Manual - GFI Italia

GFI EndPointSecurity 3
Manual
By GFI Software Ltd.
GFI SOFTWARE Ltd.
http://www.gfi.com
E-mail: info@gfi.com
Information in this document is subject to change without notice.
Companies, names, and data used in examples herein are fictitious
unless otherwise noted. No part of this document may be reproduced
or transmitted in any form or by any means, electronic or mechanical,
for any purpose, without the express written permission of GFI
SOFTWARE Ltd.
LANguard is copyright of GFI SOFTWARE Ltd. 2000-2006 GFI
SOFTWARE Ltd. All rights reserved.
Version 3.0 – Last updated May 23, 2007
Contents
Introduction
3
About portable media device threats ............................................................................. 3
About GFI EndPointSecurity .......................................................................................... 3
Supported device classes .............................................................................................. 4
Key features ...................................................................................................................5
How does GFI EndPointSecurity work?......................................................................... 7
Components of GFI EndPointSecurity ........................................................................... 8
License scheme ........................................................................................................... 10
Installation
11
Introduction .................................................................................................................. 11
System requirements ................................................................................................... 11
Upgrading from GFI LANguard Portable Storage Control ........................................... 11
Installation procedure................................................................................................... 12
Entering your license key after installation .................................................................. 14
Getting started: Deploying a default protection policy
15
Introduction .................................................................................................................. 15
Launching the GFI EndPointSecurity user console ..................................................... 17
Quick Start Wizard ....................................................................................................... 17
Adding computers to a protection policy...................................................................... 19
Enumerating domain computers .................................................................................. 20
Deploying the default protection policy on your target computers............................... 22
Verifying that protection policies have been successfully deployed ............................ 23
Example: Deploying the ‘Workstations’ protection policy on your local
host .............................................................................................................................. 24
Customizing the default protection policy
27
Introduction .................................................................................................................. 27
Configuring which portable devices will be monitored ................................................. 27
Managing users and privileges .................................................................................... 28
Which is the best way to configure device access privileges? .................................... 29
Managing user privileges via Active Directory ............................................................. 30
Managing user privileges via local users & groups...................................................... 30
Managing user privileges via GFI EndPointSecurity user console .............................. 30
Configuring log-on credentials ..................................................................................... 34
Configuring event logging parameters ......................................................................... 35
Viewing security event logs from the Windows event viewer ...................................... 37
Enabling or disabling pending deployments ................................................................ 38
Creating custom protection policies ............................................................................. 39
Removing computers from a protection policy............................................................. 39
Moving computers to another protection policy ........................................................... 39
Deleting protection policies .......................................................................................... 40
Example 1: Assigning users and privileges from the GFI
EndPointSecurity user console .................................................................................... 40
Example 2: Assigning user privileges via Active Directory .......................................... 43
Configuring default options
GFI EndPointSecurity
47
Contents • i
Introduction .................................................................................................................. 47
Configuring protection policy defaults .......................................................................... 48
Reboot and deployment options .................................................................................. 48
Target Computers Reboot .............................................................................. 48
Deployment options ........................................................................................ 49
Configuring database backend options........................................................................ 50
General options
51
Introduction .................................................................................................................. 51
Export configurations ................................................................................................... 51
Import configurations.................................................................................................... 52
Version Information ...................................................................................................... 53
Check for newer builds ................................................................................... 54
Licensing ......................................................................................................................55
Miscellaneous
57
Introduction .................................................................................................................. 57
Managing users via Active Directory management Console ....................................... 58
Managing users via local users management console ................................................ 61
Viewing security event logs from the Windows event viewer ...................................... 63
Troubleshooting
64
Introduction .................................................................................................................. 64
Knowledge Base .......................................................................................................... 64
Request technical support via email ............................................................................ 64
Request technical support via web chat ...................................................................... 65
Request technical support via phone........................................................................... 65
Web Forum .................................................................................................................. 65
Build notifications ......................................................................................................... 65
Index
Contents • ii
67
GFI EndPointSecurity
Introduction
About portable media device threats
The key advantage of removable media devices (or portable devices)
is easy access. In theory, this may be of great advantage for
organizations. However, it is a well-reported fact that access and
security are at opposite ends of the security continuum.
Developments in removable media technology are escalating. The
newer versions of portable devices, such as flash memory, have been
increasing in capacity and performance making them:
•
Easy and fast to install.
•
Capable of storing huge amounts of data.
•
Physically small enough to carry in a pocket.
As a result, internal users may deliberately or accidentally:
•
Remove sensitive data or expose confidential information.
•
Introduce malicious code (e.g. viruses, Trojans) which can bring
the entire corporate network down.
•
Transfer inappropriate or offensive material on to corporate
hardware.
•
Make personal copies of company information and intellectual
property.
•
Connect portable devices to corporate hardware and as a
consequence get distracted during work hours.
In an attempt to control these threats organizations have started to
prohibit the use of (personally-owned) portable devices at work.
However, best practice dictates that you must never rely on voluntary
compliance! The best way to ensure complete control over portable
devices is by putting technological barriers.
About GFI EndPointSecurity
GFI EndPointSecurity is the security solution that helps you maintain
data integrity by preventing unauthorized transfer of content to and
from the following portable media devices:
•
USB Ports (e.g. Flash and Memory Card Readers, Pen Drives)
•
FireWire Ports (e.g. digital cameras, FireWire card readers)
•
Wireless data connections (e.g. Bluetooth dongles, Infrared)
•
Floppy disk drives (internal and external)
•
Optical drives such as CD, DVD and MO (magneto optical) drives
(internal and external)
GFI EndPointSecurity
Introduction • 3
•
Removable USB hard-disk drives
•
Other drives such as Zip Drives and tape drives (internal and
external).
Through its technology, GFI EndPointSecurity enables you to allow or
deny access to a device as well as to assign (where applicable) ‘full’
or ‘read only’ privileges:
•
Over every supported device (e.g. CD/DVD drives, PDAs).
•
To any local or Active Directory user/user group.
With GFI EndPointSecurity you can also record the activity of all
portable devices being used on your target computers (including the
date/time of usage and by whom the devices were used).
NOTE: GFI EndPointSecurity 3 is a complete re-development of GFI’s
removable storage control product – GFI LANguard Portable Storage
Control 2.
Supported device classes
In GFI EndPointSecurity portable device classes are organized into
the following categories:
Floppy disk
CD/DVD ROM
ƒ
CD R/W ROM
ƒ
DVD R/W ROM
Storage Devices
ƒ
USB Pen drives
ƒ
Digital Media Players (e.g. MP3, iPod, Creative Zen)
ƒ
Flash and Memory Card Readers
ƒ
Multi-drive USB devices – devices that don’t mount as a single
drive (spoofing)
ƒ
Other portable storage devices
Printers
PDAs
ƒ
Pocket PCs (Windows/Palm OS) (e.g. HP iPAQ, Sony CLIÉ)
ƒ
BlackBerry Devices
ƒ
Smart phones (Windows/Palm OS) (e.g. Motorola i930, Palm
Treo)
Network Adapters
ƒ
WiFi
ƒ
Bluetooth dongles/connections
ƒ
Infrared dongles/connections
Modems
ƒ
Smart phones (Windows/Palm OS) (Motorola i930, Palm Treo)
ƒ
Mobile phones
Imaging Devices
ƒ
4 • Introduction
Digital Cameras
GFI EndPointSecurity
ƒ
Webcams
ƒ
Scanners
Other Devices
ƒ
Bluetooth dongles/ports
ƒ
Infrared dongles/ports
ƒ
MO (magneto optical) drives (internal and external)
ƒ
Zip drives
ƒ
Tape drives
Key features
Group-based protection control
In GFI EndPointSecurity you can configure and place computers into
groups which are governed by one protection policy. This allows you
to configure a single protection policy and apply it to all the computers
that are a member of that group.
