- Computers & electronics
- Software
- Antivirus security software
- Kaspersky
- ADMINISTRATION KIT 8.0
- Owner's manual
- 329 Pages
Kaspersky ADMINISTRATION KIT 8.0 Owner Manual
advertisement
Assistant Bot
Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.
Kaspersky Administration Kit 8.0
REFERENCE GUIDE
A P P L I C A T I O N V E R S I O N : 8 . 0 C R I T I C A L F I X 2
Dear User!
Thank you for choosing our product. We hope that this document will help you in your work and will provide answers regarding this software product.
Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by applicable law.
Reproduction or distribution of any materials in any format, including translations, is allowed only with the written permission of Kaspersky Lab ZAO.
This document, and graphic images related to it, may only be used for informational, non-commercial, and personal purposes.
Kaspersky Lab ZAO reserves the right to amend this document without additional notification. You can find the latest version of this document at the Kaspersky Lab website, at http://www.kaspersky.com/docs .
Kaspersky Lab ZAO shall not be liable for the content, quality, relevance, or accuracy of any materials used in this document for which the rights are held by third parties, or for any potential or actual losses associated with the use of these materials.
This document uses registered trademarks and service marks which are the property of their respective owners.
Document revision date: 10/15/2010
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com
http://support.kaspersky.com/
2
CONTENTS
3
R E F E R E N C E G U I D E
4
C O N T E N T S
5
R E F E R E N C E G U I D E
6
C O N T E N T S
7
ABOUT THIS GUIDE
This Guide contains the purpose of Kaspersky Administration Kit and step by step descriptions of the features it offers.
The basic concepts and general schemes for working with the application are described in the Kaspersky Administration
Kit Administrator's Guide.
I N THIS SECTION
I
N THIS DOCUMENT
The following sections are included in the document:
from the documentation included in the distribution package.
Kit.
virus protection management system using Kaspersky Administration Kit.
Server in Kaspersky Administration Kit.
Administration Kit and administration groups.
Kaspersky Administration Kit.
working with Kaspersky Administration Kit.
notifications in Kaspersky Administration Kit.
protection system using Kaspersky Administration Kit.
computers not included in administration group.
managed via Kaspersky Administration Kit.
Kaspersky Administration Kit services.
computers and perform their maintenance.
8
A B O U T T H I S G U I D E
Kit designed to extend the opportunities for centralized management of applications in computer networks.
items of the Administration Console objects, results pane objects and the meaning of statuses assigned to network objects and administration groups.
Glossary. The section enumerates the terms used in the document.
Kaspersky Lab ZAO (see page 326 ). The section provides information on Kaspersky Lab ZAO.
Index. Using this section, you can easily find the required data in the document.
D
OCUMENT CONVENTIONS
Document conventions used in this document are described in the following table.
S AMPLE TEXT
Note that...
Table 1. Document conventions
D OCUMENT CONVENTIONS DESCRIPTION
Warnings are highlighted in red and enclosed in frames. Warnings contain important information: for example, information related to operations critical to computer safety.
Notes are framed in dotted-line box. Notes contain additional detail and reference information. It is recommended to use...
Example :
Example blocks have a yellow background, and the heading "Example".
...
Update means...
ALT+F4
Enable
New terms are italic.
Names of keyboard keys are bold and are all uppercase.
Names of the keys followed by a plus sign (+) indicate a combination of keys.
Names of interface elements are bold; for example, input fields, menu commands, and buttons.
Procedure headings are italic.
To configure a task schedule: help
<IP address of your computer>
Text in the command line and text of messages displayed on the screen have a special font.
Variables are enclosed in angle brackets. Instead of a variable, the corresponding value must be entered in each case; angle brackets are omitted.
9
ADDITIONAL DATA SOURCES
If you have any questions regarding purchasing, installing or using Kaspersky Administration Kit, answers are readily available.
Kaspersky Lab provides various sources of information about the application. You can choose the most suitable, according to the importance and urgency of your question.
I N THIS SECTION
I
NFORMATION SOURCES FOR FURTHER RESEARCH
You can view the following sources of information about the application: the application's page on Kaspersky Lab website; the application's Knowledge Base page on the Technical Support Service website; online help system; documentation.
The application's page at the Kaspersky Lab website
http://www.kaspersky.com/administration_kit
This page provides you with general information about the application's features and options.
The application's Knowledge Base page at the Technical Support Service website
http://support.kaspersky.com/remote_adm
This page contains articles published by the experts of the Technical Support Service.
These articles contain useful information, recommendations, and the Frequently Asked Questions (FAQ) page, and cover purchasing, installing and using Kaspersky Administration Kit. The articles are sorted by subject, such as
"Working with key files", "Updating databases" and "Troubleshooting". The articles aim to answer questions about not only Kaspersky Administration Kit but other Kaspersky Lab products as well. They may also contain news from the Technical Support Service.
Online help system
The application installation package includes full help files, which contain step by step descriptions of the application's features.
To open the help file, select Kaspersky Administration Kit help system in the console Help menu.
10
A D D I T I O N A L D A T A S O U R C E S
If you have a question about a specific application window, you can use context help.
To open context-sensitive help, in the corresponding window, click the Help button or the F1 key.
Documentation
The documentation supplied with the application aims to provide all the information you will require. It includes the following documents:
Administrator's Guide describes the purpose, basic concepts, features and general schemes for using
Kaspersky Administration Kit.
Implementation Guide contains a description of the installation procedures for the components of Kaspersky
Administration Kit as well as remote installation of applications in computer networks using simple configuration.
Getting Started provides a step by step guide to anti-virus security administrators, enabling them to start using
Kaspersky Administration Kit quickly, and to deploy Kaspersky Lab anti-virus applications across a managed network.
Reference Guide contains an overview of Kaspersky Administration Kit, and step by step descriptions of its features.
The documents are supplied in .pdf format in Kaspersky Administration Kit's distribution package.
You can download the documentation files from the application's page on Kaspersky Lab website.
The information about an application programming interface (API) of Kaspersky Administration Kit is contained in the klakaut.chm file. This file is located in the installation folder of the application.
D
ISCUSSING
K
ASPERSKY
L
AB APPLICATIONS IN WEB
FORUM
If your question does not require an immediate answer, you can discuss it with Kaspersky Lab experts and other users in our forum at http://forum.kaspersky.com
.
In this forum you can view existing topics, leave your comments, create new topics and use the search engine.
C
ONTACTING THE
U
SER DOCUMENTATION DEVELOPMENT
GROUP
If you have any questions about the documentation, or you have found an error in it, or would like to leave a comment, please contact our User documentation development group.
Click the Send feedback link located in the top right part of the window to open the computer's default mail client. In the window that opens, the email of User documentation development group will appear ( [email protected]
), with the subject line
– "Kaspersky Help Feedback: Kaspersky Administration Kit". Write your comment and send the letter without changing the subject.
11
STARTING AND STOPPING THE
APPLICATION
Kaspersky Administration Kit starts automatically when launching the Administration Server.
The Kaspersky Administration Kit can be launched by selecting Kaspersky Administration Kit from the Kaspersky
Administration Kit program group in the standard Start Programs menu. This program group is created only on administrator's workstations during the Kaspersky Administration Console installation.
To access the functionality of Kaspersky Administration Kit the Administration Server of Kaspersky Administration Kit must be running.
12
QUICK START WIZARD
The Wizard configuring can configure the minimum settings for centralized management of anti-virus protection.
The wizard opens at the first connection to an Administration Server established after installation.
I N THIS SECTION
S
TEP
1.
A
DDING A LICENSE
During this stage, the method of adding a license for the applications (see the figure below) that will be managed by the administrator using Kaspersky Administration Kit should be selected.
Figure 1. Selecting the method of adding a license
13
R E F E R E N C E G U I D E
Select the method of adding a license:
Enter activation code – you will be asked to specify the code obtained when you purchased a commercial version of the application (see the figure below).
Figure 2. Entering the activation code
If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field.
14
Q U I C K S T A R T W I Z A R D
Load from key file
– you will be asked to specify the key file (see the figure below).
Figure 3. Selecting the key file
If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field.
Add license later
15
R E F E R E N C E G U I D E
S
TEP
2.
N
ETWORK
D
ISCOVERY
During this stage the computer network is polled, and computers within this network are identified (see the figure below).
Based on the results of this scan, a service group Unassigned computers is formed together with its Domains, Active
Directory and IP subnets subfolders. The information obtained will be used to automatically create the administration groups.
Figure 4. The Quick Start Wizard window. Network Discovery
To view the structure of the computer network, use the View discovered computers link. Click the View Kaspersky
Administration Kit introduction link to view the description of the main features offered by Kaspersky Administration
Kit.
16
Q U I C K S T A R T W I Z A R D
S
TEP
3.
C
ONFIGURING NOTIFICATION SETTINGS
During the next stage you will have to configure the settings for delivery of email notifications generated by Kaspersky
Lab applications.
Figure 5. Configuring delivery of notifications
If the SMTP server uses authorization, check the Use ESMTP authorization box and fill in the User name , Password and Confirm password fields. These settings will be used as the default settings for application policies.
To check the correctness of the specified settings, press the Test button. This will open a test notification sending window. In the event of errors, detailed error information will be displayed in it.
S
TEP
4.
C
ONFIGURING ANTI
-
VIRUS PROTECTION
During this stage, you should configure the anti-virus protection system (see the figure below).
The Quick Start Wizard creates an anti-virus protection system for the client computers within administration groups, using Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. In this case, the Administration Server creates a policy and defines a minimum set of tasks for the highest hierarchy level of Kaspersky Anti-Virus 6.0 for Windows Workstations
MP4, as well as downloading updates and data backup.
The objects created by the Wizard are displayed in the console tree: the policies for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows
Servers MP4 – in the Policies folder of the Managed computers group under the names Protection policy -
Windows Workstations and Protection policy - Windows Servers , and with the default settings; the tasks for updating the anti-virus database for Kaspersky Anti-Virus for Windows Workstations and
Kaspersky Anti-Virus 6.0 for Windows Servers MP4
– in the
Group tasks folder of the Managed computers group under the names Update – Windows Servers and Update – Windows Workstations , and with the default settings;
17
R E F E R E N C E G U I D E on-demand scanning tasks for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for
Windows Servers MP4 – in the Group tasks folder of the Managed computers group under the names Virus
Scan
– Windows Workstations
and Virus Scan
– Windows Servers
, and with the default settings; downloading updates to the repository – in the Kaspersky Administration Kit tasks folder under the name
Download updates to repository , and with the default settings; the Administration Server data backup task – in the Kaspersky Administration Kit tasks folder under the name Administration Server data backup , and with the default settings.
A policy for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 is not created if a policy for that application already exists in the Managed computers folder. If group tasks for the Managed computers group and the Download updates to repository with these names already exist, they are not created either.
Figure 6. Configuring anti-virus protection
The wizard window displays the process of creating the tasks and the policies. If errors occur, an error message will be displayed on the screen.
18
Q U I C K S T A R T W I Z A R D
S
TEP
5.
D
OWNLOADING UPDATES
During this step the wizard downloads updates to the repository by the Administration Server: the task defines the list of files for download and downloads them (see the figure below).
Figure 7. Configuring retrieval of updates
You don't need to wait for completion of the updates retrieval task. The downloading of updates will continue using the
Download updates to the repository
task (see section " Determining the updates list " on page 245 ).
19
R E F E R E N C E G U I D E
S
TEP
6.
C
OMPLETING THE WIZARD
When the Quick Start Wizard completes, you will be invited to start the deployment of anti-virus protection. You can use this wizard to install the Network Agent. If you do not wish to install applications immediately after the Quick Start Wizard completion, uncheck the Start deployment box (see the figure below).
Figure 8. Completing the Quick Start Wizard
A detailed description of how to work with the Remote Install Wizard is provided in the Implementation Guide.
20
MANAGING ADMINISTRATION SERVERS
The Administration Server is a computer on which the Administration Server component is installed. A corporate network can include several such Servers. The following operations are supported for the Administration Servers: connection / disconnection; adding / removal from the console tree; switching between the Administration Servers; building an Administration Servers hierarchy; creation and configuration of tasks for delivery of reports, updating and backup copying.
I N THIS SECTION
C
ONNECTION TO THE
A
DMINISTRATION
S
ERVER
To connect to an Administration Server, select the node corresponding to the required Administration Server in the console tree.
After this, the Administration Console tries to connect to the Administration Server. If there are several Administration
Servers on your network, the Console will connect to the server it last connected to during the previous Kaspersky
Administration Kit session. When the application is launched for the first time after installation, it is assumed that the
Administration Server and Administration Console are running on the same computer. Therefore, the Administration
Console will try to detect the Administration Server on this computer.
If the Server is not found, you will be asked to specify the Server address manually in the Connection settings dialog box (see the figure below). Enter the required Server address in the Server address field. You can enter either the IP address or the computer name in the Windows network.
21
R E F E R E N C E G U I D E
To connect to the Administration Server through a port that differs from the default one, enter <Server name>:<Port> in the Server address field.
Figure 9. Connecting to the Administration Server
Press the Advanced button to show or hide the following advanced connection settings:
Use SSL connection . Check this box to transmit data between the Administration Server and Administration
Console via the Secure Sockets Layer protocol (SSL). Uncheck this box if you do not want to communicate via
SSL. However, this will lower the security of data transmissions against modification or interceptions.
Use data compression . Check this box to increase the rate of data transfer between the Administration
Console and the Server, by decreasing the amount of information being transferred and hence lowering the load on the Administration Server.
Enabling this setting will increase the load on the central processor of the computer which is hosting the
Administration Console.
Use proxy server . Check this box if you want to connect to the Administration Server via a proxy server (see the figure above). Enter the address for connecting to the proxy server in the Address field. Fill in the User name and Password fields if user authorization is required to access this proxy server.
When the connection settings have been confirmed, the Administration Console verifies the user's rights to connect to the Administration Server. If the secure connection is SSL-enabled, the Administration Console authenticates the
Administration Server before verifying user rights.
When you connect to the server for the first time, and also if the server certificate for this session differs from your local copy, a request to connect to the server and receive a new certificate will be displayed (see the figure below). Select one of the following:
I want to connect to the server and download the certificate from it
– to connect to the Administration
Server and receive a new certificate.
I want to specify the certificate file location
– specify the Server certificate manually. In this case, select the certificate file using the Select button. The certificate file has the extension .cer, and is located in the Cert subfolder of the Kaspersky Administration Kit program folder specified during application installation. The
Console will attempt to re-authenticate the server using the certificate you specified.
22
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure access settings for the Server.
Figure 10. Request to connect to the Administration Server
User rights are verified using the Windows user authentication procedure. If the user is not authorized to access the
Administration Server, i.e. he/she is not an operator ( KLOperators ) or administrator of Kaspersky Administration Kit
( KLAdmins ), he/she will be asked to register to access the Administration Server (see the figure below). In the corresponding form, specify a user account (name and password) which has Kaspersky Administration Kit operator or administrator rights.
Figure 11. Registering a user to access the Administration Server
If the connection to the Administration Server has been established successfully, the structure of this Server's folders and its settings appear in the console tree.
T
HE UTILITY FOR SELECTING THE
A
DMINISTRATION
S
ERVER SERVICE ACCOUNT
(
KLSRVSWCH
)
You can use this utility to specify an account for launching the Administration Server service on this computer (see the figure below). Launch the utility and select one of the two following options:
Local System account
– the Administration Server will start using the
Local System account and its credentials.
23
R E F E R E N C E G U I D E
Correct operation of Kaspersky Administration Kit requires that the account used to start the Administration
Server should have the administrator's rights on the resource where the Administration Server database is hosted.
Specified account
– the Administration Server will start using the account included in a domain. In this case the Administration Server will initiate all operations using the credentials of that account. Use the Find now button to select the user whose account will be used and enter the password.
If the domain user account is selected as an account for launching the Administration Server, you will be asked to define this user and specify the password for his/her account.
Figure 12. Selecting account
When using the SQL-server in the Windows authentication mode, the user account should be provided with an access to the database. The user account should be the owner of the Kaspersky Anti-Virus database. By default, the dbo scheme must be used.
D
ISCONNECTING FROM
S
ERVER
To disconnect from an Administration Server:
1. In the console tree, select the node corresponding to the Administration Server that should be disconnected.
2. Open the context menu.
3. Select the Disconnect from Administration Server command.
24
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
S
WITCHING BETWEEN
S
ERVERS
If several Administration Servers have been added to the console tree, you can switch between those servers while working with them.
To switch to another Administration Server:
1. Select in the console tree the node under the necessary Server name.
2. Open the context menu and select the Connect to Administration Server command.
In the Connection settings window that opens, enter the name of the Server, which you intend to manage, and
If you have no Kaspersky Administration Kit operator or administrator rights, access to the Administration Server will be denied.
Figure 13. Connecting to the Administration Server
3. Press the OK button to complete switching between the Servers.
If the connection to the Server has been established successfully, the contents of the corresponding node will be updated.
A
DDING A
S
ERVER TO THE CONSOLE TREE
To add a new Administration Server to the console tree:
1. Select the Kaspersky Administration Kit node in the console tree within the main program window of
Kaspersky Administration Kit.
2. Open the context menu and select the New Administration Server command.
25
R E F E R E N C E G U I D E
This will create a new node with the name Kaspersky Administration Server - <Computer name> (Not connected) in the console tree. Use this node to connect to any other Administration Server installed on the network.
G
RANTING RIGHTS TO USE A
S
ERVER
To grant rights to work with an Administration Server:
1. In the main Kaspersky Administration Kit application window select the node corresponding to the required
Administration Server in the console tree, open its context menu and select the Properties command.
2. In the Administration Server <Computer name> properties window that opens (see the figure below), switch to the Security tab.
Figure 14. Granting rights to access the Administration Server
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
View Configuring interface menu and check the box in the Display security settings tabs string.
The upper part of the tab displays a list of users and user groups that have access to the Administration Server. The lower part contains the list of possible permissions:
All
– includes all permissions (see below).
Reading
– viewing Kaspersky Administration Kit objects' properties without a permission to perform operations, create new objects or modify the existing ones.
26
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Writing
– changing Kaspersky Administration Kit object properties, as well as creating new objects without a right to perform operations upon objects.
Running
– performing operations on Kaspersky Administration Kit objects without a right to create new objects or modify the existing ones.
Modify access privileges
– granting to users, and groups of users, access rights to the functionality of
Kaspersky Administration Kit.
Edit event log settings .
Edit notification settings .
Remote install of Kaspersky Lab applications .
Remote install of external applications
– preparation of installation packages and remote install of third-party applications and Kaspersky Lab applications to the client computers.
Edit Administration Server hierarchy settings .
Save network lists content – copy files from backup, quarantine and unprocessed files from client computers to a computer where the Administration Console is installed.
Create tunnels – creating a tunneling connection between the computer where the Administration Console is installed and a client computer.
To connect to the Administration Server, the user should have Read permissions.
To assign the rights for working with Server, perform the following actions:
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
You can add a new group or a new user, using the Add button. You can only add groups of users and users that are registered on the computer with the Administration Console installed.
To remove a group or a user, select an object from the list and click the Remove button.
The group of Kaspersky Administration Kit administrators ( KLAdmins ) cannot be removed.
Click the Apply or OK button to apply the settings.
R
EMOVING A
S
ERVER FROM THE CONSOLE TREE
To remove an Administration Server from the console tree:
1. Select the node corresponding to the required Administration Server in the console tree.
2. Open the context menu.
3. Select the Delete command.
27
R E F E R E N C E G U I D E
V
IEWING AND CHANGING
A
DMINISTRATION
S
ERVER
SETTINGS
The links in the task pane of the Administration Server allow fast access to the following server features: installation of anti-virus protection; organization of administration groups; configuration of update, protection and scanning settings; viewing of statistics and configuration of notifications.
You can use the Administration Server properties window to view its parameters and modify them as necessary.
To open the Server properties window:
1. Select the necessary Server in the console tree.
2. Open the context menu and select the Properties option.
The window that opens contains a set of tabs, on which you can view and modify the following Administration
Server settings:
registration of events (see section "Event processing settings" on page 37 );
relocation of computers (see section "General guidelines for relocation of computers" on page 46 );
traffic limit for IP ranges and IP subnets (see section "Traffic limit rules" on page 51 );
configuring the Virus outbreak event (see section "Virus outbreak event settings" on page 44 );
G
ENERAL
A
DMINISTRATION
S
ERVER SETTINGS
You can configure the general Administration Server settings on the General , Settings and Security tabs.
The General tab (see the figure below) contains the following information: name of the component (Administration Server) and the computer name within the Windows network on which this component is installed;
28
version number of the installed application.
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Figure 15. Viewing the Administration Server properties. The General tab
Viewing the Administration Server properties. The General tab
Clicking the Advanced link opens a window containing the following information (see the figure below):
Path to the shared folder used for storing application deployment files and the updates downloaded from the update source to the Administration Server. You can edit the path to the shared folder using the Modify button.
29
R E F E R E N C E G U I D E
The Administration Server operation statistics hyperlink is used to open the window which displays general statistics about the Administration Server.
Figure 16. Administration Server properties. The Advanced window
Use the Information about the Administration Server plug-in link to open the plug-in properties window
(see the figure below). This window displays the following information:
Name and full path to the plug-in file.
File version.
Information about the manufacturer ( Kaspersky Lab ) and copyright information.
30
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Date and time of the management plug-in file creation.
Figure 17. The properties of the application plug-in window
31
R E F E R E N C E G U I D E
Using the Information about the plug-ins installed for the application link, you can open a window that contains the list of plug-ins installed on the Administration Server (see the figure below). For each plug-in the application name and plug-in versions are provided. In this window you can view detailed information about the selected application management plug-in by clicking the Information button.
Figure 18. The list of application management plug-ins installed on the Administration Server
Clicking the Current database information link opens the current database properties window (see the figure below) containing the following data: name of the database server used; name of the database service use occurrence;
32
database name.
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Figure 19. Viewing information about the database
Clicking the Settings button in the Administration Servers hierarchy section opens the Administration
Server hierarchy configuration window (see the figure below). In this window you can:
Specify whether this Administration Server is a slave server by checking This Administration Server is a slave server in the server hierarchy box.
Specify the address and port of the master Administration Server in the Address field.
Specify or modify the path to the master Administration Server certificate using the Select button.
Set proxy server parameters to connect to the master Administration Server.
These settings cannot be modified if the current Administration Server policy does not have the option to
Allow hierarchy settings modification on slave servers checked.
33
R E F E R E N C E G U I D E
Figure 20. Configuring the slave Administration Server's connection to the master Administration Server
The Settings tab (see the figure below) contains the Administration Server settings. The Administration Server connection settings group of fields contains port numbers through which the following connections are established:
Connection to the Administration Server. The default port number is 14000 but if this port is in use, you can change it.
Secure connection to the Administration Server using SSL protocol. By default, port 13000 will be used.
Connection of mobile devices to the Administration Server. The default port number is 13292. To enable this port on the Administration Server, check the Open port for mobile devices box.
You can also use the corresponding field to specify the maximum number of events stored in the database on the Administration Server.
In the Computer visibility timeout (min) field of the Computer visibility on the network section, you can specify the time during which a client computer will be considered visible in the network after it was disconnected from the Administration Server. The default interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive.
34
These parameters can be redefined, if necessary.
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Figure 21. Viewing the Administration Server properties. The Settings tab
35
R E F E R E N C E G U I D E
The Security tab is used (see the figure below) to configure the rights to access the Administration Server (see section
"Granting rights to use a Server" on page 26 ).
Figure 22. Granting rights to access the Administration Server
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
View Configuring interface menu and check the box in the Display security settings tabs string.
36
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
E
VENT PROCESSING SETTINGS
The rules for handling runtime Administration Server events are displayed on the Events tab (see the figure below).
Figure 23. Viewing the Administration Server properties. The Events tab
For the Administration Server, as well as for other Kaspersky Lab applications managed via Kaspersky Administration
Kit, events can have one of the four severity levels: Critical event , Error , Warning , and Info .
According to the severity level, events are distributed in the following way:
Critical event :
The license restriction for this license has been exceeded. For example, the client computer on which the license is installed, exceeds the restriction on the number of computers specified in it.
Virus outbreak - virus activity in administration groups exceeds the preset limit.
Connection with client computer lost ( unable to establish connection with the Network Agent installed on the client computer).
Host status is Critical (a computer with settings matching the status Critical has been detected within the network).
Error :
No free space on hard drive - there is no free space on the disk where the Administration Server saves operational information.
37
R E F E R E N C E G U I D E
The shared folder is not available - the shared folder containing updates of the anti-virus database and application modules is unavailable.
The Administration Server information database is unavailable.
There is no space in the Administration Server information database.
An error occurred while copying updates to the specified folder.
Warning :
License restriction for the key is exceeded.
The computer has remained inactive in the network for too long.
Conflict of computer names - the uniqueness of client names within one hierarchical level is violated.
Volumes are almost full - little or no free space is left on the hard drives.
There is little free space in the Administration Server information database.
Host status is Warning (a computer with settings matching the Warning status has been detected within the network).
Disconnected from the master Administration Server.
Disconnected from the slave Administration Server.
Incompatible application was installed.
Info .
The number of clients using the license is over 90% of the maximum number allowed in the license.
New computer is found - network polling has found a new client.
