Performing a Single-Server Installation
3
19
no
vd
ocx
(e
n)
17
Sep
te
m
be
r 20
09
3
Performing a Single-Server
Installation
ZENworks
®
Endpoint Security Management Single-Server Installation (SSI) allows both the Policy
Distribution Service and the Management Service to co-exist on the same server, which is not
possible without using this installation option. The server must be deployed inside the firewall for
security purposes, requiring users to receive policy updates only when they are inside the corporate
infrastructure or connected via a VPN.
Deployment of the Single-Server Installation on a Primary Domain Controller (PDC) is not
supported for both security and functionality reasons.
NOTE:
It is recommended that the SSI Server be configured (hardened) so as to deactivate all
applications, services, accounts, and other options not necessary to the intended functionality of the
server. The steps involved in doing so depend upon the specifics of the local environment, and so
cannot be described in advance. Administrators are advised to consult the appropriate section of the
Microsoft Technet security webpage (http://www.microsoft.com/technet/security/default.mspx)
.
Additional access control recommendations are provided in the
ZENworks Endpoint Security
Management Administration Guide
.
To protect access to only trusted machines, the virtual directory and IIS can be set up to have ACLs.
Reference the articles below:
Granting and Denying Access to Computers (http://www.microsoft.com/technet/prodtechnol/
windows2000serv/default.mspx)
Restrict Site Access by IP Address or Domain Name (http://support.microsoft.com/
default.aspx?scid=kb%3BEN-US%3BQ324066)
IIS FAQ: 2000 IP address and domain name restrictions (http://www.iisfaq.com/
default.aspx?View=A136&P=109)
Working With IIS Packet Filtering (http://www.15seconds.com/issue/011227.htm)
For security purposes, it is highly recommended that the following default folders be removed from
any IIS installation:
IISHelp
IISAdmin
Scripts
Printers
We also recommend using the IIS Lockdown Tool 2.1 available at
microsoft.com (http://
www.microsoft.com/technet/security/tools/locktool.mspx)
.
Version 2.1 is driven by supplied templates for the major IIS-dependent Microsoft products. Select
the template that most closely matches the role of this server. If in doubt, the Dynamic Web server
template is recommended.
Summary of Contents for ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5
Page 4: ...4 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 8: ...8 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 12: ...12 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 22: ...22 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 24: ...24 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 44: ...44 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 74: ...74 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...
Page 76: ...76 ZENworks Endpoint Security Management Installation Guide novdocx en 17 September 2009 ...