To set a protection policy for a group of computers you need to
specify:
•
Which computers are to be assigned that protection level
•
Devices that will be controlled
•
Users that will be allowed access/read/write privileges over
portable devices.
Hence, through protection policies you can deploy different protection
settings to different groups of computers. For example, developers
may be allowed only CD/DVD access while managers only require
access to their PDA.
This group-based protection approach helps you organize your
protection policies and maintenance is made effortless. For example,
if the configured policy is not effective on a particular group of
computers you just need to change the settings for that particular
group and the changes will automatically be deployed on the
respective computers!
Granular access control
GFI EndPointSecurity enables you to allow or deny access to a device
as well as to assign (where applicable) ‘full’ or ‘read only’ privileges
over every supported device (e.g.PDAs) on a user by user basis.
Support for various types of portable devices
You can control and block access to portable USB and wireless
devices such as card readers, mobile phones and PDAs. In this way
you can set up hardware level protection on your network computers
and block unauthorized access even to devices which connect
through proprietary drivers.
GFI EndPointSecurity groups supported device classes into specific
categories to which you can allow or deny user access (e.g. CD/DVD
drives) and where applicable assign read and/or write privileges. For a
GFI EndPointSecurity
Introduction • 5
complete list of categories and supported device classes refer to the
‘Supported device classes’ section in this chapter.
Logging of device related user activity to SQL Server
By default, GFI EndPointSecurity registers all attempts made to
access portable media devices into an SQL Server/MSDE based
database backend.
Automated monitoring of the deployment status
After making configuration changes to your protection policy, GFI
EndPointSecurity will automatically prompt you to deploy these
changes on your computers. In this way you will know when
deployment is required and therefore you can rest assured that the
protection policy on your network computers is always kept up to date.
Enhanced protection agent security
To avoid end users from tampering with the protection agent
functionality, only users that are members of an authorized
domain/user group will be able to stop the device control service. This
means that even a local user with administrative privileges cannot
stop the agent/control service. Consequently you can rest assured
that your portable device control system is not tampered with. Further
more, all attempts to shutdown the portable storage control service will
be recorded.
Unicode compliant portable storage control
GFI EndPointSecurity can run on operating systems which are running
on non-English languages, including Chinese.
Logging to event log
GFI EndPointSecurity can be configured to register both successful
and failed attempts made to access portable devices into the Windows
event logs. These events are grouped into a dedicated log file and can
then be accessed through the Windows Event Viewer.
6 • Introduction
GFI EndPointSecurity
How does GFI EndPointSecurity work?
Figure 1 - Configuration of different protection policies applied to your network computers
Protection policies
In GFI EndPointSecurity, device access (protection) policies are
organized into security enabled groups called ‘Protection Policies’. A
protection policy is a collection of rules that determine which users can
access specific portable devices on a computer by computer basis.
Configuration of protection policies is carried out through the GFI
EndPointSecurity user console (GFI EndPointSecurity ` Protection
Policies). Through this console you can create your own portable
storage control policies as well as configure or customize the default
policies which ship with GFI EndPointSecurity.
During configuration of a protection policy, you must specify the
following parameters:
•
The list of all portable device classes that will be controlled by the
protection policy.
•
The list of users that will be allowed access to every device class
and the respective Read/Write privileges.
GFI EndPointSecurity
Introduction • 7
Once configured, protection policies must be remotely deployed on
the respective target computers. This operation is automatically
handled by GFI EndPointSecurity.
Overview of the monitoring process (client side)
Figure 2 - Portable Storage Control process
To monitor and control access to portable media devices, GFI
EndPointSecurity remotely installs a small footprint agent on every
target computer. When an attempt to connect to a portable device is
detected, the agent will reference the protection policy and:
1. Identify if the requested device is currently being monitored.
2. Verify if the user has the right privileges to perform the requested
operation (e.g. write to device).
NOTE: When user privileges are assigned on group basis, the agent
will query (in real-time) the Active Directory (AD)/Local Users and
Groups and verify if the user is a member of the privileged group(s).
3. Block user access to the device accordingly.
4. (Optionally) Record the event in the GFI EndPointSecurity database
backend and/or Windows Security Event log.
NOTE: Logging of device activity is only performed on devices
controlled by GFI EndPointSecurity.
Logged details include: the user name, the device class, the date and
time when the user attempted access and whether the connection to
the device was allowed or blocked.
NOTE: The security level of every protection policy is configurable
only via the GFI EndPointSecurity user console.
Components of GFI EndPointSecurity
When you install GFI EndPointSecurity, the following components are
set up:
•
8 • Introduction
GFI EndPointSecurity protection agent
GFI EndPointSecurity
•
GFI EndPointSecurity configuration
GFI EndPointSecurity agent
The GFI EndPointSecurity protection agent is a client-side service
responsible for the implementation/enforcement of the protection
policies on the target computer(s). This service is automatically
installed on remote network targets during the very first deployment of
a protection policy. After successive deployments (i.e. after changes
have been made to the initial protection policy) the agent will not be
re-installed but just updated.
NOTE: The configuration will keep track of which computers have a
protection agent deployed/not and whether any updates need to be
deployed when you update your configuration.
GFI EndPointSecurity user console
The GFI EndPointSecurity user console is the application through
which you can:
•
Create and configure the protection policy of every device
group/class supported by the product.
•
Remotely deploy protection policies on to your target computers
(i.e. deploy and/or update GFI EndPointSecurity agents).
•
View the device protection status of every computer that is being
monitored.
•
Check logs and analyze what portable media devices have been
connected to every network computer.
Screenshot 1 - The GFI EndPointSecurity user console
Navigation Pane – Use this pane to navigate through the
configuration options provided in GFI EndPointSecurity.
Protection Status – Use this node to view the protection/policy
deployment status of your target computers.
Protection Policies – Use this node to access the list of
portable storage control policies currently configured in GFI
GFI EndPointSecurity
Introduction • 9
EndPointSecurity.
Options – Use this node to access and configure the default
settings of GFI EndPointSecurity.
Version Information – Use this node to view the installed
version and build details of your GFI EndPointSecurity as well
as to check the GFI web site for newer builds.
Licensing – Use this node to view your licensing details and/or
to enter your license key after product installation.
Audit Trail Pane – Use this pane to view all actions performed
through the GFI EndPointSecurity user console.
Apply Button – Use this button to deploy protection policy
updates on to target computers.
Viewer Pane – Use this pane to view:
•
The list of target computers which are pending (protection
policy) deployment.
•
The protection status of your target computers.
License scheme
GFI EndPointSecurity licensing is based on the number of
workstations/servers that will be managing access to portable devices.
For example, to control access to portable devices on 25 computers,
you must purchase a 25 computers license.
NOTE 1: By default, GFI EndPointSecurity has an unrestricted fully
functional evaluation period of 10 days. If the data you provided in the
download form is correct, you will receive by email a license key which
enables you to evaluate GFI EndPointSecurity for a total of 30 days.
NOTE 2: To find out how to buy GFI EndPointSecurity, follow the
General ` How to purchase node.
10 • Introduction
GFI EndPointSecurity
Installation
Introduction
In this chapter you will learn:
•
What the system requirements for installing GFI EndPointSecurity
are.