Client computer was automatically added to group - a new client has been automatically included in a group in accordance with the Unassigned computers group settings.
This client computer has been inactive for too long and is removed from the group.
Connection to the slave Administration Server is established.
Connection to the master Administration Server is established.
Monitored application from the applications registry has been installed.
Updates are copied successfully to the specified folder.
Audit: Connection to the Administration Server.
Audit: Object modified.
Audit: Object status modified.
Audit: Group settings modified.
Event handling rules are defined separately for each severity level.
1. Select the event importance level from the drop-down list: Critical , Error , Warning or Info .
38
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
2. Events corresponding to the selected severity level will be displayed in the table below. The list of events is specific to each application. For more information about events, see the application documentation. Select the types of events to be recorded using the Shift and Ctrl keys on your keyboard. Click the Select All button to select all event types.
3. Then click the Properties button for the selected event types.
4. To record event information in event logs, check the following boxes in the Event registration section
(see the figure below):
On Administration Server for (days) box to make the Administration Server log application events that occur on all clients in the group in a centralized manner. In the field on the right, specify the number of days during which the server will store information. When the specified period has elapsed, the entry corresponding to this event will be deleted.
You can view event logs stored on the Administration Server through the Administration Console on the administrator workstation. Such information is shown in the Events folder of the console tree.
In the event log on client computer to save information about events locally in the Windows Event Log of each client computer.
In the event log on Administration Server to enable centralized logging of all application events on all clients in this group in the specified Administration Server's Windows Event Log.
The information in Windows event logs can be viewed using Displays client computer events , a standard
Windows event management tool.
Figure 24. Editing event properties
5. To enable notification about selected events, specify the notification methods by checking appropriate columns in the Event notification section:
Notify by email ;
39
R E F E R E N C E G U I D E
Notify through NET SEND ;
Notification using NET SEND is not available in Microsoft Windows Vista and later versions.
Notify by running executable or script ;
Notify via SNMP .
Notify via SNMP is configured directly in the application working with SNMP.
To configure notifications, use the Settings link and in the window that opens (see the figure below) define the settings.
Figure 25. Configuring event notifications
In the upper part of the window select the notification method that you wish to modify. If the Use Administration Server settings box is checked, the values specified on the Notification tab under the Administration Server properties are used by default. To modify notification settings, uncheck the Use Administration Server settings box and select one of the following items from the drop-down list:
Email (see the figure above). In this case enter the following data:
In the Recipient field, specify the email address of the notification recipient. Several addresses may be entered as a list separated by commas or semicolons.
In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows network name can be used);
40
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
In the SMTP server port field, specify the SMTP server connection port number (the default is port 25); the sender and subject for the message that will be delivered as a notification. To do this, press the
Properties button and in the window that opens (see the figure below), fill in the Subject field. In the lower entry field, specify the email address which will be used as a sender's address. In the same window, enter
User name , Password , and Confirm password in the relevant fields if ESMTP authorization is being used.
Figure 26. Configuring notification settings. Specifying the Sender and Subject
41
R E F E R E N C E G U I D E
NET SEND (see the figure below). Under this option, use the field below to enter recipient host addresses for network notifications. An IP address or a Windows network name may also be used. Several addresses may be entered as a list separated by commas or semicolons. For successful notification, a messaging service
(Messenger) must be installed on the Administration Server and on all recipient computers.
Figure 27. Configuring notifications. Notification using NET SEND
Executable file to run (see the figure below). Under this option, use the Select button to select an executable module to run when an event occurs.
42
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Executable environment variable names are the same as the names of placeholders used to create the message text (see below).
Figure 28. Configuring notifications. Notification using executable files
Enter the message which will be delivered as notification in the Notification message section at the bottom of the window (see the figure above). If the Use Administration Server settings box is checked, the message text specified on the Notification tab of the Administration Server settings will be used by default. To modify the message, uncheck the Use Administration Server settings box and enter a new message.
The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button .
Event severity ;
From computer ;
Domain ;
Event ;
Event description ;
Time raised ;
Task name ;
Application ;
43
R E F E R E N C E G U I D E
Version number ;
IP-address ;
IP address of the connection .
To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed in it.
Figure 29. Configuring notification settings. Sending a test notification
V
IRUS OUTBREAK EVENT PARAMETERS
On the Virus outbreak tab (see the figure below) you can set the maximum number of viruses found within a certain time interval after which new detected virus instances will be considered a Virus outbreak event. This property is important during periods of virus outbreaks since it enables administrators to react in a timely manner to virus attack threats.
Check the desired application types:
Anti-virus for workstations and file servers ;
Perimeter defense anti-virus ;
Mail system anti-virus .
Set the virus activity threshold for each application type which when exceeded will trigger a Virus outbreak event:
In the Viruses field
– the number of viruses found within by the applications of that type.
44
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
In the in (min) field
– time during which the specified number of viruses was detected.
Figure 30. Viewing the Administration Server properties. The Virus outbreak tab
45
R E F E R E N C E G U I D E
Click the Configure policies to activate on "Virus outbreak" event link to open the Policy activation window (see the figure below), and create a list of policies to be used by applications as active policies on "Virus outbreak" event in administration groups. To do this, use the Add or Delete buttons.
Figure 31. Configuring policies to activate on virus outbreak
G
ENERAL GUIDELINES FOR RELOCATION OF COMPUTERS
You can use the Computer relocation tab (see the figure below) to specify the rules for relocation of network computers to specified administration groups.
46
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
The order of rules in the Computer relocation rule list section determines a rule's application priority. To delete or move a rule in the list, use the corresponding buttons to the right.
Figure 32. The Administration Server properties window. The Computer relocation tab
To review or modify the settings of an existing rule, click the Properties button.
47
R E F E R E N C E G U I D E
To add a rule, press the Add button. Use the displayed window (see the figure below) to enter the following rule settings:
Figure 33. The properties window of a rule for computer relocation. The General tab
On the General tab specify the following settings: name of the rule; group to which computers will be moved in accordance with the rule; rule application order:
Run once for each computer , if the rule must be applied to each host only once.
Run once for each computer then at every Network Agent install on computer .
Rule works permanently .
On this tab check the following boxes:
Move only computers not added to administration groups – if computers already included in administration groups must not be relocated to other groups in accordance with the rule;
Enable rule – to apply the rule during the operation.
Use the Network tab to specify the criteria that a computer must comply with to be relocated to the selected administration group:
Computer name in the Windows network .
48
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
Domain .
Computer domain name .
DNS domain .
If a computer IP address must be within a certain IP range, check the IP address range box and specify the upper and lower values of the range.
If IP address to connect to server is considered while the computer is running, check the corresponding box and specify the upper and lower values of the range, which must include the connection IP address.
Check the Computer is in IP subnet box and press the Select button to specify the IP subnet to which the host must belong. IP-ranges are selected from the list of ranges contained in the Unassigned computers folder of the console tree.
Use the Active Directory tab to perform the following actions:
If a computer must belong to a specific Active Directory unit, check the Computer is located in Active
Directory organization unit box and press the Select button to select the Active Directory group. Active
Directory organization units are selected from the list of groups displayed in the Unassigned computers folder.
To process computers included in nested organization units, check the Computer is member of Active
Directory group box.
Use the Applications tab to select the following from the drop-down lists: criteria of the presence of the Network Agent running on the computer: Installed or Not installed ; version of the operating system that must be installed on the computer.
For criteria, which should not be considered in a rule, uncheck their corresponding boxes and leave their fields empty.
A host will be moved to an administration group if it matches all the criteria defined in a rule.
To apply created rules, press OK .
If you wish to forcibly apply the rule, irrespective of the applied rules, select the necessary rule and press the Force button.
If several rules described above apply to the same computer, the top priority will belong to the Active Directory group rule, then the rule for IP subnets will follow, and then the domain rule.
C
ONFIGURING
I
NTEGRATION WITH
C
ISCO
N
ETWORK
A
DMISSION
C
ONTROL
(NAC)
Kaspersky Administration Kit allows the administrator to associate the conditions of computer anti-virus protection and the security statuses assigned by Cisco Network Admission Control (NAC).
To configure a mapping between Cisco NAC statuses and anti-virus protection conditions:
1. Select the Administration Server in the console tree and select Properties from its context menu. This will open the Server settings configuration window. Switch to the Cisco NAC tab (see the figure below).
49
R E F E R E N C E G U I D E
This tab does not appear if the Kaspersky Lab Cisco NAC Posture Validation Server component was not installed together with the Administration Server (for details please refer to the Kaspersky Administration Kit
Implementation Guide).
Figure 34. Viewing the Administration Server properties. The Cisco NAC tab
2. Select a Cisco NAC host state from the drop-down list: Healthy , Checkup , Quarantine or Infected .
3. Check the necessary boxes in the table below to select the anti-virus protection conditions that are mapped to the above statuses. If necessary, change the threshold values for conditions.
The Healthy status is only assigned if all the selected conditions are met; the Checkup , Quarantine or Infected statuses apply if at least one of the selected conditions is fulfilled. Threshold values may be modified for some conditions. Select a condition in the Condition column and use the Modify button to open an editing window
(see the figure below).
Figure 35. The Edit condition window
50
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
4. Use the PVS port number field to set the Posture Validation Server port used for communication with the Cisco server. The default port number is 18000.
5. Click Apply or OK to complete the configuration.
T
RAFFIC LIMIT RULES
To decrease the network load, you can restrict the rate of data transfer to an Administration Server for individual IP subnets and IP ranges. Maximum allowed data transfer rates and the interval for which they should apply are specified in rules. The rules are listed in the Traffic tab of the Administration Server properties window.
To add a rule, press the Add button and use the displayed window to specify its parameters:
1. In the IP address range to limit traffic section select the method used to define a subnet or range:
Specify range as address and network mask and enter the subnet parameters in the Subnet address and Subnet mask fields.
Specify IP range as start and end addresses and enter the range boundaries in the Start and End fields.
2. In the Traffic limit section specify the following data:
Borders of the time interval during which the traffic limitation will be enabled in the Time period field.
Maximum value of the data transfer rate for information upload to Administration Server in the Limit (KB/s) ; the limitation will be enabled during the time interval specified in the Time period field.
Maximum value of the data transfer rate during time other than the period defined in the Traffic limit the remainder of the time (KB/s) field, if traffic intensity must be restricted all the time.
When the rule settings have been edited, the rule appears in the list. The name of the rule is generated automatically based on the data that defines the range of IP addresses.
If the limits of the IP range, addresses or subnet mask in the rule properties are modified, the rule name in the list changes in accordance with the new values.
To delete a rule, select it in the list and press the Remove button.
To view or modify the settings of an existing rule, select it in the list and press the Properties button.
S
LAVE
A
DMINISTRATION
S
ERVERS
Administration Servers can be arranged a "master server
– slave server" type hierarchy. Each Administration Server can have several slave Servers on the same or different nesting levels of the hierarchy. The nesting level for slave servers is not limited. The administration groups of the master Server will then include the client computers of all slave Servers.
Thus, isolated and independent sections of computer networks can be controlled by different Administration Servers which are in turn managed by the master Server.
A
DDING A SLAVE
S
ERVER
To add a slave Administration Server:
1. Select in the administration group the Administration Servers node, open the context menu and select the
New Administration Server command. A wizard will start. Follow the wizard's instructions.
51
R E F E R E N C E G U I D E
2. Specify the network address of the slave Administration Server. In this case, the master Administration Server will connect to the slave Server and transfer all properties, including the network address of the Master
Administration Server and certificate of the Master Administration Server.
3. In the next window of the wizard, specify the name of the slave Administration Server. The new Administration
Server will be displayed under this name in the administration group. The name must be unique within one level of the hierarchy.
If you specified the Server address during the previous step, the Slave Administration Server display name field will contain the following value: Administration Server <computer name> , where <computer name> stands for the name of the host specified in the address, which must be added as a slave Server.
4. If you have not defined the slave Administration Server address earlier, use the Select button to specify the path to the Administration Server certificate.
5. If you have previously specified the slave Server's address, specify the settings for connecting the slave
Administration Server to the master Server.
Specify the address of the master Administration Server. You can use either its IP address or the computer's name in the Windows network as the computer's address.
If a proxy server is used for connection, configure the connection settings in the Proxy server settings group of fields.
Check the Use proxy server box. Enter the proxy server address in the Address field. Fill in the fields
User name , Password and Confirm password if user authentication is required to access the proxy server.
If the address of the slave server has not been specified, this step will be skipped.
6. Please wait until the following operations have been completed:
Connection of the Administration Console to the slave Server.
Information about the slave Server is added to the master Administration Server's database.
If you have defined the slave Administration Server address earlier, enter in the displayed prompt the information of an account (user name and password) that is authorized to connect to the computer, which you plan to use as a slave Server.
The settings used to connect the slave Administration Server to the master Server are configured.
If the slave Server's address has not been specified, you will have to perform the following actions manually after the wizard completes: connect the Administration Console to the slave Server; configure the connection between the slave Administration Server and the master Server.
7. Press the Next button. The progress of the action will be displayed in the wizard window. If errors occur, an error message will be displayed.
8. In the last wizard window press the Finish button.
When the wizard completes, the master Administration Server will add information about the slave Server to its database. The icon and the name of the slave Server will appear in the Administration Servers folder within the corresponding administration group.
52
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
C
ONFIGURING THE CONNECTION OF THE SLAVE
S
ERVER TO THE
MASTER
S
ERVER
To configure the connection of a slave Server to the master Administration Server:
2. Select the Administration Server and use the Properties command of the context menu to open its properties window.
3. In the Administration Server <computer name> Properties window that opens, on the General tab, click on the Advanced link. In the window that opens press the Settings button in the Administration Servers hierarchy section.
4. In the next Master Administration Server settings window that opens (see the figure below), check the box
This Administration Server is a slave server in the server hierarchy .
Then in the block of parameters below specify:
Address of the master Administration Server. You can use either its IP address or the computer's name in the Windows network as the computer's address.
Certificate of the Master Administration Server. The path to the certificate file can be specified using the
Select button.
If you are connecting via a proxy server, check the Use proxy server box. Enter the address for connecting to the proxy server in the Address field. Fill in the fields User name , Password and Confirm password if user authentication is required to access the proxy server.
5. To confirm the settings, press the OK or Apply button.
53
R E F E R E N C E G U I D E
As a result, the slave Administration Server will connect to the master Server and will receive from it all the policies and tasks for the group to which the slave Server now belongs. You can then connect to the slave Server via the master
Server from the Administration Server node.
Figure 36. Configuring the slave Administration Server's connection to the master Administration Server
V
IEWING ADMINISTRATION GROUPS OF A SLAVE
A
DMINISTRATION
S
ERVER
To view the administration groups of a slave Administration Server via the master Server, connect the Console to the slave server:
1. In the console tree of the master Administration Server, select the Administration Servers node in the folder of the required group.
2. In the Administration Servers node select the required slave Server.
3. Open the context menu and select the Connect to Administration Server command.
The Administration console will reflect the structure of the administration groups of the slave Administration Server. Then
The slave Administration Server inherits from the master Server all the group tasks and policies of the group to which it belongs. Inherited policies and tasks are indicated on the slave Server as follows:
The icon will be displayed next to the names of the policy inherited from the master Administration server
(the regular policy icon is ).
54
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
The settings of the inherited policy will not be accessible for changes on the slave Server on shut down.
The settings that are specified as not modifiable in the inherited policy are indicated by the "locked" icon in all application policies on the slave Server, and use values specified in the inherited policy.
Values of the settings that are not "locked" in the inherited policy are indicated by the "unlocked" icon ( ). If the setting is specified as modifiable in the slave Server policy, it can be changed in the application settings (see
section "Viewing and configuring policy settings" on page 77
) and task settings (see section "Viewing and changing task settings" on page 112 ).
The icon will be displayed next to the names of group tasks inherited from the master Administration server
(the regular task icon is ).
The policies and tasks received by the slave Administration Server from the master Administration Server cannot be modified.
The Administration Server tasks and the tasks for specific computers are not transferred to slave Servers.
To manage a slave Administration Server via the Console of the master Server, add a computer on which the slave Administration Server is installed to the console tree as a new Server (see
section "Adding a slave Server" on page 51 ), and switch to the node corresponding to this Server.
C
ONNECTING TO THE
A
DMINISTRATION
S
ERVER VIA
I
NTERNET
To connect to an Administration Server via Internet, the following requirements should be satisfied:
The Administration Server in the main office should have an external IP address, and the incoming ports 13000 and 14000 should be open on it.
The external IP address of the master Administration Server should be specified during the installation of the
Network Agent to remote office computers. If an installation package is used for installation, the external IP address is specified manually in the properties of this package on the Settings tab.
The Network Agent should be installed on remote office computers first.
To manage applications and tasks of a client computer, the administrator should go to the properties of this computer and on the General tab check the box in the Do not disconnect from the Administration Server .
After the box is checked, wait till Administration Server syncs with a remote client computer. This box can be checked simultaneously for up to 100 client computers.
To speed up tasks on the client computer, open the 15000 port. In such case, to start a task the Administration
Server sends a special package to the Network Agent by 15000 port. The Administration Server does not require a syncronization with a client computer.
55
MANAGING ADMINISTRATION GROUPS
The Administration Server and the hosts in the corporate network (client computers) interact using the Network Agent.
This component must be installed on all computers running the Kaspersky Lab applications managed via Kaspersky
Administration Kit.
Client computers may be combined into administration groups (groups) in accordance with the corporate structure. The following settings can be defined for client computers within a single group: common application settings (through policies); common operation mode of the applications (through creation of group tasks).
The administrator can create a hierarchy of Servers and groups with any nesting level if that can simplify the management of installed applications. A single hierarchy level can include slave Administration Servers, groups and client computers.
I N THIS SECTION
A
DDING
,
MOVING AND DELETING A GROUP
To create a group:
1. In the console tree, open the Managed computers folder.
2. Select the folder corresponding to the group which should include the new group. If you create a group at the highest hierarchy level, select the Managed computers folder.
3. Open the context menu and use the New Group command or the Create a subgroup link in the task pane.
4. Enter the group name in the window that opens (see the figure below) and click the OK button.
56
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
A new subfolder with the specified name will appear in the Managed computers folder in the console tree. This new folder will automatically contain the following nested folders: Policies , Group tasks , Administration Servers , and
Client computers . They will be filled during the definition of group policies, the creation of group tasks and the addition of slave Administration Servers.
Figure 37. Creating a group
To change a group name, select the required policy in the console tree, open its context menu and choose the Properties command or use the Group properties link in the task pane. In the <Group name> Properties window that opens, rename the group using the Genera l tab (see the figure below).
You cannot rename the Managed computers folder because it is an in-built element of the Administration Console.
Figure 38. Viewing the group properties. The General tab
57
R E F E R E N C E G U I D E
To move a group to another folder of the console tree: select the folder to move and use the standard Cut or Paste commands of the context menu or drag it with the mouse.
To delete a group: select the group folder in the console tree and use the Delete command.
A group can only be deleted if it does not contain slave Servers, nested groups or client computers.
C
REATING THE STRUCTURE OF ADMINISTRATION GROUPS
Kaspersky Administration Kit can create a structure of administration groups based on:
Active Directory (see section "Group structure based on Active Directory" on page 61 ).
If for some reason a computer is not registered in the Unassigned computers group during the creation of a group structure (if it is turned off or disconnected from the network), it will not be added to the corporate network. You can do this later manually.
Creating a group structure using the wizard does not disturb network integrity: new groups are added, but do not replace the existing groups. A client computer that has already been assigned to an existing group will not be added again because the Unassigned computers group displays computers that are not included in the network.
58
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
T
HE STRUCTURE OF GROUPS BASED ON THE
W
INDOWS NETWORK
DOMAINS AND WORKGROUPS
To create a structure of administration groups based on the Windows network domains and workgroups:
1. Open the context menu of the Managed computers folder and select All tasks ® Create groups structure. This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 39. Group structure creation wizard
2. In the window that opens, select Microsoft Windows Domains and Workgroups (see the figure below).
59
R E F E R E N C E G U I D E
The group structure will be created based on the information about the structure of Windows network domains obtained during the last network polling and the Unassigned computers presented in the group. Press the Next button.
Figure 40. Determining the group creation method
3. In the following window select the group and press the Browse button located next to the Target group field.
This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such a group does not exist, click the
New group folder to create a new group. The specified group is created in the Managed computers group.
Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
60
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
G
ROUP STRUCTURE BASED ON
A
CTIVE
D
IRECTORY
To create a structure of administration groups based on Active Directory:
1. Open the context menu of the Managed computers folder and select All tasks Create groups structure .
This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 41. Group structure creation wizard
2. In the window that opens, select Active Directory (see the figure below).
61
R E F E R E N C E G U I D E
The group structure will be created based on the information about the network structure of Active Directory units obtained during the last polling of the network and the Unassigned computers presented in the group.
Press the Next button.
Figure 42. Determining the group creation method
3. In the following window select the group and press the Browse button located next to the Target group field.
This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such a group does not exist, click the
New group folder to create a new group. The specified group is created in the Managed computers group.
Select the source Active Directory organization unit by clicking the Browse button located next to the Source
Active Directory organization unit field. Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
62
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
G
ROUP STRUCTURE BASED ON THE CONTENT OF THE TEXT FILE
To create a group structure based on the content of the text file:
1. Open the context menu of the Managed computers folder and select All tasks Create groups structure .
This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 43. Group structure creation wizard
2. In the window that opens, select the Text file item (see the figure below).
63
R E F E R E N C E G U I D E
The group structure will be created in accordance with the text file created by the administrator. If you select this option, during the next step of the wizard select a group to which the nested subgroups would be added and specify the text file containing the group structure.
Figure 44. Determining the group creation method
3. In the next window:
Select a group and press the Browse button located next to the Target group field. This will open a window that contains a hierarchy of groups created for the Administration Server. To select a group from the existing groups, open the Managed computers folder. If such a group does not exist, click the New group folder to create a new group. The specified group is created in the Managed computers group.
Example :
Office 1
Specify the file based on which the hierarchy will be created for the group specified using the Target group field. To do this, click the Browse button located next to the Text file with group names field, and select the text file created earlier according to the following rules:
The name of each new group must begin with a new line, using a line break as a delimiter. Blank lines will be ignored during the creation of the file.
Office 2
Office 3
Three groups of the first hierarchy level will be created in the target group.
The name of the nested group should be entered using a slash (/).
Example :
Office 1/Division 1/Department 1/Group 1
64
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
Four subgroups nested into each other will be created in the target group.
In order to create several nested groups of the same hierarchy level, you should specify the "full path to the group".
Example :
Office 1/Division 1/Department 1
Office 1/Division 2/Department 1
Office 1/Division 3/Department 1
Office 1/Division 4/Department 1
One group of first hierarchy level Office 1 will be created in the destination group; this group will include four nested groups of the same hierarchy level "Division 1", "Division 2", "Division 3", and "Division 4". Each of these groups will include one more group - "Department 1".
Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
V
IEWING INFORMATION ABOUT A GROUP
To view information about the structure of a group:
1. Open the Managed computers folder.
2. Select the folder with the name of the required group.
A list of objects included in this group will be displayed in the results pane. You can also expand the corresponding branch of the console tree.
To view information about group policies, select the Policies folder.
If policies have been defined for the group, they will be displayed in the console tree, otherwise the folder will be empty.
To view information about group tasks, select the Group tasks folder.
If tasks have been defined for the group, they will be displayed in the console tree, otherwise the folder will be empty.
To work with slave Administration Servers, select the Administration Servers folder.
To work with clusters and arrays of servers, select the Clusters and server arrays folder. This folder will be displayed in the console tree only if the cluster is included in the corporate network.
The items listed above depend on the user interface settings.
To view the list of client computers, select the Client computers folder. The list of client computers will be displayed in the results pane.
Information in the Kaspersky Administration Kit results pane (for example, computer statuses, statistics or reports) is not refreshed automatically. You can refresh information in the results pane by one of the three following methods: by pressing the F5 key, by selecting the Refresh item from the context menu or by clicking the button on the toolbar.
65
R E F E R E N C E G U I D E
V
IEWING AND CHANGING GROUP SETTINGS
To view or change group settings:
1. Open the Managed computers group in the console tree.
2. Select the necessary group.
3. Open the context menu.
4. Select the Properties command.
This will open the group properties window that contains a set of tabs, which you can use to view and change the security options and the settings for communication with client computers; establish the procedure for interaction with the
Administration Server, and specify the set of conditions determining the computer status.
To open the group properties window, you can also click the Group properties link in the task pane.
G
ENERAL SETTINGS
You can view and edit the group name on the General tab (see the figure below): The name must be unique within one level of the folder or group hierarchy.
You cannot rename the Managed computers folder because it is an in-built element of the Administration Console.
This tab also displays the following information:
Parent group : the name of the group that includes this group. For the groups at the highest hierarchy level this field contains the name of the Administration Server associated with this group.
Contains : statistics on the group structure – the number of nested groups and total number of client computers, including client computers in nested groups.
Created : the date when the group was created.
Modified : the date when the name or attributes of the group were last modified. If the group name and group properties have not been modified since their creation, the value is <Unknown>.
66
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
The Reset button in the Detected virus counter section allows you to clear the counter of detected viruses for all client computers in a group.
Figure 45. Viewing the group properties. The General tab
67
R E F E R E N C E G U I D E
G
RANTING RIGHTS TO WORK WITH A GROUP
The Security tab (see the figure below) is intended for configuration of access to an administration group.
