Separate Offline Authentication Policy
Customer wants to enable offline authentication on all of their laptops. The offline authentication policy (system domain)is set at the default of 14 and 7 and they want the laptops to have at least 30 days or more. I'm thinking they need a new security domain for the laptops which will have a different offline authentication policy but I can't figure out how to automatically get the laptops into the new security domain.
If the only agents needing offline are laptops (usually the case) and they all want 30 days of offline data, you could just edit the existing policy.
Second, if you have a group or subset of laptops that need 30 days OA data, and you want to keep the default policy at 14 days for whatever reason, you could just create a second OA policy and use it for those laptops. Final approach would be more complex, create new security Domain, put laptops in that security Domain, then create this new OA policy just applying it to that Security Domain. This is more complex approach, so assess whether you really need it.
Thanks Jay. They do want to keep the offline authentication policy at 14 days for all and a separate policy for the laptops.
Is there a way to modify auto registration to use different security domains, one for the laptop OU and one for everything else?
We can create a new security domain from Security Console > Administration > Security Domains > Add New.
During adding the security domain you will be able to set the policies applied to the security domain.
So kindly check and advise us back if there is any assistance needed from our side.