|
Before enabling Active Directory authentication for any account, make sure that this account is not a member of the Protected Users group. Since the Dr.Web Server is a service, an attempt to authenticate an account that is added to the Protected Users group will fail. Please visit Microsoft official website for details. |
To enable Active Directory authentication
1.Select Administration in the main menu of the Control Center.
2.Select Authentication in the control menu.
3.In the opened window, select Microsoft Active Directory section.
4.Set the Use Microsoft Active Directory authentication flag.
5.Click Save.
6.Restart Dr.Web Server to apply changes.
For Active Directory authentication, only enabling of using this authentication method is configured in Control Center.
You must edit Active Directory administrators' settings manually at the Active Directory server.
|
When automatically creating an administrator with the Active Directory authentication enabled, the administrator account is automatically placed to the Newbies group and requires manual placement to the required group. It is possible to automatically place an administrator account from the Newbies group to a required one (based on Active Directory group membership) via a user hook; see Appendices, M1. Administrators. |
To edit Active Directory administrators
|
The following operation must be carried out from a computer with Active Directory Service snap-in. |
1.To enable editing of administrator parameters, do the following:
a)Modify the Active Directory scheme with the drweb-modify-ad-schema-<package_version>-<build>-<OS_version>.exe utility (it is included into Dr.Web Server distribution kit).
Modification of Active Directory scheme may take some time. Depending on the domain configuration, it may take up to 5 minutes and more to synchronize and apply the modified scheme.
|
If the Active Directory scheme has been modified earlier via this utility for the 6 version of Dr.Web Server, it is no need to perform modification repeatedly via the utility from the 13 version of Dr.Web Server. |
b)Register Active Directory Schema snap-in, execute the regsvr32 schmmgmt.dll command with the administrative privileges, then run mmc and add the Active Directory Schema snap-in.
c)Using the Active Directory Schema snap-in, add the auxiliary DrWebEnterpriseUser class and the additional DrWebAdmin attribute to the User and (if necessary) Group classes.
|
If the scheme modification and application process has not finished, the DrWebEnterpriseUser class may be not found. In this case, wait for a few minutes and retry to add the class as described in c) step. |
d)With the administrative privileges run the drweb-aduac-<package_version>-<build>-<OS_version>.msi file (included in the Dr.Web Enterprise Security Suite 13.0 distribution kit) and wait until the installation finishes.
2.Visual editing of attributes is available from the Active Directory Users and Computers control panel → Users section → in the Administrator Properties window for editing settings of selected user → on the Dr.Web Authentication tab.
3.The following parameter is available for editing (yes, no or not set values can be set for the attribute):
User is administrator indicates that the user is full-rights administrator.
|
Algorithms of operating principles and attributes handling during authentication are described in the Appendices document, in the B1. Active Directory Authentication section. |
To work with an Active Directory account, log in to the Dr.Web Server Control Center under credentials of Active Directory user who had the appropriate Dr.Web Authentication attribute set. The user account will appear in the Newbies directory of the Administration → Administrators section.