Figure 46. Granting rights to access the Administration Group
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
View Configuring interface menu and check the box in the Display security settings tabs string.
configure individual access rights for an administration group that are different from those specified in the Administration
Server settings, uncheck the Inherit box.
The upper part of the tab displays a list of users and user groups that have access to the Administration Server. The lower part contains the list of possible permissions:
All – includes all permissions (see below).
Reading
– viewing Kaspersky Administration Kit objects' properties without a permission to perform operations, create new objects or modify the existing ones.
Writing
– changing Kaspersky Administration Kit object properties, as well as creating new objects without a right to perform operations upon objects.
Running
– performing operations on Kaspersky Administration Kit objects without a right to create new objects or modify the existing ones.
68
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
Modify access privileges
– granting to users, and groups of users, access rights to the functionality of
Kaspersky Administration Kit.
Edit event log settings .
Edit notification settings .
Remote install of Kaspersky Lab applications .
Remote install of external applications – preparation of installation packages and remote install of third-party applications and Kaspersky Lab applications to the client computers.
Edit Administration Server hierarchy settings .
Save network lists content – copy files from backup, quarantine and unprocessed files from client computers to a computer where the Administration Console is installed.
Create tunnels – creating a tunneling connection between the computer where the Administration Console is installed and a client computer.
To assign the rights for working with a group:
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
You can add a new group or a new user, using the Add button. You can only add groups of users and users that are registered on the computer with the Administration Console installed.
To remove a group or a user, select an object from the list and click the Remove button.
The group of Kaspersky Administration Kit administrators ( KLAdmins ) cannot be removed.
Click the Apply or OK button to apply the settings.
C
ONDITIONS THAT DETERMINE COMPUTER STATUS
Use the Computer status properties window of the Administration Server's policy (see the figure below) to specify criteria for determining whether a client computer will be assigned one of the statuses, Critical or Warning . If the client computer does not match any of the conditions listed, it will be assigned the status OK .
Threshold values may be modified for some conditions. To change the value, double click a condition in the Condition column to open the editing window.
69
R E F E R E N C E G U I D E
For example, you can specify the maximum number of days during which the client computer has not connected to the
Administration Server. After this period, the computer will be assigned the status Critical .
Figure 47. Configuring the client computer's status diagnostics
If the computer status is OK , then an icon will be displayed next to its name, for example in the task pane of the main application window. If the computer has the status Warning , an amber icon will be displayed. If the computer status has the status Critical , a red icon will be displayed.
The criteria for determining the status of the client computer are defined in the settings at the level of the parent group, and are inherited by all administration groups. To configure individual criteria for a group, uncheck the Inherit box and configure the settings (for the top hierarchy level the Inherit box is inactive).
Clicking the link Computer visibility on the network opens the Computer visibility window. In the Computer visibility timeout (min) field of the window that opens, you can specify the time during which a client computer will be considered visible in the network after it was disconnected from the Administration Server. The default interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive. If necessary, you can
Administration Server policy" on page 88 ).
M
ONITORING OF CLIENT COMPUTER ACTIVITY
Use the Client computers properties window of the administration group (see the figure below) to specify the following parameters:
The Client computer activity in the network section specifies how the Administration Server reacts to the inactivity of client computers of this group:
70
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
If you wish the Kaspersky Administration Kit administrator to be notified after a period of inactivity, check the Notify the administrator if the computer is not active for longer than (days) box and specify the number of days in the field to the right of the box. When the period expires, the Administration Server will perform the necessary actions.
Notification shall be performed in accordance with the settings specified in the properties of the
If you want inactive client computers to be deleted from the group, check the Delete the computer from the group if it is not active for longer than (days) box and specify the number of days in the field to the right of the box. Once the specified period has expired, the client computer will be automatically deleted from the group and moved to the Unassigned computers group.
Figure 48. The group properties window. The Client computers tab
Specify the settings for inheriting values, specified on this tab:
Inherit from parent group
–to ensure that the specified values are inherited from the group of the previous hierarchy level. If this box is checked, the settings on the tab cannot be changed.
Force inheritance in child groups
– to ensure that the specified values are distributed to subgroups. If this box is checked, in the child groups properties the settings specified on the tab will be locked for modification.
71
R E F E R E N C E G U I D E
A
UTOMATIC INSTALLATION OF APPLICATIONS ON CLIENT
COMPUTERS
On the Automatic installation tab you can specify which installation packages should be used for automatic remote installation of Kaspersky Lab applications to client computers that have recently been added to the group. If a package is used, the box corresponding to its name is selected. To prevent automatic deployment of an application, uncheck its box next to the name of the corresponding installation package. By default, no software is automatically installed. For all installation packages for which boxes are checked, remote deployment group tasks under the name Installation <Name of the selected installation package> will be created. You can run these tasks manually.
To automatically install Kaspersky Lab applications on new computers running the Microsoft Windows 98 / ME operating systems, install the Network Agent on these computers in advance.
Figure 49. The group properties window. The Automatic installation tab
If some installation packages of one application were selected for automatic installation, the installation task will be created for the most recent application version only.
72
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
C
REATING THE LIST OF
U
PDATE
A
GENTS
The Update Agents
tab (see the figure below) is used to create a list of computers (see section "Creating the list of
installation packages and group tasks and policies.
Figure 50. Creating the list of Update Agents
73
REMOTE MANAGEMENT OF APPLICATIONS
Kaspersky Administration Kit enables remote management of the applications installed on the computers within administration groups and corporate networks. The applications are managed via: the creation of policies regulating the configuration of operation settings for the applications installed on client computers; creation and launch of tasks
(see section " Managing tasks " on page 96 ), designed for administration groups, the
Administration Server or selected computers; configuration of local settings for the applications installed on individual network computers.
I N THIS SECTION
M
ANAGING POLICIES
Application settings on client computers are centrally configured through definition of policies.
Policies created for applications within a group appear in the corresponding folder of the console tree. The name of each
C
REATING A POLICY
To create a policy for a group:
1. In the console tree, select a group for which you wish to create a policy. In this group folder, select the Policies folder and select the New Policy command on the context menu or click the Create a policy link in the task pane. A wizard will start. Follow the wizard's instructions.
Use the links Create a policy for Kaspersky Anti-Virus for Windows Workstations and Create a policy for
Kaspersky Anti-Virus for Windows Servers in the task pane to create the policies for the corresponding applications. You will then not have to specify the application in the policy configuration wizard.
2. You must specify the policy name and select the application for which this policy is being created.
The policy name is assigned in a standard manner. If a policy with this name already exists, the (1) suffix will be automatically added to the end of the name of the new policy.
74
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Select an application from the drop-down list (see the figure below). The drop-down list includes all applications that have their administration plug-ins installed on the administrator's workstation.
Figure 51. Selecting an application for policy creation
3. Use the displayed window (see the figure below) to specify the policy status. Select one of the following:
Active policy . The policy being created will be used as the application's current policy.
Inactive policy . The policy will be saved in the Policies folder. If required, it can be activated (see section
"Activating a policy" on page 82 ).
Mobile user policy . This policy will be applied after you disconnect the computer from the corporate network. This type of policy is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP3 and later.
75
R E F E R E N C E G U I D E
Several policies can be created in a group for one application, but only one policy can be active. Activating a new policy makes the previously active policy inactive.
Figure 52. Policy creation wizard. Activating the policy
4. Then, you must specify the general settings for the policy and edit settings for the selected application
(see the figure below). You can lock policy settings for nested groups, application settings, or task settings.
Policy settings that can be locked are marked with the icon . To lock a setting, click this icon. The icon will change to .
A policy has a higher priority compared with the local settings only if it prohibits modification of parameters (are locked ).
When creating a policy, you can specify a minimum set of parameters required for application to run. All other settings are set to the default values applied during the local installation of the application. You can modify the
policy by editing it (see section "Viewing and configuring policy settings" on page 77 ).
76
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
For details on configuring policy settings for the applications, please refer to their corresponding documentation.
Figure 53. Creating a policy for Kaspersky Anti-Virus for Windows Workstations
5. In the last wizard window press the Finish button.
Once a policy is created, the parameters which may not be modified are applied on clients for which the policy was created (are "locked" ).
D
ISPLAYING INHERITED POLICY IN THE NESTED GROUP RESULTS
PANE
To display inherited policies in the Policies folder of a child group:
1. Select the Policies folder of a nested group in the console tree.
2. Open the context menu, select View , and check the Inherited policies box.
This will display inherited policies in the console tree with the icon . You can view the inherited policies properties.
While policy inheritance is enabled, inherited policies can only be edited within the group under which they were created.
V
IEWING AND CONFIGURING POLICY SETTINGS
To view group settings or modify them:
1. In the console tree, open the Policies folder of the administration group that you wish to configure.
2. Select the necessary policy.
77
R E F E R E N C E G U I D E
3. Open the context menu and choose the Properties command.
To navigate quickly to the policy properties, select it in the console tree and use the Edit policy link in the Actions section of the task pane.
This will open the <Policy name> properties window with several tabs in which you can configure a policy for an application. The contents of the tabs are specific to each application, and their description is provided in the documentation for the applications. The General , Events policy configuration tabs are common for all applications.
The General tab (see the figure below) contains the following policy information: policy name; the application for which the policy is created (for example, Kaspersky Administration Kit); policy creation date and time; date and time of the last policy modification; policy status; information about the results of policy enforcement.
You can use the tab to: change the policy name;
Figure 54. The policy properties window
78
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S view the results of policy enforcement; access and configure the additional settings by clicking the Advanced link.
The Enforcing the policy on the client computers section also contains reference information about the results of policy application on the client computers within the selected group, indicating the number of computers: for which the policy was defined; where the policy was enforced; where the policy enforcement failed.
To update the information about the results of policy enforcement, press the Refresh button.
Detailed information about the results of policy enforcement on each client is available in the window (see the figure below) accessed by pressing the Details button. The window displays a table that has the following columns:
Computer
– client name.
Domain – name of the domain to which the client belongs.
Status
– the policy status, which may have one of the following values:
Modified – settings for this policy have been changed on the Administration Server, but they were not yet synchronized with the client computer;
Finished – the policy for an application on this computer has been successfully applied;
Pending – the policy for an application on this computer has not been applied yet;
Failed – the policy for an application on this computer has failed (the computer was turned off, disconnected, the application did not run, or was not installed, etc.).
79
R E F E R E N C E G U I D E
Date
– date and time when the event occurred.
Figure 55. Information about policy enforcement on clients of one group
Local parameters are modified automatically based on the settings selected when a policy is first applied on a client computer.
After a policy is deleted or revoked, the application will continue working with the settings specified in the policy. The settings may subsequently be modified manually.
Applying a policy to a large number of clients will significantly increase the load on the Administration Server and the amount of network traffic.
To access and configure the additional policy settings, click the Advanced link.
To define policy status, in the window that opens (see the figure below) in the Policy status section, select one of the following options:
Active policy ;
Mobile user policy ;
Inactive policy .
To enable inheritance, i.e. prohibit modification of "locked" policy settings in the configuration of child policies, check the
Inherit settings from parent policy box. To disable inheritance, uncheck the Inherit settings from parent policy box.
To force inheritance of settings in child policies, enable the checkbox next to the corresponding item. After changes in a policy are applied, the following steps will be performed: specified values will be distributed to the policies of nested administration groups, i.e. to the child policies; the Inherit settings from parent policy box will be checked in child policies;
80
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S the values of the settings in child policies will remain "locked" until the Force inheritance of settings in child policies box is checked.
Figure 56. Configuring additional policy settings
The Events tab (see the figure below) represents the information on events that are fixed in the application operation.
The event types are divided into three groups according to their severity level.
Figure 57. Editing a policy. The Events tab
81
R E F E R E N C E G U I D E
Immediately after the policy has been created, the values on the Events tab will match the default application settings.
The settings are specific to each Kaspersky Lab application, and more information about them is available in user guides for each application. If necessary, you can change the policy settings.
Configure the Events tab properties in the policy settings similarly to the Events tab settings in the Administration Server
properties (see section "General Administration Server settings" on page 28 ).
A
CTIVATING A POLICY
For the policy to become active:
1. Select the required policy in the console tree.
2. Open the context menu and select the Properties command or use the Edit policy link in the Actions section of the task pane.
3. Select the General tab (see the figure below) in the <Policy name> Properties application policy configuration window.
4. Click the Advanced link to open the advanced settings window. In the Policy status section select Active policy .
To deactivate a policy, select Inactive policy .
To change the policy status quickly, use the Active policy and Inactive policy links in the task pane of the selected policy.
Figure 58. The policy properties window
82
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
A
CTIVATING A POLICY BASED ON AN EVENT
To activate a policy automatically when a Virus outbreak event occurs, in the Administration Server settings configured on the Virus outbreak the policy must be included in the
If you activate a policy by event, you can return to the previous policy manually only.
P
OLICY FOR MOBILE USER
This policy type is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.
To configure the enforcement of a policy when a client computer disconnects from the corporate network:
1. Select the required policy in the console tree, open its context menu and choose the Properties command.
2. Select the General tab (see the figure below) in the Properties: <Policy name> application policy configuration window.
Figure 59. The policy properties window
83
R E F E R E N C E G U I D E
3. Click the Advanced link to open the additional policy settings window (see the figure below).
Figure 60. Additional policy settings window
4. In the Policy status section select Mobile user policy .
D
ELETING A POLICY
To delete a policy:
Select the necessary policy in the Policies folder within the console tree and use the Remove command from the context menu or the Remove policy link in the task pane.
C
OPYING A POLICY
To copy a policy:
1. Select the necessary policy in the Policies folder in the results pane and use the Copy command from the context menu.
2. Go to the Policies folder of the required group (or remain in the same folder) and use the Paste command from the context menu.
As a result, the policy will be copied with all its settings and applied to the computers within the group into which it was copied. If a policy with the same name exists in the folder, the _1 ending will be automatically added to its name.
C
ONFIGURING THE
N
ETWORK
A
GENT
'
S POLICY
You can define the following parameters in the Settings window (see the figure below) while creating a policy for the
Network Agent:
In the Event log group use the Maximum size of event log, MB field to define maximum disk space that the events log will be allowed to occupy.
84
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
In the Application uninstallation password group press the Modify button and enter the password. This password must be specified in the task of remote uninstallation of the Network Agent.
Figure 61. Creating a Network Agent policy. The Settings window
85
R E F E R E N C E G U I D E
In the Repositories window specify the options for the system of collecting information about the applications installed on computers within a group and objects in repositories. To reflect the information about applications in the applications
registry (see section "Applications registry" on page 272 ), check the
Information about installed applications box. To display information about objects placed in repositories by applications of version 6.0 MP3, in the corresponding folders of the Repositories folder, check the Quarantined objects and Backup objects boxes.
Figure 62. Creating a Network Agent policy. The Repositories window
In the Network window (see the figure below) you can specify the settings for connection to an Administration Server.
In the Connect to the Administration Server field specify the following:
In the Synchronization interval (min) field specify the time interval (in minutes) between attempts to synchronize data of the client computers and the Administration Server.
Check the Use SSL connection box if you wish the connection to be secure (using SSL protocol).
Check the Compress network traffic box to increase the rate of the data transfer by the Network Agent, by decreasing the amount of the information transferred and hence decreasing the load on the Administration
Server.
If you enable this setting, the load on the central processor of the client computer may be increased.
86
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
In the Network Agent port field, allow the Administration Server connection to the client computers using a UDP port, and define the port number. To open the connection via the UDP port, check the Use UDP port box and enter the port number in the UDP port number field. By default, port 15000 will be used; but if required, you can change it. Only decimal notation is allowed.
Figure 63. Creating a Network Agent policy. The Network window
When editing the policy for the Network Agent, you can make changes on the General , Events , Settings , Repositories and Network tabs.
87
R E F E R E N C E G U I D E
In addition to the values configured in the policy creation wizard, on the Network tab (see the figure below) you can also check the Open Network Agent ports in Microsoft Windows Firewall box. This will cause the UDP port required to support Network Agent to be added to the Microsoft Windows firewall exception list.
Figure 64. Editing a Network Agent policy. The Network tab
C
ONFIGURING THE SETTINGS OF THE
A
DMINISTRATION
S
ERVER
POLICY
When creating a policy for the Administration Server, specify Kaspersky Administration Kit in the application selection window. Then, using the Settings window (see the figure below), you can configure general settings for the
Administration Server.
In the Administration Server connection settings field:
The number of the port used to connect to the Administration Server. By default, port 14000 is used; if this port is in use, it can be changed; the number of the port for secure connection to the Administration Server using SSL protocol. By default, port
13000 will be used.
88
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Specify the required value in the Maximum number of events stored in the database field. The default value is
400,000 records.
Figure 65. Creating an Administration Server policy. The Settings window
In the Scan network window (see the figure below) you can specify how the Administration Server updates its information about the Windows network structure:
To enable automatic network polling, check the Allow scan box in the Windows network group.
To enable automatic polling of IP subnets, check the Allow scan box in the IP subnets group. The
Administration Server will poll the subnets with the period specified in the Scan interval (min) field. The default interval between polls is 420 minutes.
89
R E F E R E N C E G U I D E
To allow automatic network polling using the Active Directory structure, check the Allow scan box in the Active
Directory group.
Figure 66. Creating an Administration Server policy. The Scan network window
In addition to the values configured during policy creation, additional policy parameters may be modified.
90
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Use the Computer visibility timeout (min) field on the Settings tab (see the figure below) to specify the time during which the client computer will be considered visible to the network after the connection with the Administration Server has been lost. The default for this interval is 60 minutes. After the specified period expires, the Administration Server will consider the client computer inactive.
Figure 67. Editing an Administration Server policy. The Settings tab
On the Scan network tab (see the figure below) you can define the following settings:
Intervals for Windows network polling:
Full scan time (min) . Complete information about computers in the network will be updated with the specified interval. The default interval between polls is 60 minutes.
Quick scan time (min) . Information about the list of computers connected to the network will be updated with the specified frequency. The default interval between polls is 15 minutes.
IP subnet scanning period (min). To do this, use the appropriate block in the Scan interval (min ) field to specify the required value. The default interval between polls is 420 minutes.
91
R E F E R E N C E G U I D E
Intervals for network polling in accordance with the Active Directory structure. To do this, use the appropriate block in the Scan interval (min) field to specify the required value. The default interval between polls is
60 minutes.
Figure 68. Editing an Administration Server policy. The Scan network tab
The Virus outbreak tab is used to specify when the Virus outbreak event will be raised for each anti-virus application type. The settings on this tab are identical to those in the corresponding tab of the Administration Server properties window.
The Cisco NAC tab may be used to define a mapping between anti-virus protection conditions and Cisco NAC statuses.
The settings on this tab are identical to those in the corresponding tab of the Administration Server properties window.
92
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
You can use the Administration Servers hierarchy tab (see the figure below) to allow or prohibit editing of the server hierarchy settings. If Allow hierarchy settings modification on slave servers is unchecked, slave Administration
Server administrators will not be able to edit hierarchy settings specified on the master Server.
Figure 69. Editing an Administration Server policy. The Administration Servers hierarchy tab
E
XPORTING A POLICY
To export a policy:
1. In the console tree, select the required group.
2. Select the Policies subfolder.
In the results pane, you will see a list of all policies created for this group.
3. Select the necessary policy.
4. Open the context menu and select the Export command or use the Export policy to file link in the task pane.
5. In the displayed window specify the name and path for the destination file. Click the Save button.
93
R E F E R E N C E G U I D E
I
MPORTING A POLICY
To import a policy:
1. In the console tree, select the required group.
2. Select its Policies subfolder.
3. Open the context menu and select the All tasks Import command or use the Import policy from a file link in the task pane of the Policies folder.
4. In the window that opens, specify the path to the source file containing the required policy. Click the Open button.
The added policy will appear in the console tree.
P
OLICIES CONVERSION
Using Kaspersky Administration Kit, you can convert the policies of the previous version of Kaspersky Lab applications to the current version. This may be useful, for example, when you install the Administration Server 8.0 on a computer with the Administration Server 6.0 installed. This procedure is performed using the Policies and tasks conversion wizard.
To convert application policies and / or tasks:
1. In the console tree, select the Administration Server for which you wish to convert policies and / or tasks.
2. In the context menu, select All tasks Policies and tasks conversion wizard . A wizard will start. Follow the wizard's instructions.
3. In the Application name field (see the figure below), specify the application version. After the wizard completes, the policies and tasks will be converted for work in the specified version of the application.
Figure 70. Selecting an application for conversion
94
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
4. In the next wizard window (see the figure below), check boxes next to the policies, for which you wish to perform the conversion. Pressing the Next button will perform the policies conversion.
Figure 71. Selecting policies for conversion
5. In the next wizard window (see the figure below), check boxes next to the tasks, for which you wish to perform the conversion. Pressing the button Next will perform the tasks conversion.
Figure 72. Selecting tasks for conversion
95
R E F E R E N C E G U I D E
The wizard will create new policies and tasks that use the policies and tasks settings of the previous version.
M
ANAGING TASKS
Kaspersky Administration Kit manages application installed on client computers by creating and running tasks. These tasks implement the basic management features; for example, applications and licenses installation, file scan, database and program modules updates. Tasks are subdivided into the following types: group tasks
(see section " Creating a group task " on page 97 )
– running on all client computers within an administration group;
Administration Server tasks
(see section " Creating an Administration Server task " on page 108 )
– running on the Administration Server; tasks for specific computers
(see section " Creating a task for specific computers " on page 109 )
– running on a small number of computers that are not put into a separate group; local tasks
(see section " Creating a local task " on page 110 )
– created and running on an individual client computer.
The created tasks are displayed in the appropriate folder of the console tree. The icon indicating the task status is
displayed next to its name (see section "Statuses of computers, tasks and policies" on page 321 ).
K
ASPERSKY
A
DMINISTRATION
K
IT TASKS
The Administration Server performs the following tasks:
reports delivery (see section "Reports delivery task" on page 193 ).
downloading of updates to the repository (see section "Determining the updates list" on page 245 ).
Administration Server data backup (see section "Data backup" on page 299 ).
T
ASKS FOR SPECIFIC COMPUTERS
You can create tasks for specific computers in Kaspersky Administration Kit. Such specific computers can be included in different administration groups. Kaspersky Administration Kit can perform the following main tasks:
Remote application installation (see the Implementation Guide for further details).
Message for users (see section "Sending message to the user of the client computer" on page 158 ).
Switching the Administration Server (see section "Administration Server change task" on page 145 ).
Managing the client computer (see section "Client computer management task" on page 148 ).
Updates verification (see section "Verifying downloaded updates" on page 249 ).
Distribution of the installation package (see the Implementation Guide for further details).
Remote application installation to the slave Administration Servers (see the Implementation Guide for further details).
Remote application uninstallation (see the Implementation Guide for further details).
96
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
C
REATING A GROUP TASK
To create a group task:
1. In the console tree, select the group for which you want to create the task.
2. Select its Group tasks subfolder.
3. Open the context menu and use the New Task command or the Create a task link in the task pane. This will launch the New Task Wizard. Follow the wizard's instructions.
4. Specify the task name. If a task with the specified name already exists in the group, the _1 suffix will be automatically added to the end of the name.
5. Then, select the application for which you want to create a task, and define the task type (see the figure below).
Figure 73. Creating a task. Selecting an application and defining task type
To select an application for which a task is to be created, select the corresponding node in the suggested tree.
The list includes all Kaspersky Lab applications that have their Console Plug-ins installed on the administrator's workstation. To specify the task type, select one of the child nodes for the selected application.
97
R E F E R E N C E G U I D E
6. You will then be prompted to configure the task according to the selected application (see the figure below).
Some settings are set by default. For details about task configuration, see documentation for a specific application.
Figure 74. Task configuration
7. Then, create the task start schedule. Use the Scheduled start drop-down list to select the necessary mode for task launch and configure the task schedule in the group of fields corresponding to the selected mode:
Every N hours ;
Every N minutes ;
Daily ;
Weekly ;
Monthly ;
Once ;
Manually
– manual launch from the main window of Kaspersky Administration Kit using the
Start command of the context menu or the Run a task link in the task pane;
After application update
– after every update of the application database;
At application start ;
Immediately
– start the task immediately (after the wizard finishes);
When new updates are downloaded to the repository
– automatically after the Administration Server downloads the updates;
On virus outbreak ;
98
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
On completing another task .
This is the list of all scheduling modes available for Kaspersky Administration Kit tasks. Some of the listed options may not be available depending on the task type.
The tasks for applications, which can be managed via Kaspersky Administration Kit, can have extra scheduling modes. You can find more information about schedule options in the corresponding user guides.
If you set up the task to start Every N hours (see the figure below), specify the following:
The task start frequency in the Every hour field and the start date and time for the task in the Plan for field.
For example, if you entered value 2 in the Every hour field and entered August 3, 2008 3:00:00 p.m. in the
Plan for field, the task will start every two hours starting at 3 p.m. on August 3, 2008.
The default frequency value is set at 6, and the default start date and time for the task is automatically set to the current system date and time of your computer.
The procedure for the task to start if the client computer is unavailable (turned off, disconnected from the network, etc.) or if the application is not open at the time specified by the schedule.