•
How to upgrade from GFI LANguard Portable Storage Control to
GFI EndPointSecurity.
•
How to install GFI EndPointSecurity.
System requirements
The following are the system requirements for GFI EndPointSecurity:
GFI EndPointSecurity installation
The computer where GFI EndPointSecurity will be installed must be
running on:
•
Windows 2000/2003 or Windows XP Pro.
NOTE: GFI EndPointSecurity does not require administrative
privileges for configuration purposes.
GFI EndPointSecurity protection agent installation
All computers on which the GFI EndPointSecurity protection agent will
be installed must be running on:
•
Windows 2000/2003 or Windows XP Pro.
NOTE: To install, uninstall, and update agents/protection policies, GFI
EndPointSecurity must have running under an account which has
administrative privileges over all computers that are being protected.
Incompatibilities
The following are known incompatibilities of GFI EndPointSecurity
agent:
•
Does NOT install on a 64-bit operating system.
Upgrading from GFI LANguard Portable Storage Control
It is possible to upgrade GFI LANguard Portable Storage Control 2 to
GFI EndPointSecurity 3. If your computer is currently protected by a
GFI LANguard Portable Storage Control agent:
1. Open GFI LANguard Portable Storage Control configuration
console.
GFI EndPointSecurity
Installation • 11
2. Delete the agent from the computer where GFI EndPointSecurity
will be installed.
NOTE: The GFI LANguard Portable Storage Control protection agent
must be removed from the computer where GFI EndPointSecurity 3
will be installed. This should be done only on the computer where GFI
EndPointSecurity will be installed.
3. Quit the application and proceed to installing GFI EndPointSecurity.
Installation procedure
GFI EndPointSecurity includes an installation wizard which will assist
you through the installation process. To start the installation:
1. Close all running applications and log-on the target computer using
an account which has administrative privileges:
2. Double-click on endpointsecurity3.exe. As soon as the welcome
dialog is displayed, click Next to start the installation.
NOTE: The facility to import the previous configuration allows you to
import the existing list of GFI LANguard Portable Storage Control
agents and re-deploying it using GFI EndPointSecurity (refer to the
chapter ‘Getting started: Deploying a default protection policy’ for
further information on how to import a list of deployed agents).
Screenshot 2 - GFI EndPointSecurity setup dialog: Import configuration settings
3. During installation GFI EndPointSecurity detects if a previous
installation of GFI EndPointSecurity is installed. Choose ‘import
settings used in older build’ to import previous build settings or ‘make
a clean install’ to install GFI EndPointSecurity as a new installation.
4. In the license dialog, read the licensing agreement carefully. Select
the ‘I accept the Licensing agreement’ option and click on Next to
continue.
12 • Installation
GFI EndPointSecurity
Screenshot 3 - GFI EndPointSecurity Setup dialog: License key information screen
5. Enter your name, company name and license key. If you are
evaluating the product, leave the default ‘Evaluation’ key and click
Next.
NOTE: By default, GFI EndPointSecurity has an unrestricted fully
functional evaluation period of 10 days. If the data you provided in the
download form is correct, you will receive a license key by email. This
key should be entered in the field provided as shown below to enable
you to evaluate GFI EndPointSecurity for 30 days.
Screenshot 4 - Device control dialog used to specify which devices you want to control
GFI EndPointSecurity
Installation • 13
6. Select the removable media devices that you wish to monitor.
7. Select the ‘Yes, create the device-associated Windows user groups
for the selected devices’ option if you want GFI EndPointSecurity to
create default (user) control groups.
NOTE: By default, GFI EndPointSecurity will add these control groups
to the default protection policies which ship with this product. In this
way you can add or delete users directly from the Computer
Management console of your windows operating system without
having to open the GFI EndPointSecurity user console.
8. Specify an alternative installation path (or leave the default path)
and click Next. The installation will need approximately 21 MB of free
disk space.
9. The installation wizard is now ready to copy the required files and
finalize the installation. Click on the Next button to proceed.
10. Click Finish to finalize the installation.
Entering your license key after installation
For information on how to enter your license key after product
installation refer to the ‘Miscellaneous’ chapter in this manual.
NOTE: Entering the license key should not be confused with the
process of registering your company details on our website. This is
important since it allows us to give you support and notify you of
important product news. You may register and obtain your GFI
customer account from: http://www.gfi.com/pages/regfrm.htm
14 • Installation
GFI EndPointSecurity
Getting started: Deploying a default
protection policy
Introduction
GFI EndPointSecurity ships with three default protection policies
which you can immediately deploy on target computers after
installation (GFI EndPointSecurity ` Protection Policies ` Servers /
Workstations / Laptops).
Screenshot 5 - LegacyAgents protection policy with the list of imported agents
NOTE 1: If you just upgraded from GFI LANguard Portable Storage
Control 2, and imported your previous configuration settings, the list of
agents that were protecting your computers will be automatically
added to a forth protection policy called LegacyAgents (GFI
EndPointSecurity ` Protection Policies ` LegacyAgents).
NOTE 2: GFI EndPointSecurity also allows you to create custom
protection policies. For more information on how to customize your
portable storage control policy, refer to the ‘Customizing the default
policy’ chapter in this manual.
Control over portable device usage is achieved through user and user
groups device-access privileges. These privileges determine who is
allowed to transfer content to and/or from portable devices. For
example, in a software company, a group of software developers may
be assigned FULL device access privileges to developer machines
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 15
whilst being totally blocked from plugging in devices to the computers
used by managers.
NOTE: You can designate privileges to named users and user groups
that make part of the Active Directory (AD) or Local users and groups
schema.
By default, the user groups that are created by GFI EndPointSecurity
(e.g. GFI_ESEC_Floppy_ReadOnly, GFI_ESEC_Floppy_FullAccess)
are assigned to the three default protection policies which ship with
the product. These user groups are already preconfigured with the
corresponding read/write privileges.
Figure 3 - When no users are configured, access to all portable devices will be blocked
However, by default, no members are assigned to any of these user
groups. This means that if these default policies are deployed on
target computers without further configuration, no user will be allowed
access to any portable device!
NOTE 1: For information on how to add members to user groups refer
to the ‘Customizing the default policy’ chapter in this manual.
NOTE 2: Access privileges are configurable at device class level. This
means that within the same protection policy/group you can specify
different users and privileges for every device class being monitored.
Chapter Preview
In this chapter you will learn how to:
•
Launch the GFI EndPointSecurity user console.
•
Specify which computers will be protected by the default policy.
•
Remotely deploy the protection policy on your target computers.
•
Configure users and designate read/write privileges.
•
Verify that the protection policy has been successfully deployed.
•
Perform the processes covered in this chapter through a practical
example.
16 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
Launching the GFI EndPointSecurity user console
To launch the GFI EndPointSecurity user console:
1. Logon using an account which has administrative privileges on all
your network/target computers (e.g. Domain Administrator).
2. Launch GFI EndPointSecurity from Start ` All Programs ` GFI
EndPointSecurity 3.0 ` GFI EndPointSecurity 3.0.
Quick Start Wizard
The Quick Start Wizard helps you configure the list of computers on
which portable devices will be controlled. This wizard is automatically
launched the first time that GFI EndPointSecurity is started, in order to
help you get your portable storage control system up and running in
the least possible time.
Screenshot 6 - Launching the Quick Start Wizard from the Navigation Pane
Once ready, you can still make use of this wizard by right-clicking on
the Protection Policies node and selecting New ` Quick Start
Wizard.
