Configuring Automatic Group Membership

Top  Previous  Next

Dr.Web Enterprise Security Suite allows to configure the rules of automatic including stations into user groups.

To specify the rules of automatic including stations into a group

1.Select the Anti-virus Network item in the main menu of the Control Center.

2.In the hierarchical list of anti-virus network, select the user group for which you want to specify the membership rules.

3.Open the membership rules editing section by one of the following ways:

In the group properties pane on the right part of the window, in the Configuration section, click Group membership rules.

In the control menu, in the General section, select the Group membership rules item.

In the control menu, in the General section, select the Properties item, open the Configuration tab and click Group membership rules.

4.In the opened window, specify the conditions under which stations will be included into this group:

a)If the group membership rules have not been specified before, click Add the rule.

b)Set the Set group as primary flag to assign the group for which the ruse is creating, as a primary automatically for all stations that will be moved into this group according this rule.

c)For each block of rules, specify the following settings:

Select one of the options that sets the mode of rules combination inside this block: Matches all conditions, Matches any of conditions, Does not match any of conditions.

In the conditions drop-down lists, select: one of the station parameters that will be checked for compliance with the conditions; the mode of correspondence with this condition and specify the condition string if the station parameter assumes it.

To set the Station platform parameter, you mus select from the list the final full name of the platform, which is placed on the last hierarchical level of the represented tree. All higher levels are given solely for the convenience of platforms list grouping and are not values of the Station platform parameter.

For example: Windows and Windows 7 are not correct values of the parameter. Correct value is Windows 7 Professional Edition.

 

To set the LDAP DN from Active Directory parameter

1.Enable the Synchronization with Active Directory task in the Server schedule (Administrating → Dr.Web Server Task Acheduler).

2.In the membership rules, set the necessary DN as a condition string for the LDAP DN from Active Directory parameter, for example:
OU=OrgUnit,DC=Department,DC=domain,DC=com

To add one more condition in this block of rules, click from the right of condition string.

d)To add a new block of rules, click from the right of the block. At this, specify the mode of integration of this block of conditions with other blocks:

AND—conditions of blocks must be carried simultaneously.

OR—conditions at least one of the blocks must be carried out.

To specify the condition string, you may use regular expressions.

Regular expressions briefly described in the Appendices document, in the Appendix J. Regular Expressions Used in Dr.Web Enterprise Security Suite section.

 

Please note: for the starts with and ends with filter parameters, the condition string is automatically complemented with the following escape characters correspondingly: ^ (string starts with the specified symbols) or $ (string ends with the specified symbols).

For fully usage of regular expressions, it is recommended to select the contains filter parameter.

5.To save and apply the specified rules, click one of the following buttons:

Apply now—save the specified membership rules and apply these rules immediately to all stations registered on this Server. If a lot of stations are registered on the Server, execution of this action may take some time. Rules of stations regrouping are applied to all already registered stations immediately after the action is set and will be applied further to all stations, including the firstly registered on the Server, at the moment of their connection.

Apply on stations connect—save the specified membership rules and apply these rules to stations in the moment of their connection to the Server. Rules of stations regrouping are applied to all already registered stations at the moment of their next connection to the Server and will be applied to all stations firstly registered on the Server at the moment of their first connection.

6.When automatic membership rules are specified for a user group, next to the icon of this group in the hierarchical list, the icon displays, if the Show membership rules icon flag is set in the Settings of tree view list on the toolbar.

If the station was automatically included into the user group according to the membership rules, when removing the station from this groups manually makes no sense, because the station will be automatically returned to this group at the next connection to the Server.

To remove the rules of automatic including stations into a group

1.Select the Anti-virus Network item in the main menu of the Control Center.

2.In the hierarchical list of anti-virus network, select a user group for which you want to remove the membership rules.

3.Perform one of the following actions:

On the toolbar, click Remove membership rules.

In the group properties pane on the right part of the window, in the Configuration section, click Remove membership rules.

In the control menu, in the General section, select the Properties item, open the Configuration tab and click Remove membership rules.

4.After group membership rules are removed, all stations that have been included into this group automatically will be removed from this group. If for any of automatically included stations, this group was set by administrator as primary, after removing stations from the group, the Everyone group will be set as primary for these stations.