Check the Run missed tasks box to make the system attempt to start the task the next time the application is opened on this client computer. For Manually , Once , and Immediately the task will be started immediately after the computer connects to the network.
If this box is not checked (default), only scheduled tasks will be started on the client computers, and for
Manually , Once , and Immediately - on hosts visible on the network only.
A variation of the scheduled time during which the task will be started on the client computers. This capability is provided to spread the load caused by simultaneous calls made to the Administration Server by numerous client computers when the task is launched.
99
R E F E R E N C E G U I D E
Check the Randomize the task start with interval (min) box and specify the time (in minutes) so that the client computers call the Administration Server within some interval after the task is started, rather than simultaneously. By default, this box is unchecked.
Figure 75. Scheduling a task to start Every N hours
If you set up the task to start Every N minutes (see the figure below), specify the following:
The task start frequency in the Every minutes field and the start date and time for the task in the Plan for field.
For example, if you entered value 10 in the Every field and entered August 3, 2008 3:00:00 p.m. in the
Plan for field, the task will start every ten minutes starting at 3 p.m. on August 3, 2008.
The default frequency value is set at 30, and the default start date and time for the task is automatically set to the current system date and time of your computer.
An action if a client computer is temporarily unavailable at the task start.
100
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 76. Scheduling a task to start Every N minutes
If you set up the task to start Daily (see the figure below), specify the following:
The frequency of task startups in the Every and Start time fields.
For example, if the value of the Every field is 2 and the value of the Start time field is 3:00:00 p.m., the task will start once every two days at 3 p.m.
The default value for the field is 2, and the current system time is automatically set as the default task start time.
An action if a client computer is temporarily unavailable at the task start.
101
R E F E R E N C E G U I D E
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 77. Scheduling a task to start daily
If you set up the task to start Weekly (see the figure below), specify the following:
The frequency of task startups in the Every and Start time fields. By default, the following values are set in these fields: Sunday, 6:00:00 PM. You can change them.
For example, if the value in the Every field is Sunday and the value in the Start time field is 3:00:00 PM, the task will start every Sunday at 3 PM.
An action if a client computer is temporarily unavailable at the task start.
102
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 78. Scheduling a task to start every week
If you set up the task to start Monthly (see the figure below), specify the following:
The frequency of task by selecting the date and time to start the task.
For example, if the value in the Every field is 20 and the value in the Start time field is 3:00:00 p.m., the task will start on the 20th day of every month at 3 p.m.
The default value in the Every field is 1, and the current system time is set in the Start time field.
An action if a client computer is temporarily unavailable at the task start.
103
R E F E R E N C E G U I D E
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 79. Scheduling a task to start every month
If you set the task to start Once (see the figure below), specify the following:
The date of the task launch in the Run on field and the launch time in the Start time field. The values of these fields are set automatically and correspond to the current system date and time. You can change them.
An action if a client computer is temporarily unavailable at the task start.
104
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 80. Scheduling a task to start once
If you set the task to start Manually (see the figure below), at application start or immediately after a task is created, specify:
An action if a client computer is temporarily unavailable at the task start.
105
R E F E R E N C E G U I D E
For deviation from the scheduled time during which the task will be started on the client computers, see above.
Figure 81. Setting a task to start manually
If you define that a task will start On completing another task (see the figure below), specify:
The task after which the current task should start. Use the Select button in the Task name field to select the required task. Specify the exit status for the selected task in the Execution result field: Completed successfully or Failed.
106
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
An action if a client computer is temporarily unavailable at the task start.
Figure 82. Task start following completion of another task
If a task is expected to start On virus outbreak (see the figure below), specify:
Application types for which the Virus outbreak event can start a task. Check the boxes next to the required application types.
107
R E F E R E N C E G U I D E
An action if a client computer is temporarily unavailable at the task start.
Figure 83. Task triggering by virus outbreak detection
After you finish with the wizard, the task you created will be added to the Group tasks folder of the corresponding group
C
REATING AN
A
DMINISTRATION
S
ERVER TASK
To create an Administration Server task:
1. Open the Kaspersky Administration Kit tasks folder in the console tree.
2. Open the context menu and choose the Create Task command.
3. Specify the task name. If a task with the specified name already exists in the group, the _1 suffix will be automatically added to the end of the name.
4. Select the type of the task being created (see the figure below).
Three types of tasks are supported for the Administration Server:
Report Delivery ;
Administration Server data backup ;
Download updates to the repository .
108
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
If the backup or update task has already been created for the Administration Server, it does not appear in the task type selection window. For these types, just one task of each type is allowed.
Figure 84. Creating an Administration Server task. Selecting the task type
5. Configure the task being created in accordance with the selected type. Some settings are set by default.
Information about creation and configuration of tasks can be found in the corresponding sections for:
reports delivery (see section "Reports delivery task" on page 193 );
backup data copying (see section "Data backup task" on page 300 );
6. Define the schedule for the Administration Server task similarly to the group task schedule (see section
"Creating a group task" on page 97 ).
After the wizard completes, the task you created will be added to the Kaspersky Administration Kit tasks folder and displayed in the console tree.
To navigate quickly to the Administration Server task creation window, you can use the corresponding links in the task pane of the Kaspersky Administration Kit tasks folder.
C
REATING A TASK FOR SPECIFIC COMPUTERS
To create a task for specific computers, select the Tasks for specific computers folder in the console tree, open its context menu and select the
New Task command.
109
R E F E R E N C E G U I D E
which you want to create (see the figure below).
Figure 85. Creating a task for specific computers. Defining clients on which this task will be executed
Select the computers within the corporate network on which you want the task to be executed. You can select either computers from different folders or all the computers in a folder. You can select hosts added into administration groups or not included in such groups.
To navigate quickly to creating a task for specific computers, use the Create a task link in the task pane of the Tasks for specific computers folder.
The tasks of this type will only be executed on the specified clients. If new client computers are added to the group you selected, the task will not be performed on those hosts. You should either create a new task or make appropriate changes to the current task settings.
After the wizard completes, the task you created will be added to the Tasks for specific computers folder in the console tree and displayed in the results pane. With global tasks, you can perform all the operations available for group tasks.
C
REATING A LOCAL TASK
To create a local task for a client computer:
1. In the Managed computers folder select the folder with the name of the group that includes the required client computer.
2. In the results pane, select the computer that will perform the task being created, and use the Properties command of the context menu.
110
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
After this, the <Computer name> Properties window will appear in the main application window
(see the figure below).
Figure 86. Viewing client computer properties. The General tab
111
R E F E R E N C E G U I D E
3. Open the Tasks tab (see the figure below). It shows all tasks created for this client computer. To create a new local task, click the Add button. To configure the task settings, click the Properties button.
Figure 87. Viewing client computer properties. The Tasks tab
For instructions on how to create and configure a local task, see the documentation for the corresponding applications.
V
IEWING AND CHANGING TASK SETTINGS
To view and modify task settings, open the task properties window.
To do this, perform one of the following actions:
For a group task, choose a target group in the console tree, navigate to its Group tasks subfolder and select the necessary task. Then, open the context menu and select the Properties command or use the Edit task link in the task pane.
If you want to modify the settings of a task for specific computers, select the required task in the Tasks for specific computers folder of the console tree, open its context menu and select the Properties command.
Alternatively, use the Edit task link in the task pane.
To modify the settings of an Administration Server task, in the console tree, select the Kaspersky
Administration Kit tasks folder and then the necessary task, open the context menu and use the Properties command or click the Edit task link in the task pane.
This will open the <Task name> Properties window with the following tabs: General , Settings , Account , Schedule , and Notification . The properties window of the task for specific computers will also contain the Client computers tab.
112
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
The <Task name> Properties window shows either the default settings for a task of this type or the last modified settings. You can view the actual settings for this task in the <Computer name> properties window of an individual client computer on the Tasks tab.
The General tab (see the figure below) contains the following general task information: task name, which you can change, if necessary; application for which the task is created (for example, Kaspersky Anti-Virus for Windows Workstations); application version number; task type; task creation date and time; the last command performed manually ( Start , Stop , Pause , Resume ).
The bottom of this tab shows statistics about the results of task execution on the client computers for which the task is defined. To view the details of task execution on client computers, click the Results button.
Figure 88. Editing task settings. The General tab
The tab also contains command buttons which may be used to control task execution manually: start, stop, pause, and resume.
To copy the task to the slave Servers, check the Send to slave Administration Servers box.
113
R E F E R E N C E G U I D E
The Settings tab (see the figure below) contains application-specific task settings. For information about this tab, refer to the corresponding documentation.
Figure 89. Editing task properties. The Settings tab
On the Account tab (see the figure below), specify the account that will be used to run the task. You can select one of the following options:
Default account . In this case the task will run under the account of the application that will perform this task.
Specified account . If you select this option, enter the account (user name and password) that has the appropriate access rights. For example, for on-demand scans, the account should have access rights to the scanned object; for update tasks
– the account should be able to access the shared folder on the Administration
Server or be authorized on the proxy server.
114
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
The account selection will allow to avoid problems with on-demand scan and update tasks when the user running a task does not have the required access rights.
Figure 90. Editing task properties. The Account tab
On the Schedule tab, (see the figure below) you can change task scheduling options. Using the Additional link you can perform the following actions:
launched;
115
R E F E R E N C E G U I D E
The content of the Schedule tab and its operation are identical to those available in the schedule settings configuration
window that opens when you create a task (see section "Creating a group task" on page 97 ).
Figure 91. Editing task properties. The Schedule tab
On the Notification tab (see the figure below), you can edit the settings for sending notifications about task performance results:
In the Store task history group of fields, specify where the task history will be stored. To do this, the following boxes are available:
Store events locally to store information locally on each client.
This option is only available for Kaspersky Anti-Virus 5.0 for Windows File Servers MP4.
On Administration Server for (days) to store task history, sent from all clients, centrally on the
Administration Server. In the field to the right, specify the time interval for which the task history will be stored on the server. When the specified period has elapsed, the information will be deleted from the server.
In the event log on client computer to save information about events locally in the Windows Event Log of each client computer.
In the event log on Administration Server to enable centralized logging of all application events on all clients in this group in the specified Administration Server's Windows Event Log.
Use the same field to specify which events are to be logged:
Save all events ;
116
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Save events related to task execution progress ;
Save execution result only.
In the Notify administrator group, specify the method that will be used to notify the administrator (or other users) about task results. Click the Settings button to configure the notification parameters.
To do this, check one or more of the following boxes:
Send email – send notifications through a mail server.
Use NET SEND
– send network notifications using the NET SEND service. For successful notification, a messaging service (Messenger) must be installed on the Administration Server and on all recipient computers.
Run executable – run a program or an executable when the event is raised.
Settings are configured as in the event properties under the Notification tab. The settings specified in the
Check the Notify of errors only box to be notified about errors only.
Figure 92. Editing task properties. The Notification tab
117
R E F E R E N C E G U I D E
If a task is created for specific computers, the properties window displays the Client computers tab (see the figure below). It displays a list of client computers which will perform the task. You can add and remove clients from the list.
Figure 93. Editing a task for specific computers. The Client computers tab
D
ISPLAYING AN INHERITED GROUP TASK IN THE RESULTS PANE OF A
NESTED GROUP
To display inherited tasks in the Group tasks folder of a child group:
1. Select the Group tasks folder in the results pane of the nested group.
2. Open the context menu, select the View option, and check the Inherited tasks box.
This will display the inherited group tasks in the results pane marked with the icon . You can view inherited group task properties. Inherited group tasks may only be edited in a group under which they were created.
A
UTOMATIC OPERATING SYSTEM LOADING ON THE CLIENT
COMPUTERS BEFORE TASK EXECUTION
To ensure that the task is executed on computers that are turned off at the time specified in the schedule:
1. On the Schedule tab of the task configuration window, click the Advanced button.
118
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
2. In the window that opens (see the figure below), check the Activate computer before the task is launched by the Wake On LAN function (min) box, and specify the required time.
Figure 94. Enabling automatic startup of the operating system
As a result, the operating system of the computer will start up before the task is launched.
Automatic startup of the operating system is only available on computers supporting the Wake on Lan function.
T
URNING OFF THE COMPUTER AFTER THE TASK EXECUTION
To turn off the computer after the task is completed:
1. On the Schedule tab of the task configuration window, press the Advanced button.
2. In the window that opens check the Turn off computer after task is completed box.
R
ESTRICTING TIME FOR THE TASK EXECUTION
To restrict the duration of task execution:
1. On the Schedule tab of the task configuration window, click the Advanced button.
2. In the window that opens check the Stop if the task is taking longer than (min) and specify the time period in minutes after which the task will be stopped.
E
XPORTING A TASK
Rights of the local users will not be exported.
To export a group task to a file:
1. In the console tree, open the Managed computers folder and select the required group.
2. Open its Group tasks subfolder and select the necessary task.
3. Open the context menu and select the All tasks Export command or use the Export task link in the task pane.
119
R E F E R E N C E G U I D E
4. In the window that opens, specify the name of the file where the task will be saved and its location. Click the
Save button.
To export a task for specific computers:
1. In the console tree, open the Tasks for specific computers folder and select the required task.
2. Open the context menu and select the All tasks Export command or use the Export task link in the task pane.
3. In the window that opens, specify the name of the file where the task will be saved and its location. Click the
Save button.
Kaspersky Administration Kit tasks cannot be exported.
I
MPORTING A TASK
To import a group task from a file:
1. In the console tree, open the Managed computers folder and select the required group.
2. Select its Group tasks subfolder.
3. Open the context menu and select the All tasks Import command or use the Import task from file link in the results pane.
4. In the window that opens, specify the path to the source file containing the required task. Click the Open button.
To import a task for specific computers:
1. In the console tree, select the Tasks for specific computers .
2. Open the context menu and select the All tasks Import command or use the Import task from file link in the results pane.
3. In the window that opens, specify the path to the source file containing the required task. Click the Open button.
As a result, the new task will appear in the selected tasks folder within the console tree.
If the selected folder already contains a task with the name matching the name of the imported task, a numerical suffix will be appended to the task.
Kaspersky Administration Kit tasks cannot be imported.
T
ASKS CONVERSION
Using Kaspersky Administration Kit, you can convert the tasks of the previous version of Kaspersky Lab applications to
S
TARTING AND STOPPING TASKS MANUALLY
To start or stop a task manually:
1. Select the target task (for a group or for specific computers) in the results pane.
120
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
2. Open the context menu and choose the Start or Stop command.
For quick access to the operation, you can click the Run the task link or Stop the task link in the results pane, or press the Start or Stop
P
AUSING
/
RESUMING TASKS MANUALLY
To pause or resume a running task: select the necessary task (for a group or for specific computers) in the results pane, open its context menu and select the Pause or Resume task.
General tab using the Start , Stop , Pause or Resume buttons.
Tasks are launched on a client only if the corresponding application is running. When the application is not running, all running tasks are cancelled.
M
ONITORING TASK EXECUTION
To start monitoring the task execution,
switch to the General tab (see the figure below).
Figure 95. Editing task settings. The General tab
121
R E F E R E N C E G U I D E
The following information will be displayed in the lower part of the General tab:
Modified – number of computers for which the task settings have been modified on the Administration Server or a command was sent, but the changes have not yet been synchronized with the client computer.
Scheduled – number of computers for which this task is scheduled and synchronized with the Administration
Server.
Paused – number of computers on which this task is paused.
Running
– number of computers on which this task is running.
Completed – number of computers on which this task has been completed successfully.
Completed with an error
– number of computers on which the task failed.
Similar information for each task is displayed in the main program window when you are viewing the properties of a group task or a task for specific computers.
V
IEWING RESULTS OF THE TASK EXECUTION STORED ON THE
A
DMINISTRATION
S
ERVER
To view the results of task execution stored on the Administration Server,
switch to the General tab and press the Results button.
This will open the Task results window (see the figure below). The upper part of the window contains the list of client computers for which this task is defined. The following information is displayed:
Client computer
– name of the client computer for which the task is assigned.
Group – the name of the administration group that contains the client computer.
Status
– the current task status.
Time – the date and time when the last event occurred.
Description – detailed description of the current task status on the client computer.
The lower part of the window displays the results of the task execution on the selected client computer:
Status – all changes in the task status.
Time
– date and time when each event occurred.
Description – detailed description of each event.
Information contained in the window includes data from the slave Administration Servers.
122
Use the Refresh button to update information in the tables.
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Figure 96. Viewing results of the task execution stored on the Administration Server
To view task performance results for each client computer, open the <Computer name> Properties window using the
Results button on the Tasks tab. You will see information stored on the Administration Server.
Viewing task results stored locally on a client computer is only available during work with Kaspersky Anti-Virus 5.0 for
Windows File Servers MP4; it is performed through the Administration Console installed locally on this host.
C
ONFIGURING THE EVENT FILTER FOR A GROUP TASK
To configure a filter for information displayed in the T ask results window:
1. Use the Filter command from the context menu of the list of client computers. This will open the filter settings window (see the figure below). Configure the filter settings.
2. Select the event characteristics and task execution results that must be displayed after the filter has been applied, using the Events tab:
Select the event importance level from the drop-down list.
To display task results, select the required task status in the Task results field.
To collect information about results of the last task launch only, check the Show only last results of the task box.
123
R E F E R E N C E G U I D E
To restrict the amount of information to be displayed after the filter has been applied, check the Restrict the number of displayed events box and indicate the maximum number of rows to be included in the table.
Figure 97. Configuring an event filter. The Events tab
3. Using the Computers tab (see the figure below), define the hosts where the events and task execution results included in the selection must be registered.
You can use the following parameters:
Computer name .
Computer name in the Windows network .
Administration group .
DNS domain .
Windows domain .
124
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
IP address range . To do this, check the corresponding box and enter the initial and final IP addresses of computers.
Figure 98. Configuring an event filter. The Computers tab
4. Using the Time tab (see the figure below), define the time of event occurrence and task execution results.
You can select the following options:
During a period - to define fixed dates for the beginning and end of the period. To specify the dates, select
Events on in the From and To fields respectively and enter the exact date and time. If all recorded information is required, select First event and Last event .
For recent days to specify the number of days. In this case the time interval will be calculated starting with the time of list creation.
125
R E F E R E N C E G U I D E
For example, if the field contains 2 days, and the list is created on June 24 at 3.00 PM, then it will include the data for the period since 3.00 PM of June 22 until 3.00 PM June 24.
Figure 99. Configuring an event filter. The Time tab
5. After you have finished configuring settings for the filter, press the OK button. As a result, only the data that complies with the specified settings will be displayed in the Task results window.
C
ONFIGURING EVENT FILTER FOR A SELECTED COMPUTER
To configure a filter for information displayed for a selected computer:
1. In the context menu of the computer, select the Events command.
2. In the Events window that opens, press the Filter button.
3. In the filter configuration window, specify filter settings on the Events (see the figure below) and Time tabs.
Select the event characteristics and task execution results that must be displayed after the filter has been applied, using the Events tab:
In the Application name field, select the name of the application that should register the required events.
Specify the Version number of the application.
126
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Specify the Task name which resulted in the event.
Select the event importance level from the drop-down list in the Severity field.
For each application event types are defined that may occur during its operation. Each event has a characteristic that reflects its importance level. Events of the same type may be assigned different severity levels depending on the situation in which the event occurred.
To configure the filter to include only events of a specific type, check the Events box and check boxes next to the names of the required types. If the event type is not specified, all types of events will be displayed.
To ensure that the execution results for tasks with a certain status are displayed, check the Results of performing tasks box and select the required task status.
To collect information about results of the last task launch only, check the Show only last results of the task box.
To restrict the amount of information to be displayed after the filter has been applied, check the Restrict the number of displayed events box and indicate the maximum number of rows to be included in the table.
Figure 100. Configuring an event filter. The Events tab
Using the Time
Computers tab is not provided as the filter is configured for a selected computer only.
127
R E F E R E N C E G U I D E
4. After you have finished configuring the filter, press the OK button. As a result, only data that complies with the specified settings will be displayed in the Events window.
R
EMOVING A FILTER
To remove a filter: use the Remove filter command from the context menu.
L
OCAL APPLICATION SETTINGS
The Kaspersky Administration Kit administration system allows remote management of local application settings on remote computers via the Administration Console. The application settings can be used to define individual values for applications on each client computer within a group.
V
IEWING APPLICATION SETTINGS
To view application settings and configure them as necessary:
1. In the Managed computers folder select the folder with the name of the group that includes the required client computer.
2. Select the Client computers folder.
3. In the results pane select the computer for which you need to modify the application settings, and use the
Properties command from the context menu.
This will open the <Computer name> Properties dialog containing several tabs in the main program window.
4. Open the Applications tab (see the figure below). This contains a table of all Kaspersky Lab applications installed on the client computer and brief information about each of them.
5. Select the required application. You can:
client computer and were registered on the Administration Server, using the Events button.
See the current statistics on application operation using the Statistics button. This information is requested by the Administration Server from the client computer. If there is no connection, a corresponding error message will be displayed.
128
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
View general information about the application and configure its settings, using the Properties button in the
<Application name> application properties window.
Figure 101. Viewing client computer properties. The Applications tab
The <Application name> application properties window contains several tabs. The information is provided based on the data received during the last client synchronization session with the Administration Server. The contents of the tabs are specific to each application, and their description is provided in the corresponding documentation. The General , Licenses , and Events tabs are common for all applications.
129
R E F E R E N C E G U I D E
On the General tab (see the figure below), you can view general information about the application, installed updates, start or stop the application, and check the settings of the plug-in for this application installed on the administrator's workstation by clicking the Plug-in information hyperlink.
Figure 102. Viewing client computer properties. The General tab
The Licenses tab contains detailed information about the current and reserve licenses installed for the application (see the figure below).
The Current license section displays information about the current key:
Serial number – the license number;
Type
– the type of installed license (for example, commercial or trial);
Activation date – license activation date (the date when it was activated);
Expiration date
– expiration date for the license;
License period
– license validity period;
Limit computers count – restrictions imposed by the license.
The Reserve license group of fields displays information about the backup license:
Serial number – the license number;
Type
– the type of installed license (for example, commercial );
License period – license validity period;
130
R E M O T E M A N A G E M E N T O F A P P L I C A T I O N S
Limit computers count
– restrictions imposed by the license.
The Events tab (see the figure below) contains parameters that determine the rules for handling events raised by an application running on a client computer. You can view them and make the necessary changes. This tab
C
ONFIGURING
N
ETWORK
A
GENT
To view the settings of the Network Agent installed on the client computer:
1. In the results pane select a client computer, open the context menu and choose the Properties command.
2. In the dialog window that opens, select the Application tab.
3. In the list of applications installed on the client computer, select the Network Agent and press the Properties button.
When you are configuring the Network Agent, in addition to the General (see the figure below) and Events tabs, the window also contains the Settings , Repositories , and Network tabs. The options displayed on these tabs are identical
Figure 103. The Network Agent configuration window. The General tab
131
R E F E R E N C E G U I D E
The Network Agent installed on the Server's computer cannot access the Network tab (see the figure below). You cannot configure the settings for connection to the Administration Server; these settings are hardwired because these components are installed on the same computer.
Figure 104. The Network Agent settings configuration window (installed together with the Server)
132
CLIENT COMPUTERS
The client computers included in an administration group are displayed in the table on the results pane of the Client computers subfolder.
I N THIS SECTION
A
DDING COMPUTERS TO GROUP
To add one or several computers to a specific administration group:
1. Open the Managed computers folder.
2. Select the group folder to which you wish to add the client computers.
If you are adding a computer to the highest hierarchy level, select the Managed computers folder.
3. Select the Client computers folder.
4. Open the context menu and select the New Computer command.
5. A wizard will start. Follow its instructions to add client computers and build the list of hosts to be added to the groups.
If you have selected automatic addition of computers (the Automatically, based on Administration Server data option), then the list of computers will be generated using the data that the Administration Server receives while polling the corporate Windows network, IP subnets or Active Directory groups. In that case the window for selection of hosts contains the Unassigned computers folder. Select computers to be included in the group.
You can select computers from different folders, or select the entire folder.
If you selected the manual method for adding computers, you will be asked to create the list of computers to be included in the group. You can either create the list of addresses in the wizard window using the Add and
Remove buttons, or import the list from a text file using the Import button. You can use either an IP address (or a range of IP addresses), or computer names on the Windows network as the computer's address. To import the list from a file, specify a txt file with the list of addresses of computers that are being added. Each address must be specified in a separate line.
133
R E F E R E N C E G U I D E
In case of manual computer addition (as data entered by the administrator) the reliability and validity of the information is checked to prevent name conflicts and ensure that only unique names are used. If the
Administration Server database contains information about the presence of a computer in the Windows network, the computer will be included in the group.
To navigate quickly to the wizard for adding computers to the console tree, open the Managed computers folder, select the group to which you wish to add the client computer and click the Add computers to the group link in the Group structure management section of the Groups tab in the task pane.
Once the wizard completes successfully, the computers will be included in the group and will be displayed in the results pane under names determined by the Administration Server.
A computer can also be automatically added in the main application window of Kaspersky Administration Kit by dragging the computer from the Unassigned computers folder and dropping it in the appropriate administration group.
V
IEWING INFORMATION ABOUT A CLIENT COMPUTER
To view information about a client computer included in an administration group:
1. In the Managed computers folder select the folder with the name of the group that includes the required client computer and open the Client computers folder.
The list of clients in this group will be displayed in the results pane.
