Integration of Dr.Web Enterprise Security Suite with Active Directory

If the Active Directory service is used in the protected local network, you can configure the integration of Dr.Web Enterprise Security Suite components with this service.

All of the following methods are independent of each other and can be used both individually or in combination.

Integration of Dr.Web Enterprise Security Suite with Active Directory is based on the following methods:

1.Registration of Dr.Web Server in the Active Directory domain to access Dr.Web Server using the SRV protocol

When installing Dr.Web Server, you can use the installer to register Dr.Web Server in the Active Directory domain. During registration, an SRV record corresponding to Dr.Web Server is created on the DNS server. Further, clients can access Dr.Web Server using this SRV record.

2.Synchronization of anti-virus network structure with the Active Directory domain

It is possible to configure automatic synchronization of the anti-virus network structure with stations in the Active Directory domain. In this case, Active Directory containers which contain computers, become groups of anti-virus network to which workstations are assigned.

For this purpose, the Synchronization with Active Directory task is provided in the Dr.Web Server schedule. The administrator must create this task using the Dr.Web Server Task Manager.

Users with Active Directory accounts can authenticate to Dr.Web Server to manage the anti-virus network. To do this, please use one of the following methods:

•LDAP/AD authentication. This method is available for Dr.Web Servers running on all supported OS. The access of users to Dr.Web Server is configured through corresponding Active Directory attributes in the Control Center. Direct access to the domain controller and to the Active Directory snap-in is not required, no additional configuration through Active Directory is required.

•Microsoft Active Directory. This method is available for Dr.Web Servers running on Windows OS included in the target domain. Users and user groups with access to Dr.Web Servers are configured directly in the Active Directory snap-in. Initial configuration using additional utilities is required. The drweb-modify-ad-schema-<package_version>-<build>-<OS_version>.exe and drweb-aduac-<package_version>-<build>-<OS_version>.msi packages are available in the Dr.Web Server repository, in Dr.Web enterprise products.

When choosing a method, you should take into account the Dr.Web Server operating system and the means of configuring authorized users.

4.Remote installation of Dr.Web Agents on stations in the Active Directory domain

Dr.Web Agent can be remotely installed on stations in the Active Directory domain. To do this:

a)As an administrator install a special Dr.Web Agent for Active Directory installer to a shared target directory. The drweb-<package_version>-<build>-esuite-agent-activedirectory.msi package is available in the Dr.Web Server repository, in Dr.Web enterprise products.

b)Configure appropriate Active Directory policies for automatic package installation on domain stations.

Stations in the Active Directory domain can be located using the Network Scanner. It is possible to detect Dr.Web Agent on the located stations, and if it is not present, to install it remotely via the Control Center.

This approach to remote installation of Dr.Web Agent can be used together with the automatic package installation via the Active Directory policies described in section 4.

Users in the Active Directory domain can be located to create their personal profiles and more accurately configure the Office Control and Application Control.