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 17
Screenshot 7 - Adding computers to a protection policy
1. Specify the name/IP of the computer to be protected and click Add.
Repeat this step until all target computers are added to the list, then
click Next.
NOTE 1: Use the Select… button to choose computers to be
protected from a list of domain computers. For more information on
how to generate the list of domain computers refer to the
‘Enumerating domain computers’ section in this chapter.
NOTE 2: Use the Import… button to import the list of computers to be
protected from a text file.
Screenshot 8 - Selecting the protection policy
18 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
2. Select the protection policy you want to assign the computer(s) to
from the drop down list provided and click Next.
Screenshot 9 – Viewing the list of computers assigned to the Workstations protection policy.
3. Click Finish to finalize your configuration.
Adding computers to a protection policy
In GFI EndPointSecurity you can also add computers to a protection
policy without having to launch the quick start wizard. This is achieved
as follows:
1. Expand the Protection Policies node.
2. Right click on the protection policy and select Add computers…
Screenshot 10 - Selecting the computers that will be protected
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 19
3. Specify the name/IP of the computer to be protected and click Add.
Repeat this step until all target computers are added to the list.
NOTE 1: Use the Select… button to choose computers to be
protected from a list of domain computers. For more information on
how to generate the list of domain computers refer to the
‘Enumerating domain computers’ section in this chapter.
NOTE 2: Use the Import… button to import the list of computers to be
protected from a text file.
4. Click on Finish to finalize your settings.
Enumerating domain computers
Screenshot 11 - List of active computers discovered on the selected domain
GFI EndPointSecurity can automatically generate the list of computers
which are currently active on a particular network domain. To generate
a list of domain computers:
1. Select the domain to be scanned from the list of domains currently
available on your network.
2. Click on Search to start the scanning process.
20 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
Screenshot 12 - List of domain computers with protection details
After enumerating the computers in a domain, use the Retrieve
Details button to identify which computers are:
•
Completely unprotected (i.e. no portable storage control).
•
Currently protected by an older version of GFI EndPointSecurity
(e.g. GFI LANguard Portable Storage Control 2).
•
Running an outdated protection agent/policy and therefore require
re-deployment.
To specify the computers to be protected, select/unselect the check
box near the respective computer(s). Click on OK to finalize your
selection.
NOTE: Computers protected by GFI LANguard Portable Storage
Control 2 or other older versions of GFI EndPointSecurity will be
automatically upgraded during protection policy deployment.
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 21
Deploying the default protection policy on your target computers
Figure 4 - Protection deployment and update process
In order to take effect, protection policies must be deployed on target
computers. During your very first policy deployment GFI
EndPointSecurity will also install the security agent on all the specified
targets. This agent will process all read/write requests made to
portable devices, using the deployed protection policy as reference.
NOTE: During policy deployment GFI EndPointSecurity will
automatically install agents on new computers or computers where
agents have been un-installed.
Since protection policies dictate control over portable device usage,
these must always be kept up to date. Therefore any configuration
changes made to a protection policy must always be followed by an
immediate re-deployment of the affected protection policy on to the
respective targets.
NOTE: The only exception to this rule is when users are added to
configured user groups via (Windows) Computer Management
console. For more information refer to the ‘Customizing your default
protection policy’ chapter in this manual.
22 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
Screenshot 13 - Deploying the protection policy on to selected targets
To deploy protection policies on to selected targets:
1. Click on the Protection Status node
2. From the viewer (right) pane, right click on the target(s) pending
deployment and select Deploy.
Verifying that protection policies have been successfully deployed
The deployment status report
Screenshot 14 - Deployment status report
At the end of every deployment process, GFI EndPointSecurity will
automatically generate a report showing the results of your latest
deployment operation. Use this report to identify which target
computers failed to update their protection policies and why. To print
this report, right click on the contents and select Print.
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 23
The protect status monitor
Screenshot 15 - The protection status monitor
Use the GFI EndPointSecurity ` Protection Status node to view the
status of all deployment operations performed on your network
targets. This information is shown in the viewer (right) pane of the GFI
EndPointSecurity user console and includes; Target Computer Name,
Deployment status and what is currently pending on each target
computer, Date and Time of the last successful deployment of a
protection policy as well as the name of the protection policy that is
currently in use.
Pending deployments may also be triggered from the protection status
viewer. Click on apply to deploy the necessary protection policy
updates to the target computers.
Example: Deploying the ‘Workstations’ protection policy on your
local host
In this example, you will be deploying the Workstations protection
policy on the computer where GFI EndPointSecurity is installed. To
keep this example generic, you will be using the local host details (i.e.
IP address 127.0.0.1). At the end of this example you should not be
able to access your floppy drive.
1. Launch GFI EndPointSecurity from Start ` All Programs ` GFI
EndPointSecurity 3.0 ` GFI EndPointSecurity 3.0.
2. Expand the Protection Policies node.
3. Right click on the Workstations node and select Add
Computers….
24 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
Screenshot 16 – Quick Start Wizard: Select the computers to be protected
4. Input the local host IP, 127.0.0.1 and click Add.
5. Click Next to proceed to the final dialog then click Finish.
6. Click on Apply to deploy the protection policy on the local
computer/local host.
Screenshot 17 - Deployment results
7. Insert a floppy disk in the floppy drive.
8. Start ` Run ` and key in A:\ to try to access the floppy.
Following successful deployment, a report similar to the one shown in
the above screenshot will be displayed. The deployment result is
shown in the Status column of this report.
Testing
Since no user is currently configured in your protection policy, GFI
EndPointSecurity will automatically block access to all portable media
devices on your computer. To verify if portable storage control is
already active on your computer:
GFI EndPointSecurity
Getting started: Deploying a default protection policy • 25
1. Insert a formatted floppy disk in your floppy drive.
Screenshot 18 - Access denied dialog
2. Go to Start ` Run and key in A:\. An access denied message
similar to the one shown above should be displayed, indicating that
your protection policy is working properly.
26 • Getting started: Deploying a default protection policy
GFI EndPointSecurity
Customizing the default protection
policy
Introduction
The default protection policy which ships with GFI EndPointSecurity is
fully customizable and can be configured to suit your company’s
portable device security policy. This is achieved by adding different
portable storage control policies or by making configuration changes
to the default protection policies which ship with the product.
Chapter Preview
In this chapter you will learn how to:
•
Configure which portable devices will be monitored
•
Manage users and assign read/write privileges on portable
devices.
•
Configure logon credentials
•
Configure event logging parameters
•
Create new protection policies
•
Deleted targets computers from a protection policy
•
Move target computers to a different protection policy
•
Delete protection policies
•
Perform the processes covered in this chapter through two
practical examples
Configuring which portable devices will be monitored
In GFI EndPointSecurity you can selectively configure which portable
devices will be monitored or excluded from access restrictions.
By default, protection policies are configured to monitor the default list
of devices specified in properties option of the Options ` Protection
Policy Defaults node of the GFI EndPointSecurity user console. For
more information on how to configure the default list of controlled
devices refer to the ‘Configuring default options’ chapter in this
manual.
You can also configure the list of devices to be monitored on a
protection policy by policy basis. This means that each protection
policy can be separately configured to monitor and control access to
different portable devices. To configure the devices that will be
controlled through a particular protection policy:
1. Expand the Protection Policies node
GFI EndPointSecurity
Customizing the default protection policy • 27
Screenshot 19 - Protection policy properties: Controlled Devices dialog
2. Right click on the protection policy that you wish to configure and
select Properties. This will bring up the protection policy properties
dialog.