2. Select the required client and use the Properties command of the context menu.
The <Computer name> Properties window containing several tabs (see the figure below) will appear in the main program window.
134
C L I E N T C O M P U T E R S
Figure 105. Viewing client computer properties. The General tab
On the General tab (see the figure above) you can: view the network settings of client computers. edit the host name in the administration group. The host name is generally assigned by the Administration
Server and coincides with the computer name on the Microsoft Windows network. enter your own description for the computer. define the connection settings with the Administration Server by using the Do not disconnect from the
Administration Server box. If this box is checked, the connection between the Administration Server and the client computer is uninterrupted. If this box is unchecked (default value), the client computer will only connect to the Administration Server to synchronize the data or to transfer the information.
Permanent connection should only be established with the most important client computers because
Administration Server supports no more than 1500 simultaneous connections.
View system information in the System information
window (see section " Viewing client system information " on page 138 ), that opens by clicking the
System information link. The window contains information about hardware and software of the client host and users connected to that computer.
The information displayed on the tab reflects data received during the last synchronization session.
The Protection tab (see the figure below) shows the current status of anti-virus protection on a client computer. You can
135
R E F E R E N C E G U I D E view the following data:
Computer status – the status of the client computer assigned according to the diagnostics criteria of the computer's anti-virus protection, and the criteria regarding the computer network activity level, set by the administrator. The field below the status value lists the conditions which determined the client computer's current status.
Real-time protection status – current status of anti-virus protection.
Last full scan date
– date and time of the last anti-virus scan of the client computer.
Viruses found – total number of viruses detected on the client computer (the counter of detected viruses) since the installation of anti-virus application (first scan) or since the last time the virus counter was reset. To reset the counter, click the Reset button.
Figure 106. Viewing client computer properties. The Protection tab
136
C L I E N T C O M P U T E R S
The Applications tab (see the figure below) lists all the Kaspersky Lab applications installed on the client computer. You can view general information about an application, manage its performance, and configure its settings (see section
"Local application settings" on page 128 ).
Figure 107. Viewing client computer properties. The Applications tab
137
R E F E R E N C E G U I D E
On the Tasks tab (see the figure below), you can manage tasks for client computers (view existing tasks, delete and create new tasks, start and stop them, change task settings, and view task performance results). The information about tasks reflects the data received during the last client-server synchronization session. The Administration Server polls the client for the current task status. If connection fails, the status is not displayed.
Figure 108. Viewing client computer properties. The Tasks tab
V
IEWING CLIENT SYSTEM INFORMATION
The System information window contains detailed system information of client computers including the following tabs:
General (see the figure below).
138
C L I E N T C O M P U T E R S
This tab displays information about the client computer operating system and hardware.
Figure 109. The Client system information window. The General tab
Applications registry (see the figure below).
This tab displays a list of programs installed on the client computer.
Whether this tab is shown or hidden is determined by the user interface settings. To configure this tab to be displayed, go to View Configuring interface menu and check the box in the Display application registry string.
Check the Display incompatible security applications only box to show in the list of applications only those security applications that are incompatible with Kaspersky Lab applications.
139
R E F E R E N C E G U I D E
To display installed updates in the list, check the Show updates box.
Figure 110. The Client system information window. The Applications registry tab
140
C L I E N T C O M P U T E R S
To review information about an individual application, select it in the list and click the Properties button. The window displayed after that (see the figure below) will contain information about the application generated from the registry data.
Figure 111. The application properties information window
Sessions (see the figure below).
This tab contains information about current work sessions of the client computer. In accordance with the data received from the client computer, the table contains the following information about each session:
Name ;
Participant's Name ;
Account ;
141
R E F E R E N C E G U I D E
Email .
Figure 112. The Client system information window. The Sessions tab
Comments (see the figure below).
142
C L I E N T C O M P U T E R S
You can use this tab to add, view and edit comments. Comments can include any information about the client computer that you might need. For convenience you can also define the importance level.
Figure 113. The Client system information window. The Comments tab
To add a new comment, click the Add button and use the displayed window (see the figure below) to: select the comment importance level in the drop-down list: Information , Critical , Warning .
143
R E F E R E N C E G U I D E enter the comment in the Comment text . The initial words of the entered text will appear in the Text column of the comments list (see the figure above).
Figure 114. Making a new comment
If the comment is related to an individual user of the computer, check the Specify user box and then press the Select button to select the user from the suggested list in the window that opens (see the figure below).
Figure 115. Editing a comment. Selecting a user
To display in the list only the users who have logged in on that computer, check the Display only logged on users box. If this box is unchecked, the list will contain all users registered on the computers within the administration group.
144
C L I E N T C O M P U T E R S
A
DMINISTRATION
S
ERVER CHANGE TASK
To create an Administration Server change task:
the computers being transferred.
specific computers (see section "Creating a task for specific computers" on page 109 ).
3. During selection of the application and definition of the task type (see the figure below) choose: Kaspersky
Administration Kit , open the Advanced folder and select the Change Kaspersky Administration Server task.
Figure 116. Selecting the application to be installed
145
R E F E R E N C E G U I D E
4. At the next stage (see the figure below), specify the settings that will be used by the Network Agent installed on client computers to connect to the new Server.
Figure 117. Specifying the Server and selecting the certificate
In the Administration Server connection settings group of fields:
Specify the address of the Administration Server managing the administration groups to which the client computers are to be moved. You can use either its IP address or the computer's name in the Windows network as the computer's address.
Specify the port number to be used for connection to the new Administration Server. The default port number is 14000.
Specify the port number to be used for secure connection to the new Administration Server (using the SSL protocol). The default port number is 13000.
Check the Use proxy server box if connection to the Administration Server is established through the proxy server. Enter the proxy server address in the Proxy server address field. Fill in the User name and
Password fields if user authorization is required to access this proxy server.
146
C L I E N T C O M P U T E R S
Task settings configured at this stage can be modified on the Settings tab (see the figure below) of the task
property window (see section "Viewing and changing task settings" on page 112 ).
Figure 118. Viewing the Administration Server change task settings
Furthermore, in this window in the Administration Server certificate section, using the Select button, you can also specify the certificate file for authentication on the new Administration Server.
The certificate file is klserver.cer, and it is located on the Administration Server where computers are being moved, in the Cert subfolder of the program folder specified during installation of Kaspersky Administration Kit.
You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure access settings for the Server.
5. If you are creating a task for specific computers, you will have to create a list of client computers (see section
completes, these computers will be moved to the administration groups of the Administration Server specified in the task settings, and placed in the Unassigned computers group.
If a group task is used, all client computers of the specified group will be connected to the new Administration
Server. The Administration Server change task will not be executed for the client computer which hosts
Administration Server.
147
R E F E R E N C E G U I D E
C
LIENT COMPUTER MANAGEMENT TASK
Kaspersky Administration Kit provides a capability to remotely manage the client computers using the following tasks:
Turn on the computer (see section "Turning on the client computer" on page 148 ).
Shut down the computer (see section "Shutting down the client computer" on page 151 ).
Restart the computer (see section "Restarting the client computer" on page 154 ).
T
URNING ON THE CLIENT COMPUTER
To Turn on the computer :
managing the client computers.
specific computers (see section "Creating a task for specific computers" on page 109 ).
3. Select the type of the task (see the figure below).
To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the
Advanced folder and select Manage client computer .
4. Press the Next button in order to proceed with creating the client computer management task.
Figure 119. Selecting the task type
148
5. Select Turn on the computer in the Settings window (see the figure below).
C L I E N T C O M P U T E R S
Figure 120. Task settings
6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the
Next button.
Figure 121. Computer selection
149
R E F E R E N C E G U I D E
the Next button.
Figure 122. Scheduling task launch
8. Click the Finish button to complete task creation (see the figure below).
Figure 123. Completing task creation
150
C L I E N T C O M P U T E R S
S
HUTTING DOWN THE CLIENT COMPUTER
To Shut down the computer :
managing the client computers.
specific computers (see section "Creating a task for specific computers" on page 109 ).
3. Select the type of the task (see the figure below).
To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the
Advanced folder and select Manage client computer .
4. Press the Next button in order to proceed with creating the client computer management task.
Figure 124. Selecting the task type
151
R E F E R E N C E G U I D E
5. Select Shut down the computer in the Settings window (see the figure below).
Figure 125. Task settings
If you do not want the server to request task performance confirmation from the client computer, uncheck the
Prompt user for confirmation box in the lower window part (by default, this box is checked).
Using the Repeat the prompt regularly in (min) , specify the interval (in minutes) in which Kaspersky
Administration Kit will prompt the user to confirm the shutdown (the default interval is 10 minutes).
In the Force shutdown after (min) field enter the interval after which the Administration Server will perform the restart (see the figure below).
Press the Next button.
152
C L I E N T C O M P U T E R S
6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the
Next button.
Figure 126. Computer selection
the Next button.
Figure 127. Scheduling task launch
153
R E F E R E N C E G U I D E
8. Click the Finish button to complete task creation (see the figure below).
Figure 128. Completing task creation
R
ESTARTING THE CLIENT COMPUTER
To Restart the computer :
managing the client computers.
specific computers (see section "Creating a task for specific computers" on page 109 ).
3. Select the type of the task (see the figure below).
To do this, in the Task type window of the task wizard in the Kaspersky Administration Kit node open the
Advanced folder and select Manage client computer .
154
C L I E N T C O M P U T E R S
4. Press the Next button in order to proceed with creating the client computer management task.
Figure 129. Selecting the task type
5. Select Restart the computer in the Settings window (see the figure below).
Figure 130. Task settings
155
R E F E R E N C E G U I D E
If you do not want the server to request task performance confirmation from the client computer, uncheck the
Prompt user for confirmation box in the lower window part (by default, this box is checked).
Using the Repeat the prompt regularly in (min) , specify the interval (in minutes) in which Kaspersky
Administration Kit will prompt the user to confirm the restart (the default interval is 10 minutes).
In the Force restart after (min) field enter the interval after which the Administration Server will perform the restart (see the figure below).
Press the Next button.
6. Select computers in the administration groups (see the figure below) for which the task will be started. Press the
Next button.
Figure 131. Computer selection
156
C L I E N T C O M P U T E R S
the Next button.
Figure 132. Scheduling task launch
8. Click the Finish button to complete task creation (see the figure below).
Figure 133. Completing task creation
157
R E F E R E N C E G U I D E
S
ENDING A MESSAGE TO THE USER OF THE CLIENT
COMPUTER
To send a message to the user:
managing the client computer.
specific computers (see section "Creating a task for specific computers" on page 109 ).
3. In the Task type wizard window, open the Kaspersky Administration Kit node, and then the Advanced nested folder.
4. In the task list select Message (see the figure below) and press the Next button.
Figure 134. Message for the user
158
C L I E N T C O M P U T E R S
5. Enter the text of the message which will be displayed on the screen of the user's computer. The text can contain the links, using which the user will be able to go to the respective resource (see the figure below). Press the
Next button.
Figure 135. User message text
159
R E F E R E N C E G U I D E
6. Select computers in the administration groups (see the figure below) on which the task will be started. Press the
Next button.
Figure 136. Computer selection
the Next button.
Figure 137. Scheduling task launch
160
8. Click the Finish button to complete task creation (see the figure below).
C L I E N T C O M P U T E R S
Figure 138. Completing task creation
C
ONNECTING THE CLIENT COMPUTER TO THE
A
DMINISTRATION
S
ERVER MANUALLY
.
T
HE
KLMOVER
.
EXE UTILITY
To connect a client computer to an Administration Server manually:
From the command line on the client computer, start the klmover.exe utility included in the distribution package of the Network Agent.
After the installation of the Network Agent, this utility is located in the root of the destination folder specified during the installation of the component, and when run from the command line, it can perform the following actions, depending on the keys used:
Connects the Network Agent to the Administration Server using the parameters supplied.
Logs the results of the operation in the events log file, or displays them on the screen.
Utility command line syntax: klmover [-logfile <file name>] [-address <server address>] [-pn <port number>] [-ps
<SSL port number>] [-nossl] [-cert <path to certificate file>] [-silent] [-dupfix]
The command line parameters are as follows:
-logfile <filename> – record the results of the program's operation in the log file. By default the information will be stored in the file stdout.tx. If the modifier is not used, the results and error messages will be printed to the screen.
161
R E F E R E N C E G U I D E
-address <server address> – the address of the Administration Server for connection. The address can be represented by IP address, NetBIOS or DNS name of the computer.
-pn <port number> – number of the port that will be used for an unsecured connection to the Administration
Server. The default value is 14000.
-ps <SSL port number> – number of the port that will be used for a secured connection to the
Administration Server using the Secure Sockets Layer (SSL) protocol. By default, port 13000 will be used.
-nossl – use an unsecured connection to the Administration Server; if no modifier is used, a secure connection between the Network Agent and Administration Server will be established using the SSL protocol.
-cert <full path to the certificate file> – use the specified certificate file for authentication when accessing the new Administration Server. If no modifier is used, the Network Agent will receive the certificate on its first connection to the Administration Server.
-silent – launch the utility in non-interactive mode. This modifier can be useful, for instance, when launching the utility from the logon script when registering the user.
-dupfix – this modifier is used if the Network Agent was installed using a method other than the regular installation from a distribution package. For example, it could have been restored from a disk image.
C
LIENT
-
TO
-A
DMINISTRATION
S
ERVER CONNECTION
CHECK FREQUENCY
Kaspersky Administration Kit can check the connection between the client computer and the Administration Server using: klnagchk.exe utility; the Check connection action.
The klnagchk.exe utility provides detailed information about the client computer connection settings. The Check connection action checks host availability for the Administration Server.
V
ERIFYING CONNECTION OF THE CLIENT COMPUTER TO
A
DMINISTRATION
S
ERVER MANUALLY
.
T
HE KLNAGCHK
.
EXE UTILITY
To verify connection of the client computer to the Administration Server using the klnagchk.exe utility, start the klnagchk.exe utility included in the Network Agent distribution kit from the command line on the client computer.
After the installation of the Network Agent, this utility is located in the root of the destination folder specified during installation of the application, and when run from the command line, it can perform the following actions, depending on the keys used: outputs to the screen or records in the log file the connection parameters used by the Network Agent installed on the client computer to connect to the Administration Server; outputs to the screen or in the log file the statistics about operation of the Network Agent since its last launch, and the results of this utility operation; attempts to connect the Network Agent to the Administration Server; if the connection could not be established, sends an ICMP packet to verify the status of the computer on which the Administration Server is installed.
162
C L I E N T C O M P U T E R S
Utility command line syntax: klnagchk [-logfile <file name>] [-sp] [-savecert <path to the certificate file>] [restart]
The command line parameters are as follows:
-logfile <filename> – log the connection parameters used by Network Agent to connect to the
Administration Server and the results of the utility operation. By default the information will be stored in the stdout.tx. file. If the modifier is not used, the parameters, results and error messages will be printed to the screen.
-sp – display the password used to authenticate the user on the proxy server. This parameter is used if connection to the Administration Server is performed using a proxy server.
-savecert <filename> – save the certificate used to access the Administration Server in the specified file.
-restart – restart the Network Agent after the utility has completed.
C
HECKING THE CONNECTION BETWEEN THE CLIENT COMPUTER AND
THE
A
DMINISTRATION
S
ERVER USING THE
C
HECK CONNECTION
ACTION
To check connection between the client computer and the Administration Server using the Check connection action:
1. Select a client computer or a slave Administration Server.
2. Select Check connection in its context menu.
This will open a window containing information about availability of the computer.
Operability of the Network Agent is determined based on the information about the client computer available to the
Administration Server.
R
EMOTE DIAGNOSTICS OF CLIENT COMPUTERS UTILITY
(
KLACTGUI
)
The klactgui utility is designed to perform the following operations on the remote computer:
Downloading application settings (on page 166 ).
Downloading event logs (on page 168 ).
To work with the utility:
1. Install the utility to any computer.
163
R E F E R E N C E G U I D E
To do this, unpack the downloaded archive and run the klactgui_ru.msi (or klactgui_en.msi) file. The utility files are saved to the C:\Program Files\Kaspersky Lab\klactgui directory. The utility is uninstalled using standard tools of the operating system.
Launch the utility using the menu Start Programs klactgui or open the context menu of the client computer and select Custom tools
Remote diagnostics .
2. To connect to the computer: in the main utility window (see the figure below):
Select the Access using Microsoft Windows network option.
In the Computer field enter the name of the computer from which information should be collected.
Specify the account for connecting to the computer:
Connect as a current user – connect under the current user account.
Use provided user name and password to connect
– connect under the specified account. When selecting this option, specify the User name and Password of the required account.
Connection should be established under the account of the local administrator.
Figure 139. Connecting to the computer
3. After specifying the necessary data for connection, press the Enter button.
4. In the window that opens perform the necessary operations and download the necessary files.
The utility saves the files downloaded from client computers to the desktop of the computer from which it has been launched.
164
C L I E N T C O M P U T E R S
E
NABLING AND DISABLING TRACE
,
DOWNLOADING THE TRACE FILE
To enable or disable trace:
1. Connect to the required computer.
2. In the tree select the application, the trace for which you need to collect, and in the left part of the window follow the Enable trace link (see the figure below).
Figure 140. Enabling trace
Enabling and disabling trace for applications using self-protection methods is only possible when they are accessed using the Administration Server.
In some cases, the product and the corresponding task should be restarted to enable trace of the Kaspersky
Anti-Virus. You can disable Kaspersky Anti-Virus using Kaspersky Administration Kit (the client computer properties the Applications tab), and enable it with this utility (the Launch the program link appears in the left part of the window if Kaspersky Anti-Virus is disabled).
165
R E F E R E N C E G U I D E
3. After enabling trace, the trace files appear as its subparagraphs. To download a trace, select the required file and in the left part of the window follow the Download file link to download the entire file (see the figure below).
For big files, there is an option of downloading the last parts of the trace only.
Figure 141. Downloading the trace file
You can also delete the selected file. However, deleting files is available only after disabling trace.
4. To disable trace, select the application and in the left part of the window follow the Disable trace link.
D
OWNLOADING APPLICATION SETTINGS
To download application settings:
1. Connect to the required computer.
2. In the tree select the computer name and in the left part of the window follow the link:
Load system information – to receive complete information about the client computer system.
166
C L I E N T C O M P U T E R S
Load application settings
– to download the settings of Kaspersky Lab applications installed on this computer.
Generate process memory dump
– to generate and download the dump of the specified application (see the figure below).
Figure 142. Generating process memory dump
In the window that opens specify the executable file for which the memory dump file should be generated
(see the figure below).
Figure 143. Generating process memory dumps
Start utility
– to download the specified utility to the remote computer, to launch it on that computer and download the results of its operation.
167
R E F E R E N C E G U I D E
D
OWNLOADING EVENT LOGS
To download an event log:
1. Connect to the required computer.
2. In the Event logs folder select the required log and in the left part of the window follow the Download
Kaspersky Event Log link (see the figure below).
Figure 144. Downloading event log
L
AUNCHING THE DIAGNOSTICS AND DOWNLOADING THE RESULTS OF
ITS OPERATION
To launch the diagnostics for an application:
1. Connect to the required computer.
168
C L I E N T C O M P U T E R S
2. In the tree select the required application and in the left part of the window follow the Run diagnostics link (see the figure below).
Figure 145. Running the diagnostics
169
R E F E R E N C E G U I D E
3. After creating the diagnostics report you can download it by following the Download file link (see the figure below).
Figure 146. Downloading the diagnostics report
S
TARTING
,
RESTARTING AND STOPPING THE APPLICATIONS
Starting, restarting and stopping the applications is only possible through the Administration Server.
To start, restart or stop the application:
1. Connect to the required computer.
2. In the tree select the required application and in the left part of the window follow the link (see the figure below):
Stop application .
Restart application .
Start application .
170
C L I E N T C O M P U T E R S
Depending on the action selected, the application will be started, stopped or restarted.
Figure 147. Starting, restarting and stopping the application
171
REPORTS AND NOTIFICATIONS
Information about the status of anti-virus protection system can be presented in reports. Reports are generated based on the data stored on the Administration Server, and can be created: for a selection of client computers; for computers of a specific administration group; for a set of client computers from different administration groups; for all the computers on the network (available for the deployment report).
The application includes a set of standard report templates; it also supports creation of user-defined templates. Reports can be viewed in the Reports and notifications folder of the console tree.
Besides operations with reports, the Reports and notifications folder allows access to the configuration of general notification settings for an Administration Server.
I N THIS SECTION
C
REATING A REPORT TEMPLATE
To create a new report template:
1. In the console tree, open the Reports and notifications folder and use the New Report Template command. A wizard will start.
2. Specify the template name. If a template with this name already exists, the (1) ending will be automatically added to the new template name.
3. Choose the report type. The following steps will depend on your choice.
4. Specify the reporting period (see the figure below). You can define fixed reporting dates or leave the end date open. In the second case, the program will use the current system date as the end date for the report. You can also select the For recent days option and specify the number of days in the field to the right. In that case the time interval will be calculated starting with the time of report creation. E.g., if the field contains 2 days, and the
172
R E P O R T S A N D N O T I F I C A T I O N S report is created on June 24 at 3.00 PM, then it will include the data for the period since 3.00 PM of June 22 until 3.00 PM June 24.
This step is skipped for reports reflecting the state on the date of their generation - for example, for reports on the current anti-virus protection.
Figure 148. Creating a report template. Defining the reporting period
5. Specify objects for which you want to create the report (see the figure below).
I want to create a report for a group – create a report for client computers included in an administration group.
I want to create a report for a list of computers – create a report for client computers from different administration groups.
173
R E F E R E N C E G U I D E
Report on a selection of client computers
– create a report for a selection of client computers.
Figure 149. Creating a report template. Selecting objects to be reported.
6. Then, in accordance with the report type chosen during the previous step, specify the group, the set of client computers or selection of client computers for which you want to create a report (see the figure below).
Complete the wizard.
Figure 150. Creating a report template. Selecting client computers.
174
R E P O R T S A N D N O T I F I C A T I O N S
After you complete the wizard, the new template will be added to the Reports and notifications folder node in the console tree and displayed in the results pane. The template can be used to create and view reports.
V
IEWING STATISTICS
In Kaspersky Administration Kit graphic presentation of the information reflecting the status of the anti-virus protection system can be found on the Statistics tab of the Reports and notifications folder. The tab can consist of several pages; each of them includes information panels that provide statistical information in convenient and understandable format. information panels are represented as tables or (pie or bar) charts, making comparison of various data easier and clearly demonstrating the relation between them. The data in information panels is constantly updated to reflect the current status of anti-virus protection.
The Statistics tab lets the administrator view the statistical data about the current status of the protection, updates, antivirus statistics, general statistics, etc.
An extended results pane is available for the Statistics tab (see the figure below).
Figure 151. Results pane of the Statistics tab
Administrators can change the displayed pages, the number of information panels and the presentation method.
175
R E F E R E N C E G U I D E
In order to modify the settings used to display the statistical data, use the following buttons:
– configure the list of pages;
– configure the statistics page; the button is located next to the page name;
– configure settings for separate panel display; the button is located next to the panel name;
and – collapse or expand an information pane;
– print the statistics page.
C
REATING A STATISTICS PAGE
In Kaspersky Administration Kit you can create customized statistics pages which contain only the necessary information panels.
To add an information pane to the page:
1. Press the button in the top right corner of the Statistics tab. This will open the tab settings configuration window (see the figure below).
Figure 152. Configuring the tab settings
176
R E P O R T S A N D N O T I F I C A T I O N S
2. Press the Add button located in the Statistics window. This will open the new page settings window (see the figure below).
Figure 153. The new page settings window
3. Configure the page settings:
Specify the following settings on the General tab: page name; number of columns in information panels.
On the Information panels
4. Press the OK button to complete creation of the page.
177
R E F E R E N C E G U I D E
C
HANGING THE SET OF STATISTICS PAGES
In order to change the list of the statistics pages:
1. Press the button in the top right corner of the Statistics tab. This will open the tab settings configuration window (see the figure below).
Figure 154. Configuring the tab settings
2. Select the page heading. You can change the list of pages using the following buttons:
Add – add pages to the tab;
Properties
– change the page settings;
– delete page;
and
– change the order of pages on the tab.
178
R E P O R T S A N D N O T I F I C A T I O N S
C
REATING AN INFORMATION PANEL
To add an information pane to the page:
1. Click the button , located next to the name of the page. This will open the page settings configuration window
(see the figure below).
Figure 155. The page settings window
179
R E F E R E N C E G U I D E
2. Press the Add button located on the information panels page settings configuration window. This opens the
New information pane window (see the figure below) containing the list of information pane types.
Figure 156. The New information pane window
180
R E P O R T S A N D N O T I F I C A T I O N S
3. Select the type of the information pane being created from the list (see the figure above). The list of types is inbuilt and cannot be changed. Press the OK button. This opens the information pane settings window (see the figure below).
Figure 157. The General tab
4. Specify the information pane settings:
Specify the following settings on the General tab (see the figure above): name of information pane; data collection frequency (days). The day count begins from the moment of panel creation.
181
R E F E R E N C E G U I D E
On the View tab (see the figure below) select the information display type (table or diagrams) by selecting the required value from the drop-down list, and specify the settings corresponding to this type.
Figure 158. The View tab
On the Computers tab select the hosts, information about which should appear in the panel. Editing the Computers tab is not available for all information panels.
