcenter/hubs/msh.mspx). You must use the x86 or x64 version of PowerShell that<br />
corresponds with the version of the <strong>Scripting</strong> <strong>Driver</strong> you intend to use.<br />
3. Change PowerShell’s default script execution policy.<br />
IMPORTANT: To allow scripts to run, you must change PowerShell’s default script execution<br />
policy as follows.<br />
a. Open PowerShell from the Windows Start menu.<br />
b. Enter the following command:<br />
Set-ExecutionPolicy Unrestricted<br />
The setting is saved when you press the Enter key.<br />
c. Close PowerShell.<br />
2.2.4 Other Software<br />
• Novell i<strong>Manager</strong> 2.7; can be installed on the <strong>Identity</strong> Vault Server or a separate system<br />
• Novell Designer 3 (optional; <strong>for</strong> development).<br />
2.3 Establishing a Security-Equivalent User<br />
The driver must run with security equivalent to a user with sufficient rights. You can set the driver<br />
equivalent to ADMIN or a similar user. For stronger security, you can define a user with only the<br />
minimal rights necessary <strong>for</strong> the operations you want the driver to per<strong>for</strong>m.<br />
The driver user must be a trustee of the containers where synchronized identities reside, with the<br />
rights shown in Table 2-1. Inheritance must be set <strong>for</strong> [Entry Rights] and [All Attribute Rights].<br />
Table 2-1 Base Container Rights Required by the <strong>Driver</strong> Security-Equivalent User<br />
Operation [Entry Rights] [All Attribute Rights]<br />
Planning <strong>for</strong> the <strong>Scripting</strong> <strong>Driver</strong> 17