3. Click on the Controlled Devices node and un-select the option
‘Use the default device permission settings’.
4. Un-select the portable devices that will be excluded from
monitoring.
5. Click OK to close the dialog.
6. Click on the Protection Policies node.
7. Click Apply to deploy the protection policy updates on the target
computers.
Managing users and privileges
By default, no users and privileges are preconfigured in the protection
policies that ship with GFI EndPointSecurity. This means that after
deploying a default protection policy on a target computer, all users
will be denied access to portable devices.
GFI EndPointSecurity allows you to assign access, read and write
privileges (over supported portable device) to any user and user group
that is a member of the Active Directory (AD) or Local users and
groups schema. You can configure device access privileges in two
ways:
•
Via Active Directory (AD)/Local users and groups.
•
Via the GFI EndPointSecurity user console.
28 • Customizing the default protection policy
GFI EndPointSecurity
Which is the best way to configure device access privileges?
In network environments where Active Directory is available, we
recommend that you configure device access privileges directly from
Active Directory. When configuring device access privileges through
Active Directory:
•
You are not making changes to the protection policy and therefore
no re-deployment of the protection policy is required.
Figure 5: GFI EndPointSecurity agent verifies device access privileges in real-time
•
Changes in device access privileges take effect immediately. The
reason is that when a user attempts to access a portable device,
the protection agent will query (in real-time) the Active Directory
(AD), verify if the user is a member of the privileged group(s) and
block access to the requested device accordingly. This way you
can rest assured that your protection policy privileges are
implemented and up-to-date.
•
You can assign device access privileges from any computer that
has access to Active Directory Users and Computers – without
bringing up the GFI EndPointSecurity user console.
In network environments where centralized administration (i.e. Active
Directory) is not available (e.g. Workgroups networks), we recommend
that you configure device access privileges from the GFI
EndPointSecurity user console.
Workgroups have architectural
limitations that would require you to:
•
GFI EndPointSecurity
Remove administrative privileges from end-user accounts. Endusers cannot have administrative privileges over local computers
otherwise they would be able to add themselves to privileged user
Customizing the default protection policy • 29
groups and therefore acquire unrestricted access privileges over
controlled devices.
•
Physically configure user groups and device access privileges on
every computer in the workgroup.
By using the GFI EndPointSecurity user console, you can configure
the required device access privileges and remotely deploy them on
your target computers as part of your protection policy – without
having to be physically present on your target computers!
Managing user privileges via Active Directory
For information on how to manage users via the Active Directory
management console refer to the chapter ‘Miscellaneous’ in this
manual.
Managing user privileges via local users & groups
For information on how to manage users via the computer
management console refer to the chapter ‘Miscellaneous’ in this
manual.
Managing user privileges via GFI EndPointSecurity user console
Through the GFI EndPointSecurity user console you can manage
users and device access privileges on a protection policy by policy
basis as well as on a global basis for all protection policies.
Through the Options ` Protection Policy Defaults node you can
configure default users/groups and device access privileges which can
be applied to all protection policies configured in the product.
NOTE: For more information on how to configure users via the
protection policy defaults node refer to the ‘Configuring default
options’ chapter in this manual.
Screenshot 20 - Bringing up the Protection policy properties dialog
30 • Customizing the default protection policy
GFI EndPointSecurity
To configure users and privileges in a protection policy:
1. Expand the Protection Policies node.
2. Right click on the protection policy that you wish to configure and
select Properties. This will bring up the protection policy properties
dialog.
Screenshot 21 - Protection policy properties dialog: Controlled Devices settings
3. Click on the Controlled Devices node and un-select the option
‘Use the default device permission settings’.
4. From the left window, select the portable device that you wish to
configure (e.g. Floppy disk).
GFI EndPointSecurity
Customizing the default protection policy • 31
Screenshot 22 - Configuring which users have access to the Floppy disk
5. Click on Add and specify the name of the user or group that will be
allowed access to the selected device. Repeat the process until all
users and/or groups have been added.
NOTE: GFI recommends that you configure only groups and not
named users. The advantage of using groups is that you can add or
delete users via Windows Computer Management (AD/Local Users
and Groups) without using the GFI EndPointSecurity user console.
32 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 23 - The list of users that have access to the Floppy disk
6. Configure user/group privileges by marking the Read and Write
checkboxes accordingly.
NOTE: Repeat steps 4 to 6 for every device that you wish to
configure.
7. Click OK to close the dialog.
Screenshot 24 - Updates pending deployment
8. Click Apply to deploy the protection policy updates on the target
computers.
GFI EndPointSecurity
Customizing the default protection policy • 33
NOTE 1: User access will be blocked to any portable device which
has no users or groups configured.
NOTE 2: After updating named users or group via the GFI
EndPointSecurity user console, you must re-deploy the changes on to
your target computers.
NOTE 3: GFI EndPointSecurity will keep track of all changes
performed on protection policies and will automatically synchronize
these updates on ‘outdated’ computers.
Configuring log-on credentials
GFI EndPointSecurity requires to physically log on to the target
computer(s) in order to:
•
Deploy protection policies and agents.
•
Keep track of the protection status of all target computers.
This requires that the product is run under an account which has
administrative privileges over all your network targets (e.g. Domain
Administrator).
By default, GFI EndPointSecurity is configured to use the security
context under which it is running (i.e. the credentials of the currently
logged on user). However this account might not have the required
privileges to access all your target computers and therefore alternative
credentials may be required. For example, to have administrative
privileges over your network computers, you might require to logon to
servers using a specific set of logon credentials and to workstations
using a different set of logon credentials.
To cater for such situations, protection policies can be deployed using
custom log-on credentials. These credentials are configurable on a
protection policy by policy basis and must be valid for all target
computers on which the protection policy will be deployed. For
example, you can create two protection policies and configure each
policy with a different set of logon credentials – one for the servers
and the other for workstations.
By default, protection policies are configured to use the default
credentials specified in the properties option of the Options `
Protection Policy Defaults node of the GFI EndPointSecurity user
console. For more information on how to configure default credentials
via the Protection Policy Defaults node refer to the ‘Configuring
default options’ chapter in this manual.
To configure custom log-on credentials on a protection policy:
1. Expand the Protection Policies node.
2. Right click on the protection policy that you wish to configure and
select Properties. This will bring up the protection policy properties
dialog.
3. Click on the Log-on Credentials node and un-select the option
‘Use the default protection policies credentials’.
34 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 25 - Protection policy properties: Log-on Credentials dialog
4. Select the option ‘Use the logon credentials specified below:’ and
specify the user name and password in the provided fields.
5. Click OK to close the dialog.
6. Click Apply to deploy the protection policy updates on the target
computers.
Configuring event logging parameters
Figure 6 – Logging portable storage activity
All attempts made to access portable media devices are recorded by
the GFI EndPointSecurity agents. By default, the data collected during
GFI EndPointSecurity
Customizing the default protection policy • 35
these events is stored into the SQL Server/MSDE database backend
of GFI EndPointSecurity. These default parameters are specified in
Options ` Protection Policy Defaults ` Logging node and Options
` Logging Options node of the GFI EndPointSecurity user console.
NOTE: For more information on how to configure default event logging
parameters refer to the ‘Configuring default options’ chapter in this
manual.
Protection policies can also be individually configured to register
events into the Security Event logs of your Windows operating system.
Security event logs are viewable from the Windows event viewer
(Start ` Control Panel ` Administrative Tools ` Event Viewer).