Press the OK button to complete configuration of the information pane settings.
5. Press the OK button to finish adding the information pane.
182
R E P O R T S A N D N O T I F I C A T I O N S
C
HANGING THE SET OF INFORMATION PANELS
To change the set of information panels:
1. Click the button , located next to the name of the page. This will open the page settings configuration window
(see the figure below).
Figure 159. Page settings configuration
2. Select the information panels tab.
3. Select the heading of the information pane. You can change the list of panels by using the following buttons:
Add
– add the information panels to the page;
Properties – change the settings of the information pane;
– delete an information pane;
and
– change the order of information panels on the page.
183
R E F E R E N C E G U I D E
V
IEWING AND EDITING REPORT TEMPLATES
To view or modify a report template,
open the Reports and notifications folder in the console tree. A list of existing report templates will then be displayed in the results pane. Select the necessary template and use the Properties command from the context menu.
This will open the <Report template name> properties window. The tabs displayed in this window depend on the specific report type.
The General tab (see the figure below) contains the following key information. You can: change the name of the report template; view the name of the template type, its description, date and time of its creation and the latest change to the settings;
check the Print version box so that the report created will be displayed in a format suitable for printing;
Configure settings for Administration Server hierarchy link.
Figure 160. The report template settings window. The General tab
184
R E P O R T S A N D N O T I F I C A T I O N S
The Details fields tab (see the figure below) is used to define the fields included in the report's detailed field table, together with the record sorting order, and filter settings.
Figure 161. The report template settings window. The Details fields tab
To create the list of fields, use the Add and Remove buttons. The field order may be changed with the Move Up and
Move Down buttons. To modify the sorting order in a field and to specify filtering, use the Edit button. Use the displayed window (see the figure below) to enter the following settings: to set the sorting order for records in the selected field, check Sort report field values and select Ascending or Descending ;
185
R E F E R E N C E G U I D E to use records in the filter field, check the Filter field values box and specify the necessary criteria in the fields below. Each report field has its own set of filtering criteria.
Figure 162. Selecting the order of sorting report fields
186
R E P O R T S A N D N O T I F I C A T I O N S
On the Summary fields tab (see the figure below), fields that form a table with summary data included in the report are defined as well as the sort order of the records in those fields. The settings on this tab (except for filtration) are identical to the settings on the Details fields tab.
Figure 163. The report template settings window. The Summary fields tab
187
R E F E R E N C E G U I D E
The Totals tab (see the figure below) contains calculated (summed up) fields of the report. To delete an object from the report template, select it in the Selected fields list and press the Remove button. To add a field to the report template, select it in the All fields list and press the Add button.
Figure 164. The report template settings window. The Totals tab
The Group tab displays the group, information about which is included in the report. Its settings are similar to those provided in the corresponding window in the report template creation wizard.
188
R E P O R T S A N D N O T I F I C A T I O N S
On the Security tab (see the figure below) the users and user groups are assigned the rights for working with report template.
Figure 165. The report template settings window. The Security tab
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
View Configuring interface menu and check the box in the Display security settings tabs string.
By default, the rights to work with a report template are inherited from the Administration Server properties (see section
defined. To configure individual access rights for a report template which are different from those specified in the
Administration Server settings, uncheck the Inherit box.
The upper part of the tab displays a list of users and user groups that have access to the Administration Server. The lower part contains the list of possible permissions:
All – includes all permissions (see below).
Reading – viewing Kaspersky Administration Kit objects' properties without a permission to perform operations, create new objects or modify the existing ones.
Writing
– changing Kaspersky Administration Kit object properties, as well as creating new objects without a right to perform operations upon objects.
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
189
R E F E R E N C E G U I D E
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that group. If you check the All box, all the boxes in the column will automatically be checked.
You can add a new group or a new user, using the Add button. You can only add groups of users and users that are registered on the computer with the Administration Console installed.
To remove a group or a user, select an object from the list and click the Remove button.
The group of Kaspersky Administration Kit administrators ( KLAdmins ) cannot be removed.
To apply the settings, click the Apply or OK button.
G
ENERATING AND VIEWING REPORTS
To generate a report and view it in the results pane of the Administration Console:
1. Connect to the Administration Server (see section "Managing Administration Servers" on page 21 ).
2. Open the Reports and notifications folder containing the list of report templates in the console tree.
3. Select the necessary template in the console tree.
The corresponding generated report will appear in the results pane. The report contents correspond to the selected template (see the figure below) and can include the following items: the type and name of the report, brief report description and reporting period, and information about the objects for which this report was created; the graphical diagram displaying the most typical report data; the table with cumulative report data (calculated report fields);
190
the table with detailed report data.
R E P O R T S A N D N O T I F I C A T I O N S
Figure 166. Viewing a report in the results pane
To save a generated report to disk and view it in a browser:
1. Select the necessary template in the console tree (see above).
2. Open the context menu and select the Save command.
3. In the wizard that opens press the Next button.
191
R E F E R E N C E G U I D E
4. In the following window specify the path to the folder, to which you wish to save the report file, and in the dropdown menu select the format, in which you wish to save the report (see the figure below). Press the Next button.
Figure 167. Saving a report. Selecting the folder for saving to disk
192
R E P O R T S A N D N O T I F I C A T I O N S
5. In the final wizard window check the Open the report folder box and press the Finish button (see the figure below).
Figure 168. Saving a report. Completing the wizard
6. This will open the folder to which you have saved the report file.
R
EPORTS DELIVERY TASK
The reports delivery task is generated automatically if the email settings were defined during the installation of Kaspersky
Administration Kit.
To create report delivery task:
1. In the console tree, open the Kaspersky Administration Kit tasks folder in the console tree, open its context menu and select the New Task command.
select the following settings:
193
R E F E R E N C E G U I D E
3. Select Report Delivery (see the figure below) as the task type.
Figure 169. Creating a task for delivery of reports
4. In the Settings window (see the figure below):
194
R E P O R T S A N D N O T I F I C A T I O N S use appropriate checkboxes to select in the list the templates that will be used to generate reports for further delivery via email.
Figure 170. Creating a report delivery task. Configuring the settings
To configure delivery of reports by email as they are generated, check the Send report by email box and use the Email notification settings link to configure the parameters that will be used to email the reports.
By default, the system will use the Administration Server settings specified during configuration on the
Notifications
tab (see section " Viewing and configuring policy settings " on page 77 ) in the properties
window of the Reports and notifications folder.
In the Settings of email notifications window (see the figure below) you can define your custom settings.
Email address
– the email address where the reports matching the selected templates will be sent in the chosen format;
Subject
– the header of the message prepared for sending and containing generated reports;
In the Email settings group of fields select one of the following options:
Use Administration Server settings to send email messages, using the settings specified on the
Notifications tab in the properties window of the Reports and notifications folder.
195
R E F E R E N C E G U I D E
Configure stand-alone , to specify new settings for the SMTP server.
Figure 171. Creating a report delivery task. Configuring the settings for email delivery
To save the created reports to a folder, check the Save report to folder box and press the Browse button to open the Folder selection window and specify the path to the folder where the reports should be stored.
To create a task for delivery of reports, you can also use the Send Reports command in the context menu of the node in the console tree corresponding to the required report template, or the Schedule a report delivery link in the task pane of the Kaspersky Administration Kit tasks folder.
To modify task settings:
1. In the console tree, open the Kaspersky Administration Kit tasks folder.
2. Select the necessary reports delivery task.
3. Open the context menu and choose the Properties command.
4. In the window that opens, select the Settings tab (see the figure below). This tab displays the same settings that were configured when the task was created: the set of templates for report generation; operations performed with report; settings for email delivery.
5. Specify the required values for these settings.
196
6. To confirm the settings, press the Apply or OK button.
R E P O R T S A N D N O T I F I C A T I O N S
Figure 172. Configuring the reports delivery task
To modify the set of templates for generation of reports, use the checkboxes in the Select a template for creating a report section to select the reports, which should be sent by email and deselect those, which should not be emailed.
To change the settings used to send reports by email, use the Email notification settings link and redefine the parameters in the window that opens.
To navigate quickly to the task settings, use the Edit task settings link in the task pane of the required task.
A
DMINISTRATION
S
ERVERS HIERARCHY REPORTS
In order to configure the use of information from the slave Administration Servers in the report:
1. Using the Reports and notifications folder, select the required report and select Properties by opening its context menu.
197
R E F E R E N C E G U I D E
2. On the General tab of the window that opens, click the Configure settings for Administration Server hierarchy link to open the Administration Servers hierarchy window (see the figure below).
Figure 173. The Administration Servers hierarchy window
3. Configure settings for the servers hierarchy:
If you wish to use information from slave Servers, check the box in the Include data from slave
Administration Servers field.
Use the Up to nesting level field to specify the Administration Server nesting depth to which information is to be obtained based on the current hierarchy.
Enter the desired value in the Data wait timeout (minutes) field. If no information is received from a slave
Server during the specified time interval, it is considered unreachable (relevant information will be contained in the report).
If no data can be received from a slave Server, the data downloaded during the last successful connection can be used to generate a combined report. To keep the data from slave Administration Servers in the cache, check the Cache slave Administration Server data box and specify the caching interval in the
Cache update frequency (hours) field.
To transfer to the master Administration Server the information displayed in the Details report section, check the Transfer detailed information from slave Administration Servers box; if this box is unchecked, the master Administration Server only receives information from the Summary report section.
4. To confirm the settings, press the OK button.
R
ESTRICTING THE NUMBER OF RECORDS INCLUDED IN
REPORTS
To set the maximum number of records included in a report, select the required report template in the Reports and notifications folder. Select the Properties command in the context menu and on the General tab (see the figure below) check the Maximum number of entries displayed box. Enter the required value in the field to the right.
198
Click the Apply or OK button to apply the settings.
R E P O R T S A N D N O T I F I C A T I O N S
Figure 174. The report template settings window. The General tab
199
R E F E R E N C E G U I D E
N
OTIFICATION LIMIT
To configure notification limit:
1. Follow the Configure numeric notification limit link located in the properties window of the Reports and notifications folder. This will open the notification limit configuration window (see the figure below).
Figure 175. Notification limit
2. In the window that opens, enable the option to Limit the number of notifications and specify the values for the following settings: the maximum number of notifications sent by the Administration Server; the time period (in minutes) during which the Administration Server can generate the notifications.
3. Press the OK button to complete the notification limit configuration.
N
OTIFICATIONS
Kaspersky Administration Kit allows to adjust the general settings of the Administration Server notifications.
The administrator can configure the parameters of notifications about the events of the Administration Server, Kaspersky
Anti-Virus for Windows Workstations, Kaspersky Anti-Virus for Windows Servers.
Kaspersky Administration Kit enables you to choose the most convenient notification method:
Email (see section "Email notification" on page 200 ).
NET SEND (see section "Use NET SEND" on page 203 ).
Executable file to run (see section "Notification using the executable file to run" on page 204 ).
E
MAIL NOTIFICATION
To configure general email notification settings:
1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window.
200
2. Set the values for the settings (see the figure below).
R E P O R T S A N D N O T I F I C A T I O N S
Figure 176. Editing the settings for email notifications
3. From the drop-down list select the Email notification method (see the figure above). Under this option:
In the Recipient field, specify the email address of the notification recipient. Several addresses may be entered as a list separated by commas or semicolons.
In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows network name can be used);
In the SMTP server port field, specify the SMTP server connection port number (the default is port 25);
201
R E F E R E N C E G U I D E specify the subject for the message that will be delivered as a notification. To do this, press the Properties button and in the window that opens (see the figure below), fill in the Subject field. The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button . Use the same window to enter User name and
Password in the relevant fields if ESMTP authorization is being used.
Figure 177. Configuring notification settings. Specifying the Sender and Subject
4. Set the parameters to restrict the number of notifications.
202
R E P O R T S A N D N O T I F I C A T I O N S
5. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed.
Figure 178. Configuring notification settings. Sending a test notification
6. Press the OK button to complete the notification settings.
U
SE
NET SEND
To configure general settings of the NET SEND notifications:
1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window.
2. In the drop-down list select the NET SEND notification method (see the figure below).
203
R E F E R E N C E G U I D E
Under this option, use the field below to enter recipient host addresses for network notifications. You can use either the IP address or computer name in the Windows network as the address. Several addresses may be entered as a list separated by commas or semicolons. For successful notification, a messaging service
(Messenger) must be installed on the Administration Server and on all recipient computers.
Figure 179. Configuring notifications. Notification using NET SEND
3. Set the parameters to restrict the number of notifications.
4. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed.
5. Press the OK button to complete the notification settings.
N
OTIFICATION USING THE EXECUTABLE FILE TO RUN
To configure general settings of notifications by running the executable file:
1. Select the Notifications tab in the properties window of the Reports and notifications folder. This will open the notification settings configuration window.
2. In the drop-down list select the Executable file to run notification method (see the figure below).
Under this option, use the Select button to select an executable module to run when an event occurs.
204
R E P O R T S A N D N O T I F I C A T I O N S
Executable environment variable names are the same as the names of placeholders used to create the message text (see the figure below).
Figure 180. Configuring notifications. Notification using executable files
Enter the message which will be delivered as notification in the Notification message section at the bottom of the window (see the figure above).
The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them from the drop-down list accessible by clicking the button .
Event severity ;
From computer ;
Domain ;
Event ;
Event description ;
Time raised ;
Task name ;
Application ;
Version number ;
205
R E F E R E N C E G U I D E
IP-address ;
IP address of the connection .
3. Set the parameters to restrict the number of notifications.
4. To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed error information will be displayed.
5. Press the OK button to complete the notification settings.
206
EVENT AND COMPUTER SELECTIONS
Kaspersky Administration Kit provides extensive functionality to monitor the anti-virus protection system.
There is a capability to maintain event logs, create event and computer selections. Information can be saved both in the
Microsoft Windows system log and in the Kaspersky Administration Kit event log. Information about the status of the antivirus protection system and client computers is kept in the Event and computer selections folder.
I N THIS SECTION
E
VENT SELECTIONS
Information about events registered during the operation of the anti-virus protection system is represented as selections in the Events folder.
After application installation the folder contains a few standard selections. You can create additional selections, and export event records to file.
V
IEWING
K
ASPERSKY
A
DMINISTRATION
K
IT EVENT LOG
To view Kaspersky Administration Kit event log stored on the Administration Server,
the Event and computer selections Events folder in the console tree and choose the folder corresponding to the necessary selection.
The default set contains the following selections: Recent events , information events , Critical events , Functional failures , Warnings , and Audit events . Modification of the settings of those selections except for the Recent events selection is impossible.
To open the necessary event selection, you can also use the corresponding link in the task pane of the Events folder.
In the results pane you will then see a table (see the figure below) listing all events of the selected type stored on that
Administration Server (for all groups and installed applications). The table displays the following information:
Severity – level of registered event importance.
Client computer
– the name of the client computer or the Administration Server which was the source of the event.
Group
– the name of the administration group that contains the client computer.
Application – the name of the application that generated the event.
Version number – the application version number.
Task
– name of the task that caused the event.
Event – the name of the event.
207
R E F E R E N C E G U I D E
Time
– the date and time of the event.
Description – event description.
Figure 181. Viewing events stored on the Administration Server
You can sort data in any column in ascending or descending order.
To facilitate viewing and searching for required information, there is a capability to create and configure user-defined selections. The use of selections makes it possible to search for and filter out unnecessary information that hinders viewing, since the table of events for every selection displays only relevant information matching its settings. This is very important since the Server stores a considerable amount of information.
C
REATING AN EVENT SELECTION
To create a selection:
1. In the console tree, open the Event and computer selections Events .
2. Open the context menu and use the New New selection command or the Create a selection link in the task pane.
3. Enter the selection name in the window that opens (see the figure below) and press the OK button.
208
E V E N T A N D C O M P U T E R S E L E C T I O N S
As a result, a folder with the name you have specified for the selection will appear in the console tree. The structure of this folder will include all events and task results that are stored on the Administration Server. To search for events, configure the selection parameters.
Figure 182. Creating an event selection
For selection created manually, you can change the order of columns, add or remove columns.
To change the columns displayed for an event selection created manually:
1. In the console tree, open the Event and computer selections Events folder and choose the required selection.
2. Open the context menu and select the View Add or remove columns command.
3. In the window that opens (see the figure below), use the Add and Remove buttons to create the list of displayed columns. Use the Move Up and Move Down buttons to edit the order of displayed columns.
Figure 183. The Add or remove columns window
The list of events in the results pane will be updated automatically in accordance with the specified settings.
C
USTOMIZING AN EVENT SELECTION
To customize a selection:
1. In the console tree, open the Event and computer selections .
209
R E F E R E N C E G U I D E
2. Open the Events folder and make the necessary event selection.
3. Open the context menu and select the Properties command.
This will open the selection configuration window that contains the following tabs: General , Events , Computers and
Time .
For preset selections, the configuration window contains only the General tab. The Recent events selection configuration window also contains the Time tab where you can specify the time interval for the selection.
On the General tab (see the figure below) you can:
Edit the selection name.
Restrict the amount of information to be displayed in this selection. To do this, check the Restrict the number of displayed events box and specify the maximum number of rows to be included in the table.
Restrict the amount of events, in which the search for events in selections is performed. To do this, check the
Limit search with the number of last events box and specify the maximum number of events to search for.
Figure 184. Customizing an event selection. The General tab
Using the Events tab (see the figure below) define the event characteristics and task results that must be included in the selection:
Name of the application for which you require information.
210
E V E N T A N D C O M P U T E R S E L E C T I O N S
Application version number.
Name of the task, the results of which must be displayed.
Select the event importance level from the drop-down list.
For each application event types are defined that may occur during its operation. Each event has a characteristic that reflects its importance level. Events of the same type may have different severity levels depending on the situation in which the event occurred.
To configure the selection to include only events of a specific type, check the Events box and check the boxes next to the names of the required types. If the event type is not specified, all types of events will be displayed.
To ensure that the selection includes task results, check the Results of performing tasks box and select the required task status.
To collect information about results of the last task launch only, check the Show only last results of the task box.
Figure 185. Customizing an event selection. The Events tab
On the Computers tab (see the figure below), define the computers where the events and task execution results included in the selection must be registered. You can use the following parameters: computer name;
211
R E F E R E N C E G U I D E computer name in the Windows network; administration group; domain; to specify the range of IP addresses of computers, check the IP address range box and enter the starting and ending IP address .
Figure 186. Customizing an event selection. The Computers tab
Using the Time tab (see the figure below), define the time of event and task execution results to be included in the selection.
You can select the following options:
During a period - to define fixed dates for the beginning and end of the period. To specify the dates, select
Events on in the From and To fields respectively and enter the exact date and time. If all recorded information is required, select First event and Last event .
For recent days to specify the number of days. In that case the time interval will be calculated starting with the time of list creation.
212
E V E N T A N D C O M P U T E R S E L E C T I O N S
E.g., if the field contains 2 days, and the selection is created on June 24 at 3.00 PM, then it will include the data for the period since 3.00 PM of June 22 until 3.00 PM June 24.
Figure 187. Customizing an event selection. The Time tab
To confirm the selection settings, press the Apply or the OK button. As a result, the Events table for a selection will display only the information that satisfies the specified criteria.
S
AVING INFORMATION ABOUT EVENTS TO FILE
To save information about events to file:
1. Select the event selection containing the required events in the console tree and use the All tasks Export command from the context menu. A wizard will start.
2. During the first step of the wizard, specify the path and name of the file where the information will be saved. If you want only those events that you selected in the results pane to be saved to a file, check the Export selected events only box.
3. During the second step, select the file format:
Export as tab-delimited text
– text file.
Export as tab-delimited Unicode text – Unicode format text file.
4. To complete the wizard, press the Finish button.
213
R E F E R E N C E G U I D E
D
ELETING EVENTS
To delete an individual event, select this event in the results pane and use the Delete context menu command.
To delete events matching certain criteria: create and apply an event selection with the settings corresponding to the specified criteria. Then delete all the events in the results pane, using the Delete all context menu command.
Only events that satisfy the selection settings will be deleted from the Events folder.
C
OMPUTER SELECTIONS
Information about the status of client computers is available in a separate node of the console tree – Event and computer selections Computer selections . Data is represented as a set of selections, each of which displays information about computers matching the specified conditions. After application setup the folder contains some standard selections (see the figure below).
Figure 188. Computer selections folder
Status diagnostics of client computers is performed based on the data describing the anti-virus protection status on a host and information about its network activity. Diagnostics settings can be configured individually for every administration group on the Computer status tab.
214
E V E N T A N D C O M P U T E R S E L E C T I O N S
V
IEWING A COMPUTER SELECTION
To view a computer selection:
2. Select in the console tree the Event and computer selections Computer selections folder.
3. Select the folder corresponding to the necessary selection: Not scanned for a long time , Computers without anti-virus software , Computers without protection , Computers with the status "Critical" , etc.
For quick access to the necessary selection, you can also use the corresponding link in the task pane of the Computer selections folder.
In the results pane you will see a table (see the figure below) listing all computers matching the selection criteria. The table displays the following information:
Name
– client computer name;
OS Type ;
Domain
– Windows domain or workgroup including the host;
Agent / Anti-virus – status of the applications installed on the computer;
Last visible time
– date and time when the Administration Server last registered the host in the network;
Last update date
– date of the last database or application update on the host;
Status – current computer status ( OK / Warning / Critical ) based on administrator-defined criteria;
Info update
– date of the last host information update on the Administration Server;
Domain name – DNS name of the host;
IP-address
– computer IP address;
Connecting to Server – date of the last host information update on the Administration Server;
IP address of the connection
– IP address of the client computer connection with Administration Server;
Connection IP address is preserved until the next connection attempt; it is used if connection to the client computer by its main name cannot be established.
Viruses found
– the number of viruses found on the client computer;
On-demand scan - date and time of the last complete anti-virus scan of the client computer;
Parent group - the administration group that contains the client computer;
Server
– Administration Server that the computer is assigned to;
215
R E F E R E N C E G U I D E
Real-time protection status
– real-time protection status on the computer.
Figure 189. Viewing a computer selection
You can sort data in any column in the ascending or descending order, change the order of columns, add or remove columns. Modification of the displayed columns in preset selections is not supported.
To change the columns displayed for a computer selection:
1. In the console tree, open the Event and computer selections folder.
2. Select the necessary selection in the Computer selections folder.
3. Open the context menu and select the View Add or remove columns command.
4. In the window that opens (see the figure below) use the Add and Remove buttons to create the list of displayed columns. Use the Move up and Move down buttons to edit the order of displayed columns.
5. Press the OK button to complete.
Figure 190. The Add or remove columns window
216
E V E N T A N D C O M P U T E R S E L E C T I O N S
The list of computers in the results pane will be updated automatically in accordance with the specified settings.
To facilitate viewing and searching for required information, there is a capability to create and configure user-defined selections.
C
REATING A COMPUTER SELECTION
To create a computer selection:
1. In the console tree, open the Event and computer selections Computer selections .
2. Open the context menu and select the New New selection command.
3. In the window that opens, enter the selection name (see the figure below) and press the OK button.
As a result, in the Computer selections folder of the console tree, a folder will appear with the name you have specified
To navigate quickly to the creation of a computer selection, use the Create a selection link in the task pane of the
Computer selections folder.
Figure 191. Creating a computer selection
C
ONFIGURING A COMPUTER SELECTION
Kaspersky Administration Kit allows the user to configure the created selections of computers.
To configure a computer selection:
1. Make the required computer selection in the console tree and choose the Properties command from the context menu.
2. This will open the computer selection configuration window made up of the tabs: General and Conditions .
The Security tab can be available too.
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the View Configuring interface menu and check the box in the Display security settings tabs string.
Using the General tab (see the figure below) you can modify the selection name, and define the computers to be searched, by selecting one of these options:
Find any computers – the search will be performed for all computers within the network, whether included in administration groups or not.
217
R E F E R E N C E G U I D E
Find managed computers
– search only among client computers of the administration groups.
Find unassigned computers – search among computers not included in administration groups.
To allow a search to use information about computers stored on the slave Administration Servers, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search.
Figure 192. Configuring a computer selection
On the Conditions tab select the corresponding selection of computers and press the Properties button. This will open the computer selection configuration window that contains the following tabs: General , Network , Network activity ,
Application , Computer status , Virus protection and Applications registry.
On the Network tab (see the figure below), specify attributes for the computers to be included in the selection.
You can use the following parameters:
Computer name in the administration group.
Domain that must include the computers.
IP address range of the computers; for this, check the IP address range box and enter the initial and final
IP addresses.
Computer is located in Active Directory organization unit . Check the box and use the Select button to specify the Active Directory organization unit that must include the computers.
218
E V E N T A N D C O M P U T E R S E L E C T I O N S
Including child organization units . Check this box to allow a search to use information about computers included in the child organization units of the specified Active Directory organization unit.
Figure 193. Configuring a computer selection. The Network tab
You can use the Network activity tab (see the figure below) to specify the following selection criteria:
If the computer to be selected acts as an Update Agent. To do this, in the Update Agent is drop-down list, select one of the following values:
Yes , to add computers acting as Update Agents to the selection.
No , to add computers not acting as Update Agents to the selection.
If the Do not disconnect from the Administration Server option is included in the client computer properties. To do this, select one of the following values in the Feature "Do not disconnect from the
Administration Server" drop-down list:
Enabled , to add to the selection computers with the option enabled.
