Resolution
goal
How do I change or edit the default 'All Users' group for Secure Password Administrator?
fact
Directory and Resource Administrator 7.x
fact
Secure Password Administrator 1.0
fix
In the SPA Users from All Managed and Trusted Domains ActiveView in Directory and Resource Administrator (DRA), the default All Users group can not be removed or edited in the Rules. Additionally, in Assignments, the SPA Users Assistant Admin group, which is delegated the built-in role of Reset Password and Unlock Account Using SPA, can not be removed or edited. However, additional rules and assignments can be added to this ActiveView.
note
How do I change or edit the default 'All Users' group for Secure Password Administrator?
fact
Directory and Resource Administrator 7.x
fact
Secure Password Administrator 1.0
fix
In the SPA Users from All Managed and Trusted Domains ActiveView in Directory and Resource Administrator (DRA), the default All Users group can not be removed or edited in the Rules. Additionally, in Assignments, the SPA Users Assistant Admin group, which is delegated the built-in role of Reset Password and Unlock Account Using SPA, can not be removed or edited. However, additional rules and assignments can be added to this ActiveView.
note
There is a way to circumvent all users from having the ability to perform the aforementioned default powers in this ActiveView. For details on how to lock down delegation in this ActiveView, see the following knowledge base article:
- NETIQKB43423: Is it possible to lock down the delegation of powers in the 'SPA Users from All Managed and Trusted Domains' ActiveView?
Additional Information
Formerly known as NETIQKB43422