Integration of Dr.Web Enterprise Security Suite with Active Directory |
If the Active Directory service is used in the protected local network, you can configure the integration of Dr.Web Enterprise Security Suite components with this service.
Integration of Dr.Web Enterprise Security Suite with Active Directory is based on the following methods: 1.Registration of Dr.Web Server in the Active Directory domain to access Dr.Web Server using the SRV protocol When installing Dr.Web Server, you can use the installer to register Dr.Web Server in the Active Directory domain. During registration, an SRV record corresponding to Dr.Web Server is created on the DNS server. Further, clients can access Dr.Web Server using this SRV record. For more details, see the , sections Installing Dr.Web Server for Windows OS and SRV Protocol. 2.Synchronization of anti-virus network structure with the Active Directory domain It is possible to configure automatic synchronization of the anti-virus network structure with stations in the Active Directory domain. In this case, Active Directory containers which contain computers, become groups of anti-virus network to which workstations are assigned. For this purpose, the task is provided in the Dr.Web Server schedule. The administrator must create this task using the Dr.Web Server Task Manager. For more details, see the Setting Dr.Web Server Schedule. 3.Authentication of Active Directory users on Dr.Web Server as administrators Users with Active Directory accounts can authenticate to Dr.Web Server to manage the anti-virus network. To do this, please use one of the following methods: •LDAP/AD authentication. This method is available for Dr.Web Servers running on all supported OS. The access of users to Dr.Web Server is configured through corresponding Active Directory attributes in the Control Center. Direct access to the domain controller and to the Active Directory snap-in is not required, no additional configuration through Active Directory is required. •Microsoft Active Directory. This method is available for Dr.Web Servers running on Windows OS included in the target domain. Users and user groups with access to Dr.Web Servers are configured directly in the Active Directory snap-in. Initial configuration using additional utilities is required. The drweb-modify-ad-schema-<package_version>-<build>-<OS_version>.exe and drweb-aduac-<package_version>-<build>-<OS_version>.msi packages are available in the Dr.Web Server repository, in . When choosing a method, you should take into account the Dr.Web Server operating system and the means of configuring authorized users. For more details, see the Authentication of Administrators. 4.Remote installation of Dr.Web Agents on stations in the Active Directory domain Dr.Web Agent can be remotely installed on stations in the Active Directory domain. To do this: a)As an administrator install a special Dr.Web Agent for Active Directory installer to a shared target directory. The drweb-<package_version>-<build>-esuite-agent-activedirectory.msi package is available in the Dr.Web Server repository, in . b)Configure appropriate Active Directory policies for automatic package installation on domain stations. For more details, see the , section Installing Dr.Web Agent Software via Active Directory. 5.Locating stations in the Active Directory domain Stations in the Active Directory domain can be located using the Network Scanner. It is possible to detect Dr.Web Agent on the located stations, and if it is not present, to install it remotely via the Control Center. This approach to remote installation of Dr.Web Agent can be used together with the automatic package installation via the Active Directory policies described in section 4. For more details, see the Network Scanner. 6.Locating users in the Active Directory domain Users in the Active Directory domain can be located to create their personal profiles and more accurately configure the Office Control and Application Control. For more details, refer to . |