Disabled , to add to the selection computers with the option disabled.
Whether the computer is connected to the Administration Server as the result of switching the connection profile. To do this, in the Connection profile switched field, select:
Yes , for the selection to be made from computers which connected as the result of switching the connection profile.
219
R E F E R E N C E G U I D E
No , for the selection to be made from computers which connected not as the result of switching the connection profile.
If the computer connected to the Administration Server during a specific time interval. To do this, check the
Time range of the last connection to Administration Server box and specify the time interval in the fields below.
If the computer was detected as a new host during network polling. To do this, check the New computers found during network scan box and specify the number of days in the Detection period (days) field.
Figure 194. Configuring a computer selection. The Network activity tab
On the Application tab (see the figure below) specify which Kaspersky Lab application must be installed on the computers. You can use the following parameters:
Application name. Select the required value from the drop-down list. The list provides only the names of applications with administration plug-ins installed in the administrator's workplace.
Application version number.
Critical update name.
Last modules update. To do this, check the Last modules update box and specify the start and end date and length of the interval in the from and to fields.
220
Version of the operating system installed on the computer.
E V E N T A N D C O M P U T E R S E L E C T I O N S
Figure 195. Configuring a computer selection. The Application tab
On the Virus protection tab (see the figure below), specify criteria to evaluate the anti-virus protection on the computers which will be included in the selection . You can specify: creation date of the anti-virus database used by the applications; to do this, check the Anti-virus database date box and specify the time interval matching the date of the anti-virus database release; number of records in the anti-virus database used by applications; to do this, check the Database records count box and specify the minimum and the maximum number of records; the time of the last full computer scan by one of the Kaspersky Lab anti-virus applications; to do this, check the Last virus scan time box and specify the time interval during which the scan was performed;
221
R E F E R E N C E G U I D E the number of viruses detected on the computer; to do this, check the Viruses found box and specify the minimum and the maximum possible values for this parameter.
Figure 196. Configuring a computer selection. The Virus protection tab
On the Computer status tab (see the figure below), specify parameters that characterize the status of the computers and the status of the real-time protection task on those computers. To do this: select the required value from the Computer status drop-down list: OK , Critical or Warning ; from the Computer status description list select the conditions based on which the computer is assigned the status;
222
E V E N T A N D C O M P U T E R S E L E C T I O N S select in the Real-time protection status list the status of the real-time protection running on the computers included in the selection.
Figure 197. Configuring a computer selection. The Computer status tab
On the Programs registry tab (see figure below), specify the set of program parameters with which the selection is made. To do this, specify the necessary values in the following fields or leave them empty:
Application name (using the dropdown list);
Application version ;
Manufacturer (using the dropdown list);
Incompatible security application name . Use the drop-down list to select an external application or a
Kaspersky Lab application that is incompatible with Kaspersky Administration Kit.
223
R E F E R E N C E G U I D E
If an update installed for an application is used as the search criterion, check the Find by update box and in the corresponding fields enter the update name, version and vendor.
Figure 198. Configuring a computer selection. The Applications registry tab
Whether this tab is shown or hidden is determined by the user interface settings. To configure this tab to be displayed, go to View Configuring interface menu and check the box in the Display application registry string.
On the Security tab (see the figure below) the users and user groups are assigned the rights for working with the selection.
The settings of this tab are configured similarly to the settings of the Security tab of the report template properties (see
section "Viewing and editing report templates" on page 184 ).
224
UNASSIGNED COMPUTERS
Information about computers within a corporate network that are not included in administration groups can be found in the Unassigned computers folder. The Unassigned computers folder contains three subfolders: Domains , IP subnets and Active Directory .
The Domains folder contains the hierarchy of subfolders reflecting the structure of domains and workgroups in the corporate Windows LAN. Each of the folders at the lowest level contains a list of computers of the respective domain or workgroup, which are not included in the structure of administration groups. Once a computer is included in a group, information about it will be immediately deleted from the folder. If the computer is excluded from the structure of the administration group, information about it will again be placed in the Unassigned computers Domains folder, in the corresponding subfolder.
The Active Directory folder displays computers reflecting the Active Directory structure.
The IP subnets folder displays computers reflecting the structure of IP subnetworks created within the network. The structure of the IP subnets folder can be determined by the administrator by creating new IP subnets and editing the settings of existing ones.
To view information about the computer network received by the Administration Server during regular polling:
1. Select the Unassigned computers folder in the console tree.
2. Select one of the subfolders: Domains , Active Directory or IP subnets .
The results pane will display information about the computer network structure in the appropriate way.
Information in the Kaspersky Administration Kit results pane (for example, computer statuses, statistics or reports) is not refreshed automatically. You can refresh information in the results pane by one of the three following methods: by pressing the F5 key, by selecting the Refresh item from the context menu or by clicking the button on the toolbar.
I N THIS SECTION
N
ETWORK
D
ISCOVERY
Information about the structure of the network and computers included in this network, is received by the Administration
Server through regular polling of the Windows network, IP subnets and Active Directory within the corporate computer network. The content of the Unassigned computers folder will be updated based on the results of this polling.
The Administration Server can use the following types of network scanning:
Windows network polling . There are two polling methods: quick and full. During quick polling, only information on hosts in the list of NetBIOS names of all network domains and workgroups is collected. During full polling, additional information is requested about computers: operating system, IP address, DNS name, etc.
225
R E F E R E N C E G U I D E
Polling by IP Subnets . The Administration Server will poll the specified IP ranges using ICMP packets, and collect a complete set of data on hosts within the range.
Polling of Active Directory groups . This enters information on the Active Directory unit structure and host DNS names into the Administration Server database.
The Administration Server uses the collected information and the data on corporate network structure to update the contents of the folder of the Unassigned computers folder, as well as the content and items in the Managed computers folder. In that case, computers discovered in the network can be automatically added to an administration group specified by the administrator.
The Unassigned computers folder of the master Administration Server also displays computers included in administration groups of other slave Administration Server, if they are located in the same subnetwork. The reverse is also true.
V
IEWING AND CHANGING THE SETTINGS FOR
W
INDOWS NETWORK
POLLING
To modify the settings for Windows network polling:
1. In the console tree, select the Unassigned computers Domains folder.
2. Open the context menu and select the Properties command.
3. In the window that opens, use the General tab (see the figure below) to check the Enable Windows network polling box.
Specify in the fields below:
Quick scan time (min) . Information about the list of NetBIOS names of computers in all network domains and workgroups will be updated with the specified frequency. The default interval between polls is 15 minutes.
Full scan time (min) . Complete information about computers in the network, including operating system, IP address, and DNS name, will be updated with the specified interval. The default interval between polls is 60 minutes.
To manually start full computer network polling, click the Scan now button.
To disable polling of the Windows network, uncheck the Enable Windows network polling box.
226
U N A S S I G N E D C O M P U T E R S
For quick viewing and modification of the settings for Windows network polling, use the Edit discovery settings link in the results pane of the Unassigned computers folder in the Microsoft Network Discovery section.
Figure 199. Viewing the Domains group properties
To exclude all domains from network scans:
1. Select the Unassigned computers Domains folder.
2. Open the context menu and select the Properties command.
227
R E F E R E N C E G U I D E
3. In the window that opens, use the Client computers tab (see the figure below) to uncheck the Enable scanning of computers of this group box.
Figure 200. Viewing the Domains group properties. The Client computers tab
V
IEWING AND MODIFYING
A
CTIVE
D
IRECTORY GROUP PROPERTIES
To modify the settings for polling Active Directory groups:
1. Select Unassigned computers Active Directory in the console tree.
2. Open the context menu and select the Properties command.
3. In the window that opens, use the General tab (see the figure below) to check the Enable Active Directory polling box.
The Administration Server will poll the network with the period specified in the Scan interval (min) field. The default interval between polls is 60 minutes. You can specify a different value, or cancel polling by unchecking the Enable Active Directory polling box.
To manually start full computer network polling, press the Scan now button.
228
U N A S S I G N E D C O M P U T E R S
For quick viewing and modification of the settings for Windows network polling, use the Edit discovery settings link in the results pane of the Unassigned computers folder in the Active Directory Discovery section.
Figure 201. Viewing the Active Directory group properties
To exclude a group from full scan:
1. Select the Unassigned computers Active Directory folder and select the group.
2. Open the context menu and select the Properties command.
3. In the window that opens, use the General tab to uncheck the Enable Active Directory polling box.
V
IEWING AND MODIFYING THE SETTINGS FOR
IP
SUBNET POLLING
To modify the settings for IP subnets polling:
1. Select Unassigned computers IP subnets in the console tree.
2. Open the context menu and select the Properties command.
3. In the window that opens, use the General tab (see the figure below) to check the Enable IP subnet scanning box.
The Administration Server will poll the specified IP ranges using ICMP packets, and collect a complete set of data on hosts within the range. Polls occur with the frequency specified in the IP subnet scanning period
(min) field. The default interval between polls is 420 minutes. You can specify a different value, or cancel polling by unchecking the Enable IP subnet scanning box.
229
R E F E R E N C E G U I D E
To manually start full computer network polling, press the Scan now button.
Figure 202. Viewing the IP subnets group properties
V
IEWING AND CHANGING DOMAIN SETTINGS
To modify domain settings, perform the following actions:
1. Open the Unassigned computers Domains folder.
2. Select the folder corresponding to the necessary domain.
3. Open the context menu and select the Properties command.
This will open the <Domain name> Properties window containing the following tabs: General and Client computers .
230
U N A S S I G N E D C O M P U T E R S
On the General tab (see the figure below) you can view the domain name and the parent group name.
Figure 203. Viewing domain settings. The General tab
On the Client computers tab (see the figure below) you can:
Configure automatic removal of inactive hosts from the Unassigned computers folder.
To do this, check the Remove from group after specified computer inactivity period box. When this box is enabled, the Administration Server removes from domains the hosts that remain inactive longer than specified in the days field. You can modify the parameter value or disable removal of hosts by unchecking the Remove from group after specified computer inactivity period box.
231
R E F E R E N C E G U I D E
Exclude a domain from full network scans. To do this, use the Client computers tab to uncheck the Enable scanning of computers of this group box.
Figure 204. Viewing domain settings. The Client computers tab
C
REATING AN
IP
SUBNET
To create a new IP subnet:
1. In the console tree, open the Unassigned computers IP subnets .
2. Open the context menu and select the New IP range command.
3. In the New IP subnet window that opens (see the figure below) specify values for the following settings:
Name of the subnetwork.
The subnetwork description method and values appropriate for the method selected.
Select one of the following:
Specify IP subnet using the address and the subnet mask : in this case you must specify the
Subnet mask and Subnet address in the corresponding entry fields.
Specify IP subnet using the initial and final IP-address , then enter the initial and final IP-addresses.
232
U N A S S I G N E D C O M P U T E R S
Time interval after which information about an inactive computer will be deleted from the Administration
Server database, in the IP address lifetime (hours) field.
Figure 205. Creating an IP subnet
V
IEWING AND MODIFYING THE
IP
SUBNET SETTINGS
To modify the IP subnet settings:
1. Open the Unassigned computers IP subnets .
2. Select the folder corresponding to the required subnetwork.
3. Open the context menu and select the Properties command.
This will open the <Subnet name> Properties dialog containing the General and IP ranges tabs.
On the General tab (see the figure below), you can:
Change IP subnet name.
Change the value of the time interval after which information on an inactive computer will be deleted from the
Administration Server database, in the IP address lifetime (hours) . The default lifetime of an IP address is 24 hours.
233
R E F E R E N C E G U I D E
Permit or cancel regular polling of the computers in this subnet by the Administration Server. If you do not wish the Administration Server to poll computers a second time, uncheck the Enable IP subnet scanning box.
Figure 206. Viewing the IP subnet settings. The General tab
On the IP ranges tab (see the figure below), you can add and delete the IP ranges that define the subnet, and also modify their settings: the initial and final IP addresses for the range;
234
subnet mask and address.
U N A S S I G N E D C O M P U T E R S
Figure 207. Viewing the IP subnet settings. The IP subnets tab
To add an IP range that defines the subnet, click the Add button. In the IP subnets window that opens (see the figure below) specify the method to define the subnet, and enter the values for the method selected. Select one of the following:
Specify IP address range with address and subnet mask and specify the subnet mask and subnet address in the corresponding entry fields.
Specify IP address range with starting and ending IP address and specify the starting and the ending IP addresses of the range.
Figure 208. Adding an IP range
235
R E F E R E N C E G U I D E
V
IEWING AND MODIFYING THE
A
CTIVE
D
IRECTORY
GROUP PROPERTIES
To modify the Active Directory group properties:
1. Open the Unassigned computers Active Directory folder.
2. Select the node corresponding to the required group in Active Directory, call up its context menu and select the
Properties command.
This will open the <Active Directory group name> Properties dialog box containing the General tab
(see the figure below).
3. To allow group scanning, check the Enable scan box. To disable scanning, uncheck this box.
Figure 209. Viewing the Active Directory group properties
236
UPDATE
Timely updates of the application databases used while scanning infected objects, installation of critical patches for application modules and their regular updating are essential factors affecting the reliability of anti-virus protection systems.
To update the databases and program modules of the applications managed using Kaspersky Administration Kit, you should create an update download task for the Administration Server. When this is done the server will retrieve updates to databases and program modules from the update source in accordance with the task settings.
I N THIS SECTION
C
REATING THE TASK OF DOWNLOADING UPDATES TO THE
REPOSITORY
The Download updates to repository task is created automatically while the Quick Start Wizard is running. You can create only one task of downloading updates to the Administration Server repository.
To create a task for updates download by the Administration Server:
1. In the console tree, open the Kaspersky Administration Kit tasks folder in the console tree, open its context menu and select the New Task command.
237
R E F E R E N C E G U I D E
Specify Download updates to repository as the task type (see the figure below).
Figure 210. Creating an update task. Selecting the task type
3. In the window that opens (see the figure below), by following the Configure link, you can configure:
Update sources – a list of possible sources from which the update will be performed;
Connection settings – the proxy server settings and other network connection settings;
Other settings
– location of the copied updates, automatic update settings, and the settings for applying program modules updates, distribution of updates on slave Servers.
238
Press the Next button.
U P D A T E
Figure 211. Configuring the update source settings
4. Create the task launch schedule (see section "Creating a group task" on page 97 ). Click the
Next button (see the figure below).
Figure 212. Scheduling task launch
239
R E F E R E N C E G U I D E
5. Click the Finish button to complete task creation (see the figure below).
Figure 213. Completing task creation
A
DDING AN UPDATE SOURCE
To add an updates source to the list:
1. In the console tree, select the Kaspersky Administration Kit tasks folder, select the Download updates to repository task . Open the context menu and choose the Properties command.
240
2. In the window that opens, select the Settings tab (see the figure below).
U P D A T E
Figure 214. Configuring the update source settings
3. Follow the Configure link in the Update sources section.
241
R E F E R E N C E G U I D E
In the window that opens (see the figure below), you can add update sources. The Administration Server will download updates from the sources in the order of their listing. If this source is unavailable for some reason, the updating will be performed from the source next in the list, etc. You can change the order of the sources in the list using the buttons and .
Figure 215. Adding updates sources
Press the Add button (see the figure above). This will open the Update source properties window.
4. In the Update source properties window (see the figure below) you can specify the source of updates to the anti-virus database and the application modules. To do this, select one of the options below:
Kaspersky Lab update servers – Kaspersky Lab's servers to which the updated anti-virus database and the application modules are uploaded.
Master Administration Server – a shared folder located on the master Administration Server.
Local or network folder
– an FTP, HTTP server, a local or network directory added by the user and containing the latest updates. If you select this option, specify the location of the updates folder using the
Browse button. Note that when selecting a local folder, you should specify the folder on the computer with the installed Administration Server.
Check the Do not use proxy server box if you do not wish the proxy server to be used to connect to the updates source. If this box is unchecked, the proxy server will be used according to the connection options defined in the LAN settings window.
242
Press the OK button.
U P D A T E
Figure 216. Selecting the source of updates to the anti-virus database and the application modules
5. Press the OK button to finish adding the source of updates.
C
ONFIGURING CONNECTION TO THE UPDATE SERVERS
To configure connection to the update servers:
1. In the console tree, select the Kaspersky Administration Kit tasks folder, select the Download updates to repository task . Open the context menu and choose the Properties command.
243
R E F E R E N C E G U I D E
2. In the window that opens, select the Settings tab (see the figure below).
Figure 217. Configuring the update source settings
3. In the window that opens (see the figure above), follow the Configure link in the Connection settings section.
4. In the LAN settings window that opens, enter the necessary settings for connection with the update servers
(see the figure below):
Use proxy server – if connection to the updates source is established using a proxy server. Enter the address and the port number to be used for connection to the proxy server. The address can be specified in the notation, which is more convenient for you: text (e.g., Address : testserver) or decimal (e.g., Address :
125.2.19.1).
Autodetect settings – to use the parameters for connection to the proxy server defined in the system registry of the Administration Server.
Proxy server authentication – if there is no access to the proxy server, a password is used. Fill in the
User name and Password fields.
Use passive FTP mode – to use passive mode when the update is performed using the FTP protocol.
Uncheck this box to use active mode. You are advised to use passive mode.
244
U P D A T E
Connection timeout (sec)
– specify the maximum time for connecting to the updates server. If the connection has failed, after the specified period of time an attempt will be made to connect to the next updates server. Attempts to contact each server will continue until the connection is established successfully or until the program runs out of available addresses of update servers.
Figure 218. Configuring the settings used to connect to the update servers
D
ETERMINING THE UPDATES LIST
When configuring the update task settings, you can determine the list of updates distributed from the source.
To change the updates list:
1. In the console tree, open the Kaspersky Administration Kit tasks folder in the console tree, open the context menu of the Download updates to repository task and select the Properties command.
245
R E F E R E N C E G U I D E
2. In the window that opens, select the Settings tab (see the figure below).
Figure 219. Changing the updates list. The Settings tab
3. In the Updates list group of fields click the Configure link to open the updates list configuration window and check the boxes next to the types of downloading updates (see the figure below). In this window configure the following parameters:
Autodetect updates list – download updates for all Kaspersky Lab applications installed on hosts connected to the Administration Server.
246
U P D A T E
Force downloading of the following updates types
– select the updates for downloading for each individual component, irrespective of which applications are using them and whether the applications are installed in the administration groups or not. To do this, check the appropriate boxes in the table next to the required types of updates.
Figure 220. Selecting updates
4. Press the OK button to finish determining the updates list.
C
ONFIGURING OTHER UPDATE TASK SETTINGS
To configure the updates source settings:
1. In the console tree, open the Kaspersky Administration Kit tasks folder and select the Download updates to repository task. Open the context menu and choose the Properties command.
247
R E F E R E N C E G U I D E
2. In the window that opens, select the Settings tab (see the figure below).
Figure 221. Configuring other update task settings
3. In the window that opens (see the figure above), follow the Configure link in the Other settings section.
4. In the Other settings folder (see the figure below), you can configure the following settings:
Force update of slave Servers . When enabled, the option forces the tasks of receiving updates by the slave Administration Servers to launch automatically after they are downloaded by the master Server, irrespective of the schedule specified in the relevant task settings.
Update Administration Server modules . When enabled, the option forces installation of updates to
Administration Server modules immediately after completion of the download update by the Administration
Server. If this box is unchecked, you will only be able to install the updates manually.
Update Network Agent modules . When enabled, the option forces installation of updates to Network
Agent modules after the update is downloaded by the Administration Server. If this box is unchecked, you will only be able to install the updates manually.
Deploy downloaded updates to additional folders . If this box is checked, the Administration Server copies updates downloaded from the source to the specified folders. Create a list of additional update folders using the Add and Remove buttons. By default, this box is unchecked.
248
U P D A T E
To make the update tasks of client computers and slave Administration Server start only after the updates are copied from the selected network folder to additional updates folders, check the Do not force updating of client computers and slave Administration Servers before copying completion box. This box must be checked if client computers and slave Administration Servers download updates from additional network folders.
Figure 222. Configuring the settings
5. Press the OK button to complete configuration of other download updates settings.
V
ERIFYING DOWNLOADED UPDATES
The anti-virus protection system can operate correctly only if the latest database versions are available. Therefore, it is necessary to check that the task of downloading updates to the repository (shared folder) on the Administration Server, and the task of distributing those updates to the client computers, are both operating correctly.
To check database updates:
1. In the console tree go to the Kaspersky Administration Kit tasks folder and select the task of downloading updates to the repository.
2. Open the task properties window, by selecting Properties in the context menu.
249
R E F E R E N C E G U I D E
3. Open the Updates verification tab (see the figure below).
Figure 223. Configuring updates verification
4. Check the Test updates before distributing box.
5. In the Updates verification task field, select a task from the existing tasks with the Select button. You can also create a new updates verification task. To do this, click the Create a task button and follow the wizard's instructions. During creation of a new updates verification task, the Administration Server generates test policies, and auxiliary group update and on-demand scan tasks.
It is recommended to run the updates verification task on well-protected computers with the software configuration most typical of your corporate LAN. This approach increases the quality of scans, and minimizes the risk of false responses and the probability of virus detection during scans. If viruses are detected on the test computers, the update verification task is considered failed.
After the specified settings are applied, the updates verification task will be started before distribution of databases. The
Administration Server downloads updates from the source, saves them to a temporary storage, and runs the updates verification task. If the task completes successfully, the updates will be copied from the temporary storage to the shared folder on the Administration Server (Share\Updates folder) and distributed to all other computers for which the
Administration Server is the source of updates.
If the results of the updates verification task show that updates located in the temporary storage are incorrect or if the updates verification task completes with an error, such updates are not copied to the shared folder, and the
Administration Server keeps the previous set of updates. The tasks which are scheduled by using the When new updates are downloaded to the repository schedule type are not started then, either. These operations are performed at the next start of the Administration Server updates download task if verification of the new set of updates is successful.
250
U P D A T E
If the Test updates before distributing box is checked, Administration Server updates download is considered finished only after completion of the updates verification task. Please note that the updates verification task initiates special update and on-demand tasks. They require some time. This should be kept in mind while making up the schedule for the
Administration Server updates download task.
The settings for test policies and auxiliary tasks can be modified. Please note that for correct testing of updates, it is necessary to:
Save on Administration Server all events with severity levels Critical event and Error . Using the events of these types, the Administration Server analyzes the operation of applications.
Use the Administration Server as the source of updates.
If computer restart is required after the installation of updates to program modules, it should be performed immediately. It will be impossible to test the correct functioning of updates of this type if the computer is not restarted. For some applications installation of updates that require a restart may be prohibited or configured to prompt the user for confirmation first. These restrictions should be disabled in the application policies or task settings.
The iChecker, iSwift and iStream scanning acceleration technologies should be disabled.
Select the actions to perform over infected objects: Do not prompt for action / Skip / Log information to report .
Specify the task schedule as Manually .
Automatic removal of detected malicious objects is not recommended because files that have caused a false alarm will be then deleted from the computer and there will be no way to verify the alarm for that file after the next update. As a result, the update to anti-virus databases will be distributed to all computers managed by the Administration Server.
The procedure of updates verification is as follows:
1. Once updates are copied to the temporary repository, the Administration Server starts the update tasks specified in the properties of the updates verification task: auxiliary group update tasks or update tasks for specific computers specially created by the administrator.
As a result, updates to databases and program modules are distributed to the specifically assigned computers.
Once updates are downloaded, the computers can be restarted to apply program patches.
2. After the updates are applied, the following checks are performed in accordance with the settings of the updates verification task:
Checks of the status of real-time protection returned by anti-virus applications and the statuses of all realtime protection tasks;
Launch of on-demand scanning tasks specified in the settings of the updates verification task: auxiliary group on-demand scanning tasks or on-demand scan tasks for specific computers specifically created by the administrator.
3. After completion of all the tasks on all computers specified in the updates verification task a conclusion about correct functioning of the updates follows.
A set of updates is considered to be incorrect if one of the following conditions is met on at least one computer: an update task error has occurred; the status of real-time protection of an anti-virus application has changed after applying updates; an infected object was found during a scan;
251
R E F E R E N C E G U I D E a functional error of a Kaspersky Lab application has occurred.
If none of the listed conditions is true for all the computers, the set of updates is considered to be correct and the updates verification task completes successfully.
V
IEWING DOWNLOADED UPDATES
To view the updates downloaded by the Administration Server, in the console tree select the Repositories Updates folder . The list of updates stored on the Administration Server will be displayed in the results pane.
To view the properties of an update, select the necessary update in the results pane and use the Properties command from the context menu. That will open the <Update name> Properties window (see the figure below).
The General tab displays the following information: update name; number of records in the anti-virus database (this field is missing for updates to application modules); name and version of the application to which the update applies; size of the update saved on the Administration Server; date when the update was copied to the Administration Server; date of anti-virus database creation.
Figure 224. Viewing properties of the downloaded update
252
U P D A T E
A
UTOMATIC DISTRIBUTION OF UPDATES
Updates are distributed to client computers using the update tasks for applications. Slave Servers are updated by their
Administration Server update download tasks. These tasks can run automatically immediately after the master Server downloads updates irrespectively of the schedule in task settings.