While a target computer is disconnected from the network, GFI
EndPointSecurity agents will automatically store event logs in a local
buffer. This allows you to keep track of all attempts made to connect
to portable devices, even if the user is outside your company’s
buildings. Once the target computer connects again to the network,
the information stored on the local buffer is automatically transferred
on to the database backend of GFI EndPointSecurity.
Screenshot 26 - Event viewer: GFI EndPointSecurity event logs
Details logged by the agents include: the user name, the device class,
the date and time when the user(s) attempted to access the device(s)
and whether the connection to the device(s) was allowed or blocked.
To configure the event log parameters on a protection policy:
1. Expand the Protection Policies node.
2. Right click on the protection policy to be configured and select
Properties. This will bring up the protection policy properties dialog.
3. Click on the Logging node and un-select the option ‘Use the
default protection policies logging options’.
36 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 27 - Protection policy properties dialog: Logging options
4. Select the preferred storage
corresponding checkboxes.
location(s)
by
marking
the
5. Click OK to close the configuration dialog.
6. Click Apply to deploy changes on to your target computers.
Viewing security event logs from the Windows event viewer
For information on how to view security event logs from the Windows
event viewer refer to the chapter ‘Miscellaneous’ in this manual.
GFI EndPointSecurity
Customizing the default protection policy • 37
Enabling or disabling pending deployments
Screenshot 28 - Disabling pending deployments
To temporarily enable or disable pending deployments:
1. Expand the Protection Policies node and click on the protection
policy which contains pending deployments.
2. Right click on the deployment(s) that you wish to enable or disable
and select Deploy or Disable deployment accordingly.
NOTE 1: Computers that are missing protection policy updates may
allow unauthorized users to transfer content to or from portable
devices. Computers that are missing agent deployment are totally
unprotected and will allow unauthorized users to transfer content to or
from portable devices.
38 • Customizing the default protection policy
GFI EndPointSecurity
Creating custom protection policies
Screenshot 29 - Creating a new protection policy
To create a new protection policy:
1. Right click on the Protection Policies node and select New `
Protection policy… This will bring up the protection policy properties
dialog.
2. Specify the name of the new protection policy and give it a
description.
3. Configure the rest of the properties (i.e. Logon Credentials, Device
Permissions, etc as described earlier in this chapter.
4. Click OK to close the dialog.
5. Click Apply to save your configuration.
Removing computers from a protection policy
To disassociate a protected computer from a protection policy:
1. Expand the Protection Policies node.
2. Click on the protection policy that you wish to configure.
3. From the viewer (right) pane, right click on the computer(s) to be
deleted and select Delete. This will automatically uninstall the GFI
EndPointSecurity agent from the target computer(s).
Moving computers to another protection policy
To move a target computer to a different protection policy:
1. Expand the Protection Policies node.
2. Click on the protection policy which contains the target computer(s).
3. From the viewer (right) pane, right click on the computer(s) that you
wish to remove and select Move to protection policy…
GFI EndPointSecurity
Customizing the default protection policy • 39
Screenshot 30 - The select protection policy dialog
4. Select the destination group from the drop down list provided and
click OK.
Deleting protection policies
GFI EndPointSecurity allows you to delete custom protection policies.
However, to delete a protection policy you must first delete or move all
computers contained in this policy.
1. Expand the Protection Policies node.
2. Right click on the protection policy to be deleted and select Delete.
NOTE: Default protection policies cannot be deleted.
Example 1: Assigning users and privileges from the GFI
EndPointSecurity user console
This example is built on the one described in the previous chapter
where access to the local floppy drive was blocked after deploying the
default protection policy on your local host.
In this example, you will now assign yourself read and write privileges
on the floppy drive attached to your computer. At the end of this
example you should be able to transfer content to and from your
floppy drive.
1. Launch GFI EndPointSecurity from Start ` All Programs ` GFI
EndPointSecurity 3.0 ` GFI EndPointSecurity 3.0.
2. Expand the Protection Policies node.
3. Right click on the Servers node and select Properties.
40 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 31 - Protection policies properties dialog
4. Click on Controlled Devices and un-select the ‘Use the default
device permission settings’ option.
5. Click on the Floppy disk node.
Screenshot 32 - Select user dialog
6. Click Add, specify your windows account username (e.g. Jason
Micallef) and click OK.
GFI EndPointSecurity
Customizing the default protection policy • 41
Screenshot 33 - Protection policies properties dialog: Floppy disk users and privileges
7. Click OK to save your configuration settings.
8. Click Apply to deploy changes on to the target computers.
9. Click Yes to your protection policy updates on the local
computer/local host.
Screenshot 34 - Deployment results
10. Following successful deployment, a report similar to the one
shown in the above screenshot will be displayed. The deployment
result is shown in the Status column of this report.
Testing
To verify if the protection policy on your computer has been
successfully updated:
1. Insert a formatted floppy disk in your floppy disk drive.
42 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 35 - Notepad
2. Open a text editor such as Notepad, type in some text and save the
file on your desktop as Example1.txt.
3. Go to your desktop, right click on Example1.txt and select Send to
` A:. In this way you will verify that you can transfer content to your
Floppy drive.
This will copy the file on the floppy disk inserted in your disk drive.
4. Go to Start ` Run and key in A:\. You should be able to see the file
Example1.txt on the floppy disk.
5. Rename the file to Example_OK.txt and drag on to your desktop.
In this way you will verify that you can transfer content from your
Floppy drive on to your computer.
Example 2: Assigning user privileges via Active Directory
Follow this example only if:
•
You have access to the Active Directory on your domain.
•
GFI EndPointSecurity was allowed to create the default user
groups in your Active Directory.
In this example, you will be assigning yourself read only privileges on
the Floppy Drive by adding your user name to the
GFI_ESEC_Floppy_ReadOnly
groups
created
by
GFI
EndPointSecurity during installation:
1. Go to Start ` Programs ` Administrative Tools ` Active
Directory Users and Computers.
2. Double-click the domain node in the console tree.
GFI EndPointSecurity
Customizing the default protection policy • 43
Screenshot 36 - Active Directory Users and Computers
3. Click the Users folder.
4. Right-click on the GFI_ESEC_Floppy_ReadOnly folder and click
Properties.
Screenshot 37 - GFI_ESEC_Floppy_ReadOnly properties dialog
5. Click the Members tab and click Add….
6. Click Look in to display a list of domains from which users and
computers can be added to the group.
44 • Customizing the default protection policy
GFI EndPointSecurity
Screenshot 38 - Adding a domain to the group
7. Select your domain.
8. Click on your user name and then click OK.
Testing
Since the user groups created by GFI EndPointSecurity are already
configured (and assigned privileges) in the default protection policies.
You will be automatically assigned read privileges as soon as you add
your name to the GFI_ESEC_Floppy_ReadOnly group, without having
to bring up the GFI EndPointSecurity user console. To verify this:
1. Insert a formatted floppy disk in your floppy disk drive.
2. Open a text editor such as Notepad, type in some text and save the
file on your desktop as Example2.txt.
Screenshot 39 - Access denied dialog
3. Go to your desktop, right click on Example2.txt and select Send to
` A:. An access denied message similar to the one shown above
should be displayed, indicating that your protection policy is working
properly.
4. Go to Start ` Run and key in A:\. You should be allowed access to
the contents of that floppy.
GFI EndPointSecurity
Customizing the default protection policy • 45
Configuring default options
Introduction
GFI EndPointSecurity allows you to configure default parameters
which can be automatically inherited by the protection policies
(Options ` Protection Policy Defaults node). These include:
•
Log-on credentials
•
The list of portable devices to be controlled
•
The list of users/groups which have access/read/write privileges
over portable devices
•
Event logging options
•
SQL Server/MSDE database backend settings.
You can also configure the SQL Server/MSDE database backend
settings (Options ` Logging options node). In this database
backend GFI EndPointSecurity will log all the portable storage activity
of your network computers.
Chapter Preview
In this chapter you will learn how to:
•
Configure Protection Policy Defaults
•
Configure Database backend options
GFI EndPointSecurity
Configuring default options • 47
Configuring protection policy defaults
Screenshot 40 -The default protection policy properties dialog
To configure the protection policy default options:
1. Right click on the Options ` Protection Policy Defaults node and
select Properties.
2. Configure the properties as required (i.e. Logon Credentials, Device
Permissions, etc). The process of configuring default parameters is
identical to that of configuring a protection policy. For information on
how to configure these properties refer to the two previous chapters.
3. Click OK to close the properties dialog.
Reboot and deployment options
Target Computers Reboot
Certain situations require the reboot of client computers soon after
that the protection policy has been deployed. Client computer reboots
are required when:
•
Upgrading protection agents from GFI LANguard Portable Security
Scanner to GFI EndPointSecurity. The GFI EndPointSecurity
protection agent will remove the GFI LANguard Portable Security
Scanner protection, but the system has to restart to unblock the
devices and switch to the new protection policy.
•
Installing GFI EndPointSecurity protection agents on computers
running Windows 2000. Reboot is required to enable file system
notifications. File Systems notifications are used to detect MOUNT
operations for volumes (e.g. when inserting a floppy disk or when
inserting a device that has no driver installed yet).
NOTE: Reboot is not required for computers running Windows XP or
higher.
48 • Configuring default options
GFI EndPointSecurity
Screenshot 41 - Advanced options
When required, GFI EndPointSecurity can automatically force reboot
of target computers after protection deployment. When this option is
enabled, currently logged on users will be greeted with a message
prior to the automated restart of a computer. To enable this feature:
1. Right click on the Options ` Protection Policy Defaults node and
select Properties.
2. Click on the Advanced option.
3. Select the check box provided in the Reboot Options.
4. (Optional) Customize the message which will be shown to the
currently logged on users before the computer is restarted.
Deployment options
GFI EndPointSecurity supports the simultaneous deployment of
protection policies on multiple computers (multi-threading). The
number of threads that can be simultaneously used for the
deployment of protection policies is configurable as follows:
1. Right click on the Options ` Protection Policy Defaults node and
select Properties.
2. Click on the Advanced option.
3. Specify the number of concurrent deployment threads required.
4. Specify the thread timeout value in seconds.
NOTE: We suggest that you do not use more than ten threads
because this would affect the availability of your system resources.
GFI EndPointSecurity
Configuring default options • 49
Configuring database backend options
Screenshot 42 - Database backend configuration options
To configure the database backend logging options:
1. Right click on the Options ` Logging node and select Properties.
This will bring up the database backend configuration dialog.
2. Specify the name of the SQL Server that will be hosting the
database backend.
3. Specify the SQL Server credentials or select the ‘Use Windows
authentication’ option to authenticate to the SQL server using windows
account details.
4. Click on OK to save these settings and close the dialog.
50 • Configuring default options
GFI EndPointSecurity
General options
Introduction
GFI EndPointSecurity allows you to export configuration (e.g.
protection policy) settings to an XML file. In this way, you can:
•
Backup the current configuration settings and use the import
configurations feature to restore saved configurations whenever
required.
•
Avoid re-configuration of GFI EndPointSecurity parameters (e.g.
when changing over from a test environment on to live
environment or to standardize configuration settings on multiple
instances of GFI EndPointSecurity.
NOTE 1: The Export Configuration function will export all configuration
settings present in the GFI EndPointSecurity setup EXCEPT THE
LICENSE KEY.
NOTE 2: The Export Configuration function exports configuration
settings and information in plain text. This means that logon
credentials including passwords will be exposed.
The GFI EndPointSecurity user console also contains a number of
general options as well as links to support sites and information on
other GFI products.
Chapter Preview
In this chapter you will learn how to:
•
Export configurations
•
Import configurations
•
View the version and build number of your GFI EndPointSecurity
•
Check for newer builds of GFI EndPointSecurity
•
View your licensing and product evaluation details (e.g. the
number of evaluation days remaining)
•
Enter your license key after product installation
Export configurations
To export your configuration settings:
1. Go to File ` Export Configurations….
GFI EndPointSecurity
General options • 51
Screenshot 43 - Export configuration settings
2. Specify the location of the target XML file (e.g. C:\Program
Files\GFI\EndPointSecurity 3.0\ESEC_Conf_bak.xml).
3. Click OK to save.
Import configurations
NOTE: Since importing a configuration will overwrite all your current
configuration settings, we strongly recommend that you export a copy
of your current configuration settings and keep it as a backup.
1. Go on File ` Import Configurations….
Screenshot 44 - Import configuration settings
2. Select the XML file to be restored (e.g.
Files\GFI\EndPointSecurity 3.0\ESEC_Conf_bak.xml).
52 • General options
C:\Program
GFI EndPointSecurity
3. Click OK to import.
Version Information
Screenshot 45 - GFI EndPointSecurity: Version Information
Use the General ` Version Information node to view the version and
build number of your GFI EndPointSecurity as well as to check if a
newer build is available on the GFI web site.
GFI EndPointSecurity
General options • 53
Check for newer builds
Screenshot 46 - The program version properties dialog
To check for newer builds right click on the Version Information node
and select Check for latest build…This will bring up the program
version properties dialog as well as will initiate a check for new builds
on GFI approved download sites.
In order to optimize our service delivery to customers the following
data is sent every time that a check for newer build is triggered:
•
Product code – This is a number which indicates product type.
•
Product language (number which indicates product language)
•
Evaluation (flag marking if evaluation or not - 1 or 0)
You can also enable checks for new builds at program startup. This is
achieved by selecting the ‘Check for newer builds at startup’ option
from the program version properties dialog.
54 • General options
GFI EndPointSecurity
Licensing
Screenshot 47 - GFI EndPointSecurity: Licensing
Use the General ` Licensing node to view your product license and
evaluation details as well as to enter your product license key after
installation (without re-installing or re-configuring the product!).
Screenshot 48 - License key entry dialog
To enter your license key:
1. Right click on the General ` Licensing node and select Enter
License key…
2. Enter your license key in the provided field and click OK.
GFI EndPointSecurity
General options • 55
Miscellaneous
Introduction
Figure 7 - Adding users to the GFI ESEC user groups from AD or Local users/groups
GFI EndPointSecurity is configured to automatically create default
user groups in your Active Directory (AD) or on your local machine.
E.g.
•
GFI_ESEC_Floppy_ReadOnly.
•
GFI_ESEC_Floppy_FullAccess.
Use these user groups to organize your users based on their portable
media access privileges.
GFI EndPointSecurity user groups are by default configured in the
protection policies which ship with this product. This allows you to add
users and privileges directly from the Active Directory users and
computers/Computer Management Console without bringing up the
GFI EndPointSecurity user console.
NOTE 1: During installation you can choose not to create default
groups automatically.
NOTE 2: GFI EndPointSecurity will automatically create default user
groups in the Active Directory (AD). If AD is not available, user groups
will be created locally on the computer where GFI EndPointSecurity is
installed.
GFI EndPointSecurity
Miscellaneous • 57
NOTE 3: User/group privileges are configurable on a device by device
basis. This means that users/groups can be assigned different read
and write privileges for every portable device that is supported by GFI
EndPointSecurity.
Chapter Preview
In this chapter you will learn how to:
•
Manage users via the Active Directory.
•
Manage users via the local users management console.
•
View security event logs from the Windows event viewer.
Managing users via Active Directory management Console
To add Active Directory users and groups to the GFI EndPointSecurity
user groups:
1. Go to Start ` Control Panel ` Administrative Tools ` Active
Directory Users and Computers.
Screenshot 49 - Active Directory Users and Computers
2. Double-click the name of the required domain from the console tree
(e.g. contoso.com).
58 • Miscellaneous
GFI EndPointSecurity
Screenshot 50 - Active Directory Users and Computers: default user groups
3. Click the folder that contains the group to which you want to add a
member.
Screenshot 51 - Active Directory Users and Computers indicating the GFI EndPointSecurity
group
4. Right-click on the GFI EndPointSecurity group where users will be
added and click Properties.
GFI EndPointSecurity
Miscellaneous • 59
Screenshot 52 – GFI_ESEC_Floppy_ReadOnly properties
5. Click the Members tab and click Add….
6. Click Look in to display a list of domains from which users and
computers can be added to the group.
Screenshot 53 - Adding users
7. Click the domain containing the users and computers you want to
add.
8. Click on the users to be added and when finished click OK.
60 • Miscellaneous
GFI EndPointSecurity
NOTE 1: After updating group members via the (Windows) Computer
Management Console, you do not need to re-deploy the changes on
to your target computers.
NOTE 2: If a user is a member of groups which have conflicting
privileges
(e.g.
GFI_ESEC_Floppy_FullAccess
and
GFI_ESEC_Floppy_ReadOnly), he/she will be assigned the lowest
privilege (i.e. Read only privileges).
Managing users via local users management console
Screenshot 54 - Administrative Tools group
To add Local users and groups to the GFI EndPointSecurity user
groups:
1. Go to Start ` Control Panel ` Administrative Tools ` Computer
Management.
2. Click on the Local Users and Groups ` Groups node.
GFI EndPointSecurity
Miscellaneous • 61
Screenshot 55 - Computer Management: Local users and groups options
3. Right-click on the GFI EndPointSecurity group (e.g.
GFI_ESEC_Floppy_ReadOnly) where users will be added and click
Properties.
Screenshot 56 - Select users dialog
4. Click Add…, specify the name of local users that you wish to add to
this group and click OK.
5. When all users have been added click OK.
NOTE: After updating group members via the (Windows) Computer
Management Console, you do not need to re-deploy the changes on
to your target computers.
62 • Miscellaneous
GFI EndPointSecurity
Viewing security event logs from the Windows event viewer
Screenshot 57 - The Event Viewer
To view event logs generated on a particular target computer:
1. Go to Start ` Setting `Control Panel `Administrative Tools `
Event Viewer.
2. From the left pane select the Application node.
3. Sort the events in the right pane by clicking on the Source tab.
Navigate up/down to the required logs. A list of all event logs
generated by GFI EndPointSecurity is provided below:
Event Type
GFI EndPointSecurity
Event ID
Description
1000
GFI EndPointSecurity agent service has
started.
1001
GFI EndPointSecurity agent service has
stopped.
1002
GFI EndPointSecurity agent service has
stopped due to system shutdown.
1003
GFI EndPointSecurity agent service has
stopped due to an error.
2000
Success Audit – Read only access was
allowed.
2001
Failure Audit – Read only access denied.
2002
Success Audit – Full access was allowed.
2003
Success Audit – Full access was denied.
3000
Portable device inserted
3001
Portable device removed
Miscellaneous • 63
Troubleshooting
Introduction
The troubleshooting chapter explains how you should go about
resolving issues you have. The main sources of information available
to users are:
•
The manual – most issues can be solved by reading the manual.
•
The GFI Knowledge Base – accessible from the GFI website.
•
The GFI technical support site.
•
Contacting the GFI technical support team by email at
support@gfi.com.
•
Contacting the GFI technical support team using our live support
service at http://support.gfi.com/livesupport.asp.
•
Contacting our technical support team by telephone.
Knowledge Base
GFI maintains a Knowledge Base, which includes answers to the most
common problems. If you have a problem, please consult the
Knowledge Base first. The Knowledge Base always has the most upto-date listing of support questions and patches.
The Knowledge Base can be found on http://kbase.gfi.com/.
Request technical support via email
If, after using the Knowledge Base and this manual, you have any
problems that you cannot solve, you can contact the GFI technical
support team. The best way to do this is via email, since you can
include vital information as an attachment that will enable us to solve
the issues you have more quickly.
The Troubleshooter, included in the program group, automatically
generates a series of files needed for GFI to give you technical
support. The files would include the configuration settings, debugging
log files and so on. To generate these files, start the troubleshooter
wizard and follow the instructions in the application.
In addition to collecting all the information, you will be asked a number
of questions. Please take your time to answer these questions
accurately. Without the proper information, it will not be possible to
diagnose your problem.
Then click the troubleshooter\support folder, located under the main
program directory, compress the files in ZIP format, and send the
generated ZIP file to support@gfi.com.
Ensure that you have registered your product on our website first, at
http://customers.gfi.com.
64 • Troubleshooting
GFI EndPointSecurity
We will answer your query within 24 hours or less, depending on your
time zone.
Request technical support via web chat
You may also request technical support via ‘LiveSupport (web chat)’.
You can contact the GFI technical support department using our
LiveSupport service at http://support.gfi.com/livesupport.asp
Ensure that you have registered your product on our website first, at:
http://customers.gfi.com.
Request technical support via phone
You can also contact GFI by phone for technical support. Please
check our website for the correct numbers to call, depending on where
you are located, and for our opening times.
Technical support website:
http://support.gfi.com.
Ensure that you have registered your product on our website first, at
http://customers.gfi.com.
Web Forum
User to user technical support is available via the web forum. The
forum can be found at:
http://forums.gfi.com/.
Build notifications
We strongly suggest that you subscribe to our build notifications list.
This way, you will be immediately notified about new product builds.
To subscribe to our build notifications, go to:
http://support.gfi.com.
GFI EndPointSecurity
Troubleshooting • 65
25, 26, 27, 28, 33, 35,
38, 40, 42, 45
Index
Q
Quick Start Wizard 17, 25
S
system requirements 11
A
Active Directory 4, 8, 16, 30,
43, 58
agent 6, 8, 9, 22, 38, 39
alternative credentials 34
C
computer reboots 48
configuration settings 64
control groups 14
D
deployment threads 49
E
event logs 6, 36, 37, 63
Export configurations 51
G
GFI EndPointSecurity user
console 7, 8, 9, 10, 14,
16, 17, 24, 27, 30, 32,
34, 36, 40, 51
I
Import configurations 51, 52
installation wizard 12, 14
L
license key 10, 13, 14, 51, 55
licensing 10, 12, 51
M
monitor 8, 14, 24, 27
P
privileges 4, 5, 6, 7, 8, 12,
15, 16, 17, 27, 30, 31,
33, 34, 40, 43, 45, 47,
57, 58, 61
protection policy 5, 6, 7, 8, 9,
10, 15, 16, 22, 23, 24,
GFI EndPointSecurity
Index • 67
Download PDF