Automatically manage system configuration files

This configuration parameter specifies whether or not Centrify DirectControl Agent is allowed to automatically edit the NSS and PAM configuration files on the local computer.

The parameter value is set to true to allow the files to be edited, or false to prevent the files from being edited. The default value is true.

In most cases, this parameter should be set to true to allow Centrify DirectControl Agent to maintain configuration files automatically. If you set this parameter to true, you can further control the specific individual files to be automatically edited in different operating environments through additional configuration parameters. For example, you can use the adclient.autoedit.nss to enable or disable automatic editing of the nsswitch.conf file or the adclient.autoedit.pam to enable or disable automatic editing of the PAM configuration file. These additional configuration parameters are ignored in the adclient.autoedit parameter is set to false.

If you set the adclient.autoedit parameter to false, you must manually edit the appropriate configuration files to enable Centrify DirectControl Agent. For example, if you set this parameter to false, you should manually edit the nsswitch.conf and /etc/pam.d/system-auth or /etc/pam.d files to include configuration information for Centrify DirectControl Agent or authentication through Active Directory will fail and you may disable login access entirely.

If you want to manually edit the configuration files, you should first make a backup copy of the existing files. After you make a backup copy of the files, you can use the following examples to manually update the files with the configuration information for Centrify DirectControl Agent.

Note that this setting would not take effect until Centrify DirectControl Agent restarts.

This policy modifies the adclient.autoedit setting in the Centrify DirectControl configuration file.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Adclient
Value Nameadclient.autoedit
Value TypeREG_SZ
Enabled Valuetrue
Disabled Valuefalse

Synchronize home sync items:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Adclient
Value Name{number}
Value TypeREG_DWORD
Default Value

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)