A
UTOMATIC DISTRIBUTION OF UPDATES TO THE CLIENT COMPUTERS
To automatically distribute updates retrieved by the Administration Server to client computers after downloading,
In the update task settings of a Kaspersky Lab application set the Administration Server as an update source, and select the When new updates are downloaded to the repository option on the Schedule tab.
A
UTOMATIC DISTRIBUTION OF UPDATES TO THE SLAVE
S
ERVERS
To automatically distribute updates retrieved by the master Administration Server to slave Servers after downloading:
In the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Force update of slave Servers box.
As a result, immediately after the updates are downloaded by the master Administration Server, updates retrieval by the slave Administration Servers will be automatically launched irrespectively of the schedule specified in the settings of those tasks.
A
UTOMATIC INSTALLATION OF UPDATES TO PROGRAM MODULES
To install updates for program modules to the Administration Server automatically after downloading, in the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Update Administration Server modules box.
To install updates for program modules to Network Agents automatically after downloading, in the properties of the Administration Server update download task use the Settings tab of the task properties window to check the Update Network Agent modules box.
As a result, immediately after the updates are downloaded by the master Administration Server, installation of updates to program modules will be started automatically.
253
R E F E R E N C E G U I D E
C
REATING THE LIST OF
U
PDATE
A
GENTS AND CONFIGURING THE
AGENTS
To create a list of Update Agents and configure them to distribute updates on the computers within a group, open the Update Agents tab in the group properties window (see the figure below). Using the Add and Remove buttons, create the list of computers that will be used as Update Agents within the group.
Figure 225. Creating the list of Update Agents
To configure an Update Agent, select it in the list and press the Properties button. In the <Update Agent name> properties window that opens (see the figure below) you can: specify the port number used by the client to connect to the Update Agent. By default, port 14000 is used; if this port is in use, it can be changed;
If the host running the Administration Server is specified as the Update Agent, port 14001 is used for connection by default. specify the port number used by the client to connect securely to the Update Agent using the Secure Sockets
Layer (SSL) protocol. By default, port 13000 will be used;
If the host running the Administration Server is specified as the Update Agent, port 13001 is used for the SSL connection by default.
254
U P D A T E activate the IP multicast mode to distribute installation packages automatically to clients in a group. To do this, check the Use multicast box and fill in the Multicast IP and IP multicast port number fields. If this box is checked, the installation packages and the group tasks' and policies' settings will also be applied on client computers using multicast IP delivery.
When you are using multi-address IP delivery, the total traffic will become N timer smaller, where N stands for the total number of running computers in the administration group.
For details on the distribution of installation packages using Update Agents, see the Implementation guide.
Figure 226. The Update Agent properties window. The General tab
To view the Update Agent statistics, use the View Update Agent link.
The displayed window (see the figure below) will contain the following information:
Information about application databases:
The time of the last synchronization with the Administration Server – the last time when the Update
Agent contacted the Administration Server to retrieve updates.
Percentage of data obtained through multicasting – ratio between the data transferred to client computers using multicasting and the data downloaded by the Update Agent from Administration Server.
The total number of synchronizations with the Administration Server – how many times the Update
Agent contacted the Administration Server.
255
R E F E R E N C E G U I D E
Amount of information sent using multicast distributions
– data (bytes) transferred by the Update
Agent to the client computers using multicast delivery of application databases.
Amount of information downloaded by clients via TCP protocol
– data (bytes) transferred by the
Update Agent to client computers over TCP.
Time created
– date and time when the application databases downloaded by the Update Agent from
Administration Server were created.
Working directory
– path to the working directory of an Update Agent.
Working directory size – size of the working directory of an Update Agent.
Data on remote installation and policies distribution:
Percentage of data obtained through multicasting
– ratio between the data transferred to client computers using multicasting and the data downloaded by the Update Agent from Administration Server.
The total size of policies and installation packages downloaded from the Administration Server
– the size of all installation packages and policies downloaded by the Update Agent from the Administration
Server.
Total amount of information downloaded by the clients from Update Agent
– data (bytes) transferred by the Update Agent to client computers over the TCP protocol.
Amount of information sent by Update Agent to the clients using multicast distributions – data
(bytes) transferred by the Update Agent to client computers using multicast delivery of application databases.
Figure 227. The Update Agent statistics window
T
HE TASK OF DOWNLOADING UPDATES BY THE
U
PDATE
A
GENTS
Kaspersky Administration Kit makes it possible for the Update Agents to download updates.
256
To download updates for the Update Agents:
1. Select the Update Agents (see figure below) and click the Properties button.
U P D A T E
Figure 228. Selecting an Update Agent
257
R E F E R E N C E G U I D E
2. In the window that opens, select the Updates source tab (see the figure below).
Figure 229. Selecting the updates source for the Update Agent
3. On this tab check the Use update download task box. Select a task from the list of created tasks for specific computers by pressing the Select button, or create a new task using the New task button (see the figure above).
258
MANAGING LICENSES
Kaspersky Administration Kit features opportunities for centralized installation of licenses to client computers within administration groups, monitoring their status and renewal.
When a license is installed using the Kaspersky Administration Kit services, all information about it is stored on the appropriate Administration Server. The information is used to generate reports on the status of installed licenses and for notifications about license expiration or about the threshold being exceeded for the maximum number of applications using a license. Parameters for notifications about the status of licenses are configured in the Administration Server settings.
I N THIS SECTION
V
IEWING INFORMATION ABOUT INSTALLED LICENSES
To view information about all the installed licenses:
select the Repositories Licenses folder in the console tree. The results pane will display the list of licenses installed on the client computers.
The following information will be displayed for each license:
Serial number
– the license number.
Type – the type of installed license (for example, commercial or trial).
Limit computers count
– restrictions imposed by the license.
License period – license validity period.
Expiration date
– expiration date for the license.
Application – name of the application for which the license is valid.
Current on
– the number of hosts on which the license is active at the moment.
Backup on
– the number of hosts on which the license is used as backup.
An icon corresponding to the type of its use will be displayed next to each license:
– information about the license used is obtained from the client computer connected to the Administration Server.
This license is not stored in the Administration Server repository.
259
R E F E R E N C E G U I D E
– the license is stored in the Administration Server repository. The option of automatic installation of this license is not enabled.
– the license is stored in the Administration Server repository. The option of automatic installation of this license
is enabled (see section "Automatic distribution of license" on page 265 ).
To view information about a specific license, select the necessary license in the results pane and use the Properties command from the context menu.
This will open the <License number> properties window, which includes the General and Targets tabs.
The General tab (see the figure below) contains the following license information: serial number; type; name of the application, for which the license is valid; license period; restrictions imposed in the license; the number of hosts on which the license is active at the moment; the number of hosts on which the license is reserved at the moment;
260
information about the license.
M A N A G I N G L I C E N S E S
Figure 230. License properties. The General tab
The Objects tab (see the figure below) displays a list of client computers where the license is installed. This tab displays the following information: name of the client computer; administration group; whether this license is used as the current license; license expiration date;
261
R E F E R E N C E G U I D E activation date of the license on the client computer.
Figure 231. License properties. The Objects tab
The About the client tab contains information about the license owner obtained from the key file.
You can check which licenses are installed for the application on a specific client computer by viewing the application properties configuration window.
I
NSTALLING A LICENSE
), a task for specific computers (see section "Creating a task for specific computers" on page 109 )
or a local task (see section "Creating a local task" on page 110 ). When creating this task:
specify the application for which you are installing this license as the application for which the task is being created; specify Add license key as the task type.
262
M A N A G I N G L I C E N S E S
R
UNNING THE LICENSE INSTALLATION TASK CREATION
WIZARD
To launch the license installation wizard in the console tree, select the Licenses node and use the Add license command from the context menu. This will launch a wizard to create a task for specific computers; this wizard will skip the step which selects the task type, as the task type will be defined by default.
The tasks created using the license installation task wizard are tasks for specific computers; they are located in the
Tasks for specific computers folder of the console tree.
When configuring the license installation task on the Properties tab (see the figure below), you can replace the key file for the installation and check the Use when active license expires box to use this license key as the application's backup license. If this box is unchecked, the license will be used as current. The License info field contains detailed information about the license.
Figure 232. Configuring a license installation task
C
REATING AND VIEWING REPORT ON LICENSES
To generate a report about the status of the licenses installed on the client computers, use the built-in Licensing Report
263
R E F E R E N C E G U I D E
The report created using the Licensing Report template contains complete information about all licenses installed on all client computers (both current and reserve licenses), indicating which computers are using which keys, and the license restrictions.
O
BTAINING LICENSE USING ACTIVATION CODE
To obtain a key using the activation code:
1. In the Repositories folder, open the context menu of the Licenses folder and select New Add license . This will open the license adding wizard window. Press the Next button.
2. In the next wizard window, select Enter activation code . Press the Next button.
Figure 233. Obtaining key using activation code
264
M A N A G I N G L I C E N S E S
3. In the window that opens, enter the activation code obtained when you purchased a commercial version of the application. If you wish to automatically apply the license to the computers in the administration groups, check the box in the corresponding field. Press the Next button.
Figure 234. Entering the activation code
4. Press the Finish button to apply the changes.
A
UTOMATIC DISTRIBUTION OF LICENSE
Kaspersky Administration Kit provides a capability to automatically distribute licenses located in the Administration
Server license repository on the client computers.
To automatically distribute the license to the client computers:
1. In the console tree, select the Repositories Licenses .
2. Select the license which you wish to distribute.
3. Open the context menu of this license and select Properties .
4. In the window that opens, check the Automatically installed license box.
The license applies to the client computers on which the application is installed but which do not have a current license.
The license will be installed using the Network Agent's tools. Additional license installation tasks for the application will not be created. The license will be applied as the active license.
The license restriction will be verified during its installation. If the restriction is violated, the license will not be installed.
265
REPOSITORIES
The Repositories folder is intended for operations with objects used to monitor the status of client computers and perform their maintenance. The information is displayed in folders containing the following lists:
Installation packages that can be used to install on client computers.
to client computers.
Licenses installed on the client computers (see section "Managing licenses" on page 259 ).
Objects quarantined on client computers by anti-virus applications.
Backup copies of objects placed into Backup.
Files assigned for postponed scanning by anti-virus applications.
Applications deployed on corporate network hosts with the installed Network Agent.
I N THIS SECTION
I
NSTALLATION PACKAGES
One of the most important features of Kaspersky Administration Kit is the remote installation of Kaspersky Lab applications and applications of third parties. In order to install the application using Kaspersky Administration Kit, you must create an installation package for this application. An installation package is a set of files required for the installation, and the settings related to the installation process and to the initial configuration of the application being installed (particularly, the file containing the Anti-Virus settings).
A list of all created installation packages is provided in the Repositories Installation packages folder of the console tree.
For details on the properties of the installation packages, see the Implementation Guide.
Q
UARANTINE
Kaspersky Administration Kit supports the possibility of keeping a centralized list of objects placed by Kaspersky Lab applications in their repositories. Network Agents send the information from client computers for storage in the database of the appropriate Administration Server. You can then use the Administration Console to view the properties of objects in local repositories, run anti-virus scanning of those repositories and delete the stored objects.
266
R E P O S I T O R I E S
V
IEWING THE PROPERTIES OF A QUARANTINED OBJECT
To view the properties of a quarantined object, select in the console tree the Repositories folder, and then the Quarantine folder. Select the necessary object in the results pane and use the Properties command from the context menu.
The displayed window (see the figure below) will contain the following information about the object: name under which the object was delivered for processing by the anti-virus application; object description; action that was performed on the object by the anti-virus application; name of the computer on which the object is stored; status assigned to the object by the anti-virus application; name of the virus contained or possibly contained in the object; date when the object was quarantined or placed in backup; object size (in bytes); path on the client computer to the folder in which the object was originally located;
267
R E F E R E N C E G U I D E name of the user who quarantined the object or placed it in backup.
Figure 235. Viewing the properties of quarantined or backed-up objects
R
EMOVING AN OBJECT FROM
Q
UARANTINE
To remove an object from Quarantine, select in the console tree the Repositories Quarantine folder. Select the object you need in the results pane and use the Delete command from the context menu.
As a result, the anti-virus application that placed the object into a backup storage on the client computer, will remove the object from Quarantine or from the Backup.
S
CANNING THE
Q
UARANTINE FOLDER ON THE CLIENT COMPUTER
To scan the Quarantine folder on a client computer, in the console tree, select the Repositories Quarantine folder, select the object you wish to scan in the results pane and use the Scan Quarantined Files command from the context menu or the corresponding item from the
Action menu.
As a result, the on-demand Quarantine folder scan task will be launched on the client computer for the anti-virus application that has quarantined the selected object.
268
R E P O S I T O R I E S
R
ESTORING AN OBJECT FROM THE
Q
UARANTINE
To restore an object from the Quarantine, in the console tree, select the Repositories Quarantine . Select the necessary object in the results pane and use the Restore command from the context menu.
As a result, the anti-virus application that has placed the object into a backup storage on the client computer, will restore the object to the original folder.
S
AVING AN OBJECT FROM THE
Q
UARANTINE TO DISK
Kaspersky Administration Kit lets the administrator save files that the anti-virus application has quarantined on the client computer, to the Administration Server. The file is downloaded to the computer, on which the Kaspersky Administration
Kit is installed, and then saved to the directory specified by the administrator.
To save an object from the Quarantine to the administrator's disk, in the console tree, select the Repositories Quarantine . Select the necessary object in the results pane and use
Save to disk from the context menu.
As a result, the anti-virus application which has quarantined the object on the client computer will save the object to the directory specified by the administrator.
B
ACKUP
Kaspersky Administration Kit supports the possibility of keeping a centralized list of objects placed by Kaspersky Lab applications in their repositories. Network Agents send the information from client computers for storage in the database of the appropriate Administration Server. You can then use the Administration Console to view the properties of objects in local repositories, run anti-virus scanning of those repositories and delete the stored objects.
V
IEWING THE PROPERTIES OF AN OBJECT PLACED INTO THE
B
ACKUP
To view the properties of a backed-up object, in the console tree, select the Repositories Backup . Select the necessary object in the results pane and use the
Properties command from the context menu.
The displayed window (see the figure below) will contain the following information about the object: name under which the object was delivered for processing by the anti-virus application; object description; action that was performed on the object by the anti-virus application; name of the computer on which the object is stored; status assigned to the object by the anti-virus application; name of the virus contained or possibly contained in the object; date when the object was quarantined or placed in backup;
269
R E F E R E N C E G U I D E object size (in bytes); path on the client computer to the folder in which the object was originally located; name of the user who quarantined the object or placed it in backup.
Figure 236. Viewing the properties of quarantined or backed-up objects
R
EMOVING AN OBJECT FROM THE
B
ACKUP
To remove an object from the backup storage, in the console tree, select the Repositories Backup . Select the object you need in the results pane and use the
Delete command from the context menu.
As a result, the anti-virus application that placed the object into a backup storage on the client computer, will remove the object from Quarantine or from the Backup.
R
ESTORING THE OBJECT FROM THE
B
ACKUP
To restore an object from the backup storage, in the console tree, select the Repositories Backup . Select the necessary object in the results pane and use the
Restore command from the context menu.
As a result, the anti-virus application that has placed the object into a backup storage on the client computer, will restore the object to the original folder.
270
R E P O S I T O R I E S
S
AVING AN OBJECT FROM THE
B
ACKUP TO DISK
Kaspersky Administration Kit lets the administrator save the files that the anti-virus application has placed in the Backup on the client computer to the Administration Server. The file is downloaded to the computer, on which the Kaspersky
Administration Kit is installed, and then saved to the directory specified by the administrator.
To save an object from the Backup to the administrator's disk, select in the console tree the Repositories Quarantine folder. Select the necessary object in the results pane and use Save to disk from the context menu.
As a result, the anti-virus application which has placed the object into the backup storage on the client computer will save the object to the folder specified by the administrator.
U
NPROCESSED FILES
Information about the files for which scheduled scanning and disinfection has been postponed, is available in the
Repositories Unprocessed files folder. The folder contains information about all such files within the Administration
Servers and client computers.
Postponed processing and disinfection are performed upon request or after a specified event. You can configure the settings for postponed disinfection of a set of files.
D
ISINFECTING THE OBJECT FROM THE
U
NPROCESSED FILES FOLDER
To disinfect an object from the Unprocessed files folder, select in the console tree the Repositories Unprocessed files folder, select the object you wish to disinfect in the results panel and use the Disinfect command in the context menu.
The application attempts to disinfect the object: if the object is disinfected, information about it will be deleted from the list in the Unprocessed files folder; if disinfection is impossible, both information about the object and the object itself are deleted.
S
AVING THE OBJECT FROM THE
U
NPROCESSED FILES FOLDER TO
DISK
Kaspersky Administration Kit allows the administrator to save the files that the anti-virus application has placed in the
Unprocessed files folder on the client computer. The file is downloaded to the computer, on which the Kaspersky
Administration Kit is installed, and then saved to the directory specified by the administrator.
To save an object from the Unprocessed files folder to the administrator's disk, in the console tree, select the Repositories Unprocessed files folder. Select the necessary object in the results pane and use Save to disk from the context menu.
The anti-virus application that has placed the object in the Unprocessed files folder on the client computer will save the object to the folder specified by the administrator.
271
R E F E R E N C E G U I D E
R
EMOVING THE OBJECT FROM THE
U
NPROCESSED FILES FOLDER
To remove an object from the Unprocessed files folder, in the console tree select the Repositories Unprocessed files folder. Select the object you need in the results pane and use the Delete command from the context menu.
As a result, the anti-virus application that has placed the object into the repository on the client computer will remove the object from the list in the Unprocessed files folder.
A
PPLICATION REGISTRY
Information about the applications installed in the network is stored in the applications registry. Information about the applications is based on the data received from client computers.
Information about the applications installed on computers connected to slave Administration Servers is also collected and stored in the applications registry of the master Administration Server. Use a report to view this information, by enabling
To view the applications registry:
1. In the console tree, open the Repositories folder.
2. Open the Applications registry folder.
Whether this folder is displayed or not, is determined by user interface settings. To configure this folder to be displayed, go to View Configuring interface menu and check the box in the Display application registry string.
The results pane will display information about applications as a table (see the figure below). This table contains the following fields:
Name
– application name;
Version
– application version;
Manufacturer
– vendor name;
Number of computers
– the number of network hosts where the application is installed;
Comments – brief application description;
Technical Support Service
– website address of the Technical Support Service;
Technical Support phone number – phone number of the Technical Support Service.
272
R E P O S I T O R I E S
The Comments , Technical Support Service and Technical Support phone number fields can be empty.
Figure 237. Viewing the applications registry
To view application information in a separate window:
1. Select the application from the list in the results pane.
2. Open the context menu and select the Properties command.
The General tab of the window that opens (see the figure below) contains the following application data: name, version, manufacturer, manufacturer's comments, website address and phone number of the Technical Support
Service.
273
R E F E R E N C E G U I D E
Check the Publish installation event box to make the client computers report installation of that application to the Administration Server and register it in accordance with the parameters defined for the Monitored application from the applications registry was installed event in the Administration Server settings or in the policy of Kaspersky Administration Kit.
Figure 238. The application properties window. The General tab
274
R E P O S I T O R I E S
The Computers tab (see the figure below) contains a list of computers where the application is installed.
Figure 239. The application properties window. The Computers tab
To view the list of applications matching certain criteria, you can use a filter. To do this, perform the following actions:
1. Open the Applications registry folder.
2. Open the context menu and choose the Filter command.
3. In the window that opens (see the figure below), select the Specify filter option and specify values for the following settings:
Enter the application name manually or select it from the drop-down list. The list contains all applications installed on client computers. The Network Agents installed on computers provide information based on system registry data.
Specify the application version.
275
R E F E R E N C E G U I D E
Enter the name of the application vendor manually or select it from the drop-down list. Information in the list is provided for all client computers by the Network Agents installed on those hosts.
Figure 240. The application search settings window
4. To display only installed applications in the Applications registry node, check the Show installed applications only box.
5. Press the OK button.
The list of applications matching the specified parameters will appear in the results pane of the Applications registry folder.
If information filtering is not necessary, select the option to Show all applications . As a result, the filter will be turned off.
276
ADDITIONAL FEATURES
This section describes some additional features of Kaspersky Administration Kit designed to extend the opportunities for centralized management of applications in computer networks.
I N THIS SECTION
M
ONITORING ANTI
-
VIRUS PROTECTION STATUS USING
SYSTEM REGISTRY DATA
To view the anti-virus protection status of the client computer using the data written into the system registry by the
Network Agent:
1. Open the system registry on the client computer (for example, locally by running regedit from the Start Run menu).
2. Select the branch:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVS tate
The anti-virus protection status corresponds to the values of the keys listed in the table below.
Table 2.
K EY ( DATA TYPE )
Protection_AdmServer
(REG_SZ)
Protection_AvInstalled
(REG_DWORD)
Protection_AvRunning
(REG_DWORD)
Protection_HasRtp
(REG_DWORD)
V ALUE non-zero non-zero non-zero
List of registry keys and their possible values
D ESCRIPTION
Name of Administration Server, managing the computer.
An anti-virus application was installed on the computer.
Real-time protection is enabled.
Real-time protection component is installed.
Real-time protection status:
277
R E F E R E N C E G U I D E
K EY ( DATA TYPE )
Protection_LastFscan
(REG_SZ)
Protection_BasesDate
(REG_SZ)
Protection_LastConnected
(REG_SZ)
V ALUE
0
2
3
4
5
6
7
8
9
DD-MM-YYYY HH-MM-SS
DD-MM-YYYY HH-MM-SS
DD-MM-YYYY HH-MM-SS
D ESCRIPTION
Unknown.
Disabled.
Paused.
Starting.
Enabled.
Enabled, high level of protection
(maximum protection).
Enabled, recommended settings.
Enabled, user-defined settings.
Failure.
Date and time (in UTC format) of last full scan.
Date and time (in UTC format) of last full scan.
Date and time (in UTC format) of last connection to Administration Server.
M
OBILE USERS
The Kaspersky Administration Kit features a capability to switch the Network Agent to other Administration Servers if the following network settings change:
Subnet
– change the subnetwork address and mask.
DNS domain – change the DNS suffix for a subnetwork.
Default gateway address
– change the address of the main network gateway.
DHCP server address – change the IP address of the network DHCP server.
DNS server address – change the IP address of the network DNS server.
WINS server address
– change the IP address of the network WINS server.
Windows domain accessibility – change the status of the Windows domain to which a client computer is connected.
The functionality is supported for the following operating systems: Microsoft Windows XP / Vista; Microsoft Windows
Server 2003 / 2008.
The initial settings of the Network Agent connection to the Server are defined during the installation of the Agent. The
Network Agent will then respond to changes in the network layout provided that the switching rules are configured:
The Network Agent connects to the Administration Server specified in the corresponding rule when the rule conditions are fulfilled, and the applications installed on client computers switch to mobile user policies provided that such behavior is enabled in the rule.
If none of the existing rules applies, the Network Agent returns to the initial connection parameters defined during the installation and the applications installed on client computers return to the active policies.
If the Administration Server is unavailable, the Network Agent will use mobile policies.
278
A D D I T I O N A L F E A T U R E S
The settings of the Network Agent connection to the Server are saved in a profile. In addition, the profile also defines the rules for switching the client computers to policies for mobile users and restricts the profile use to updates downloading only. By default, the Network Agent switches to a mobile user policy if the Administration Server remains unavailable for longer than 45 minutes.
The Network agent switching profiles are configured in the policy or in the settings of the Network Agent.
The list of profiles created for the Network Agent can be found in the Administration Server connection profiles section of the Connection tab. You can add or remove profiles and also edit profile settings using the Add , Remove and
Properties buttons.
The list of rules created for the profile is located in the Switch profiles section of the Connection tab. You can add or remove rules and also edit rules settings using the Add , Remove and Properties buttons.
Rules are checked for a match to the network layout in the order of their appearance in the list. If a network matches
and . several rules, the first one will be used. To change the order of rules in the list, use the buttons
C
REATING A PROFILE FOR THE MOBILE USERS
In order to add a new profile to connect to the Administration Server:
1. Select the Network Agent policy in the console tree.
2. Open the context menu and select Properties .
3. Open the Network tab in the <Policy name> Properties window.
279
R E F E R E N C E G U I D E
4. Click the Connection profiles link to switch to the Network Agent settings configuration window (see the figure below).
Figure 241. The Connection tab
280
A D D I T I O N A L F E A T U R E S
5. Press the Add button located in the Administration Server connection profiles section (see the figure above). This will open the tab settings configuration window (see the figure below).
Figure 242. The New profile window
6. Specify values for the following settings of the Network Agent profile (see the figure above):
Profile name.
Address of the computer which is hosting the Administration Server.
Port number to connect on.
Port number to connect on if using SSL protocol. To connect through a secure port, i.e. using SSL protocol, check the Use SSL connection box.
Proxy server settings. To do this, use the Configure connection via a proxy server link.
If the Enable mobile policies box is checked, the applications installed on the client computer will work with the policies for mobile users even if the Administration Server specified in the profile is available. If the policies for mobile users are not defined, the regular current policy will be used. If this box is unchecked, applications will use active policies.
If the Use to receive updates only option is enabled, the profile will only be used for downloading updates by the applications installed on the client computer. For other operations connection to the Administration Server will be established with the initial connection settings defined during the Network Agent installation.
7. