Integration of Dr.Web Enterprise Security Suite with Active Directory

If the Active Directory service is used in the protected local network, you can configure the integration of Dr.Web Enterprise Security Suite components with this service.

warning

All of the following methods are independent of each other and can be used both individually and in combination.

Integration of Dr.Web Enterprise Security Suite with Active Directory is based on the following methods:

1.Registration of Dr.Web Server on the Active Directory domain to access the Server via the SRV protocol

When installing Dr.Web Server, you can register the Server in the Active Directory domain by the means of the installer. During registration, the SRV record corresponding to Dr.Web Server, is created on DNS server. Further, clients can access Dr.Web Server via this SRV record.

For more details, see the Installation Manual, the Installing Dr.Web Server for Windows OS and Using SRV Protocol sections.

2.Synchronization of anti-virus network structure with the Active Directory domain

It is possible to configure automatic synchronization of anti-virus network structure with stations in the Active Directory domain. At this, Active Directory containers which contains computers, become groups of anti-virus network to which workstations are placed.

For this, the Synchronization with Active Directory task is provided in the Server schedule. Administrator must create this task using the Dr.Web Server Task Manager.

For more details, see the Setting Dr.Web Server Schedule section.

3.Authentication of Active Directory users on Dr.Web Server as administrators

Users with Active Directory accounts are able to authenticate on Dr.Web Server to manage the anti-virus network. For this, one of the following methods must be used:

LDAP/AD authentication. This method is available for Servers under all supported OS. Configuration of the access to the Server for users by corresponding Active Directory attributes is performed via the Control Center. Direct access to domain controller and to snap-in of Active Directory is not required, extra configuration by Active Directory is not performed.

Microsoft Active Directory. This method is available for Servers under Windows OS included into the target domain. Users and user groups having access to the Servers are configured directly in the Active Directory snap-in. Primary configuration using the extra utilities is required. The drweb-<package_version>-<build>-esuite-modify-ad-schema-<OS_version>.exe and drweb-<package_version>-<build>-esuite-aduac-<OS_version>.msi packages are available in the Server repository, in the Dr.Web enterprise products.

When choosing a method, you should consider Dr.Web Server operating system and the means of allowed users configuration.

For more details, see the Authentication of Administrators section.

4.Remote installation of Dr.Web Agents on stations in the Active Directory domain

Dr.Web Agent can be remotely installed on stations in the Active Directory domain. For this:

a)Perform the administrative installation to a destination shared directory using the specific installer of the Agent for Active Directory. The drweb-<package_version>-<build>-esuite-agent-activedirectory.msi package is available in the Server repository, in the Dr.Web enterprise products.

b)Configure corresponding Active Directory policies for automatic installation of a package at domain stations.

For more details, see the Installation Manual, the Installing Dr.Web Agent Software via Active Directory section.

5.Search for stations in the Active Directory domain

The stations within the Active Directory domain can be found using the Network Scanner. At this, it is possible to detect Dr.Web Agent at the found stations and, in its absence, remotely install the Agent via the Control Center.

This approach for remote Agent installation can be used along with the automatic package installation via the Active Directory policies described in the p. 4.

For more details, see the Network Scanner section.

6.Search for users in the Active Directory domain

The users within the Active Directory domain can be found to create their personal profiles and more accurate configure the Office Control and Application Control.

For more details, see the Manual for managing stations under Windows.