KAPERSKY ADMINISTRATION KIT 6.0, Deployment Manual

Page 1: ...KASPERSKY LAB Kaspersky Administration Kit 6 0 DeploymentGuide...

Page 2: ...K A S P E R S K Y A D M I N I S T R A T I O N K I T 6 0 Deployment Guide Kaspersky Lab Ltd Visit our website http www kaspersky com Revision date February 2007...

Page 3: ...Administration Kit distribution package 16 3 2 Installing the Administration Server and Administration Console on Local Host 18 3 3 Removing Kaspersky Administration Kit components 34 3 4 Updating the...

Page 4: ...Deployment wizard 72 4 3 Local software installation 76 4 3 1 Local installation of the Network Agent 77 4 3 2 Local installation of the application administration plugin 82 4 3 3 Installing applicat...

Page 5: ...f Kaspersky Lab s applications to a selected computer and then deploy these applications on the network computers Ensure remote centralized management of Kaspersky Lab applications This feature enable...

Page 6: ...n sending system This fea ture allows the administrator to create a list of events in the operation of the applications about which he or she will receive notifications The list of such event may for...

Page 7: ...ve MSDE 2000 SP 3 or MS SQL Server 2000 SP 31 or higher or MySQL version 5 0 22 default code page UTF 8 or MS SQL 2 5 or higher or MS SQL 2005 Express or higher Microsoft Windows 2000 SP 1 or higher M...

Page 8: ...z or faster At least 64 MB RAM 10 MB of available hard drive space Network Agent Software requirements For Windows systems Microsoft Windows 98 Microsoft Windows ME Microsoft Win dows 2000 SP 1 or hig...

Page 9: ...nse New versions of the anti virus software application Consultations on matters related to the installation configuration and op eration of the anti virus application by phone or based on requests se...

Page 10: ...isinfection of infected files 1 6 Conventions Various formatting features and icons are used throughout this document depending on the purpose and the meaning of the text The table below lists the con...

Page 11: ...administrator and allowing to install the anti virus soft ware on any number of client computers You can locally install applications on every networked computer In this case all required components...

Page 12: ...mputers Note that all computers on which Kaspersky Lab applications are installed will act as client computers 3 Which criteria will be used to organize client computers in groups What will be the gro...

Page 13: ...you use the remote installation option the Network agent may be installed together with any application in this case no separate installation of the Network agent is required During the final step you...

Page 14: ...n Kit distribution package The MSDE installation procedure from the Kaspersky Administration Kit is discussed in detailed below see section 3 1 on page 16 For installation of Kaspersky Administration...

Page 15: ...es 2 14000 TCP Used to receive data from clients to connect to update agents to connect to slave Administration Servers 18000 HTTP Used by Administration Server to download data from a Cisco NAC authe...

Page 16: ...locally To install MSDE 1 Run the executable file in the MSDE2KSP3 directory on the Kaspersky Administration Kit 5 0 installation CD The installation wizard will then suggest that you configure settin...

Page 17: ...specify the name that will be assigned to this server By default the name is not created and to address the server the name of the computer on which the server is installed will be used If you wish to...

Page 18: ...package and copy them to the hard drive of your computer offer you to accept the license agreement and provide information about the user and the company 3 Then define the folder to be used to instal...

Page 19: ...of the Network Agent If this component is already installed on your computer remove it and reinstall the Administration Server Pay attention to the information displayed in the wizard window in the D...

Page 20: ...er whose account will be used If a Windows domains structure has been created within the corporate network we recommend selecting the domain administrator s account in order to start the Administratio...

Page 21: ...manually out of names registered within the current domain After this enter the password used to register the user in the domain Figure 4 Selecting user If you selected a user who does not have the d...

Page 22: ...Message about rights granted to the user 7 During the next stage you will be offered to define resourse Microsoft SQL server MSDE or MySQL see Figure 6 that will be used to store the Administration Se...

Page 23: ...rowse button If the Administration Server will be started under the local administrator s account or under the system account the Browse button will not be available Figure 7 Selecting SQL server If d...

Page 24: ...you have installed the SQL server If you install Kaspersky Administration Kit onto a remote computer it is not required to interrupt the Kaspersky Administration Kit installation wizard Install the S...

Page 25: ...verify the rights Fill in the Account Password and Confirm password fields If Administration Server Database is on another computer you need to choose SQL server authentication mode when installing or...

Page 26: ...e the shared folder that will be used to store files required for remote installation of applications files will be copied to the Administration Servers when installation packages are created to store...

Page 27: ...installation is performed or remotely on any of the computers included into the corporate network A shared folder can be specified both using the Browse button and manually by entering a UNC path for...

Page 28: ...Hacker This will open UDP port 137 in Kaspersky Antivirus 6 0 Anti Hacker installed on the host This port is used to obtain Administration Server IP address Figure 12 Administration Server Address 12...

Page 29: ...be used for authentication of the Administration Server being installed Two options are provided Create new certificate select this option if you are installing a new Administration Server Save a bac...

Page 30: ...r for saving the backup copy of the certificate file password that will be use for encryption when creating a new certificate and its decryption during its restoration from a backup copy password conf...

Page 31: ...during the previous stage you select the option of restoring the Server s certificate from a backup copy specify the following in the corresponding window see Figure 16 folder in which the backup copy...

Page 32: ...e Console The Administration Server and Agent will be installed on a host computer as services with attributes listed in Table 2 The table also lists properties of the Kaspersky Lab Posture Validation...

Page 33: ...as the standard Network Agent It will operate based on the policy of the group into which the Administration Server s computer is included as a client computer all tasks provided for the Network Agent...

Page 34: ...be recovered out of a backup generated by an earlier version of the application To accomplish this we recommend that you follow a procedure described below Data restoration during the upgrade to a la...

Page 35: ...nt Run the task manually or according to the schedule After this task is successfully completed the newer version of the Network Agent will be upgraded If you encounter any problems during the install...

Page 36: ...of the Network Agent can be used It is included into the Administration Server structure and is installed and removed together with the Administration Server see section 3 2 on page 18 You do not have...

Page 37: ...te 1 Kaspersky Security 5 5 for Microsoft Exchange Server 2003 Planned Update 1 For detailed information on managing the above applications using Kaspersky Administration Kit see relevant application...

Page 38: ...ttings of the application You can abort the installation process by manually interrupting execution of the task All installation packages created for the Administration Server will be located on the c...

Page 39: ...the drop down list Using the Browse button select file that contains description of the application file has extension kpd and is bundled with all Kaspersky Lab applications for which remote administ...

Page 40: ...n file is located specify the settings used to run the executable file in the entry line provided if such settings are required to install the application for example running in non interactive mode u...

Page 41: ...and a check whether the administration plugin for the selected application is installed on the administrator s workstation will be performed If such plugin is not installed or its version is older th...

Page 42: ...0 that consists of tabs General Settings Licenses and OS reboot The General tab see Figure 20 includes general information about the package package name name and version of the application for which...

Page 43: ...Installation and Removal of Software on the Computers 43 Figure 20 Installation package properties review window The General tab...

Page 44: ...e Settings tab The License tab see Figure 22 contains general information about the license for the application for which installation the package is created The License tab is not available in the pr...

Page 45: ...t the operating system If required restart the operating system automatically this will reboot the operating system only as needed Prompt user for action if this option is selected you can o create an...

Page 46: ...locked computer needs to be rebooted check Close Running Applications Automatically By default this option is unchecked Figure 23 Installation package properties review window The Operating System res...

Page 47: ...If this port is busy you can change it Number of port used for secure connection to the Administration Server using SSL protocol By default port 13000 is used Only decimal representation is allowed Ce...

Page 48: ...work group into which computers will be added after the Network Agent has been installed on them You can select of the following options add computers to folders Corresponding to the computer position...

Page 49: ...the computer as a service with the following set of attributes service name KLNagent displayed name Kaspersky Network Agent automatic start at the operating system startup with the Local system accoun...

Page 50: ...on the slave Administration Servers In order to create the task for distribution of the installation package on the slave Administration Servers 1 Connect to the Administration Server you need 2 Selec...

Page 51: ...g a set of installation packages Specify the required value in the The maximum number of simultaneous downloads 5 In the next wizard window see Figure 26 check boxes next to the names of the slave Adm...

Page 52: ...ates from the Administration Server and save them in the Kaspersky Lab s application installation folder The location of the folder that contains the updates and the installation packages cannot be ch...

Page 53: ...dow that will open on the Updating Agents tab see Figure 27 create the list of computers that will act as the updating agents within the group using the Add and the Remove buttons Figure 27 The group...

Page 54: ...e two methods forced installation or installation using the startup scenario Forced installation allows performing the remote installation of software on the specific client computers within the logic...

Page 55: ...troller database As the results of the user registration with the domain an attempt will be made to install the application on the client computer from which the user has registered This method is rec...

Page 56: ...f this task see Figure 30 Select the required package from the packages created for the particular Administration Server or create a new package using the New button Some applications that support adm...

Page 57: ...and Removal of Software on the Computers 57 Figure 30 Selecting the installation package for installation 6 During this stage select the Push install option see Figure 31 Figure 31 Selecting installa...

Page 58: ...the client computers In order to do it perform the following in the Downloading the installation package group of fields o Check the Using Microsoft Windows resources from public access folder box if...

Page 59: ...l the Network Agent together with the application We recommend that you use the joint installation in order to reduce load on the Administration Server In order to do it check the Install along with A...

Page 60: ...e task will be created see Figure 34 Based on data obtained in a Windows network poll In this case computers for installation will be selected based on the data received by the Administration Server b...

Page 61: ...the Windows network polling the list will be created in the wizard window see Figure 35 and will be performed in the same way as when adding computers to the logical network details see Reference Book...

Page 62: ...u select computers manually then the list is created by entering NETBIOS or DNS names IP addresses or a range of IP addresses of the computers or by importing the list from a txt file in which each ad...

Page 63: ...ne of the following options Default account if the Administration Server is run under the domain user s account see section 3 2 on page 18 and this account has rights required to install the software...

Page 64: ...aunch drop down list o Manually o Every N hour s o Daily o Weekly o Monthly o Once in this case the deployment task will only run once on the computer irrespective of the result of its execution o Now...

Page 65: ...n the shortcut menu and select the New Task command or use the analogous item in the Action menu This will start the task creation wizard Follow its instructions 3 Specify the task name 4 When selecti...

Page 66: ...create a schedule the same way as it is created if the forced installation method is used see above After the wizard is complete the deployment task you created will be added to the Global tasks node...

Page 67: ...configured the same way as any task details see Reference Book for Kaspersky Administration Kit Provided below is a detailed discussion of settings specific for this type of tasks provided on the Sett...

Page 68: ...ask Push installation method When configuring a deployment task using a startup scenario you can us the Settings tab to change the list of accounts of users for who the startup scenario will be modifi...

Page 69: ...ke sure that an installation package is on all the servers Use Package retranslation task to send the package to server see section 4 1 5 To create application deployment to slave servers task 1 Conne...

Page 70: ...hat will be installed during the execution of this task 6 Check the Do not install application if it is already installed box in or der to prevent repeated installation by default the box is checked 7...

Page 71: ...page 54 select Remote application removal as the task type and select the required Kaspersky Lab s application from the Application to be removed drop down list in the Application window see Figure 44...

Page 72: ...reation of an installation package to install the application if such pack age has not been installed earlier The package is stored in the Remote installation node under the name that matches the name...

Page 73: ...at will open see Figure 45 specify the installation package that will be installed If you are installing the application from a distribution package and or if the installation package has not been cre...

Page 74: ...computers in the administration group as the result of the wizard s work a group task will be created Figure 46 Selecting a task type 6 Then if you are creating a group task specify a group on whose c...

Page 75: ...oval of Software on the Computers 75 Figure 47 Selecting a group 7 Then determine under which account the deployment task will be run on the computers details see section 0 on page 54 Figure 48 Select...

Page 76: ...nt task execution 4 3 Local software installation The local software installation is performed individually on each computer In order to perform local installation you must have the administrator s ri...

Page 77: ...irst steps of the installation process are the usual procedure and involve unpacking required files from the distribution package and copying them on the hard drive of your computer accepting the lice...

Page 78: ...sing a secured port using SSL protocol check the Use SSL to connect to server box Figure 50 Configuring settings used to connect to the Administration Server 5 If the Network Agent connects to the Ser...

Page 79: ...one of the following options see Figure 52 Default group name the computer will be added to the folder that corresponds to its position in the Windows network domain or the workgroup this is the defa...

Page 80: ...ved when the Network Agent connects to it for the first time this is the default options Select certificate file authentication at the Administration Server will be performed based on the certificate...

Page 81: ...54 you will be offered to run the Network Agent immediately after the wizard is complete If you would like to run it later uncheck the Launch Network Agent box checked by default If you are planning...

Page 82: ...together with an Administration Agent The plugin is invoked if the Cisco Trust Agent application is installed 4 3 2 Local installation of the application administration plugin In order to install the...

Page 83: ...e methods below Copy the entire folder corresponding to the desired installation package from the Administration Server to the client Open the copied folder on the client and start the executable file...

Page 84: ...Once the installation is complete the selected version of Kaspersky Administration Kit will have been installed on the host computer and an answer file will have been generated and placed in the spec...

Page 85: ...eir detection and disinfection Anti virus applications use the database to successfully detect and disinfect viruses The anti virus database available on the Kaspersky Lab websites is regularly update...

Page 86: ...he expiration of the current key or manually Backup storage A folder that contains the backup copies of Administration Server data created by the backup utility C Console management plug in A special...

Page 87: ...thod of remote installation of Kaspersky Lab s applications that allows to perform remote installation on specific client computers of the logical network In order to ensure successful execution of a...

Page 88: ...ion on the client computer from which the user has registered This method is recommended for installation of Kaspersky Lab s applications onto computers running Microsoft Windows 98 Me K Kaspersky Lab...

Page 89: ...cations included in Kaspersky Lab Business Optimal and Corporate Suite Separate versions of Administration Agent exist for Kaspersky Lab Novell and UNIX applications O OLE object An object linked or e...

Page 90: ...ackup storage The utility allows you to restore Administration Server database that stores policies tasks application settings and events logged on the Administration Server Information about the logi...

Page 91: ...aspersky Lab s application not supporting administration via Kaspersky Administration Kit U Unknown virus A new virus that is not recorded in the anti virus database As a rule Kaspersky Anti Virus det...

Page 92: ...protection from current and future threats Resistance to future attacks is the basic policy implemented in all Kaspersky Lab s products At all times the company s products remain at least one step ah...

Page 93: ...Kaspersky Lab Ltd Kaspersky OnLine Scanner This program is a free service provided to the visitors of Kaspersky Lab s corporate website The service delivers an efficient online anti virus scan of you...

Page 94: ...tem The program allows users to create a list of applications which it will control on a per component basis It helps protect application integrity against the influence of mali cious software Monitor...

Page 95: ...ges to the file system and registry and restores the system after ma licious influence Protection against Internet fraud is ensured by recognition of phishing attacks thereby preventing confidential d...

Page 96: ...omatically scanned as well as files when attempts are made to access them Protection from text message spam Kaspersky Anti Virus for File Servers This software package provides reliable protection for...

Page 97: ...y is a software package withal new approach to security for today s corporate networks of any size providing centralized protection information systems and support for remote offices and mobile users...

Page 98: ...anagement Intel vPro Kaspersky Business Space Security provides optimal protection of your company s information resources from today s Internet threats Kaspersky Business Space Security protects work...

Page 99: ...ers Scanning of all e mails on Microsoft Exchange Server including shared folders Processing of e mails databases and other objects for Lotus Domino servers Protection from phishing attacks and junk m...

Page 100: ...ams whose signatures are not yet added to the database Protection of mail servers and linked servers Scans Internet traffic HTTP FTP entering the local area network in real time scalability of the sof...

Page 101: ...a dedicated e mail gateway The solution includes Kaspersky Administration Kit Kaspersky Mail Gateway Kaspersky Anti Virus for Lotus Notes Domino Kaspersky Anti Virus for Microsoft Exchange Kaspersky A...

Page 102: ...list object types and user groups Quarantines suspicious objects Easy to use administration system Reporting system for program operation Support for hardware proxy servers Scalability of the software...

Page 103: ...per for Exchange Clearswift MIMEsweeper for Web The program is a plug in and scans for viruses and processes inbound and outbound e mail traffic in real time B 2 Contact Us If you have any questions c...

Page 104: ...VIDUAL OR A SINGLE ENTITY ARE CONSENTING TO BE BOUND BY THIS AGREEMENT IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT BREAK THE CD s SLEEVE DOWNLOAD INSTALL OR USE THIS SOFTWARE IN A...

Page 105: ...from unauthorized copying or use 1 1 2 The Software protects computer against viruses whose signatures are contained in the threat signatures database which is available on Kaspersky Lab s update ser...

Page 106: ...charge and b Kaspersky Lab s technical support service is also entitled to demand from the End User additional registration for identifier awarding for Support Services rendering c Until Software act...

Page 107: ...ty measures to protect such confidential information but without limitation to the foregoing shall use best endeavors to maintain the security of the activation code 5 Limited Warranty i Kaspersky Lab...

Page 108: ...erwise all of which are hereby excluded including without limitation the implied conditions warranties or other terms as to satisfactory quality fitness for purpose or as to the use of reasonable skil...

Page 109: ...rtakings and promises between you and Kaspersky Lab whether oral or in writing which have been given or may be implied from anything written or said in negotiations between us or our representatives p...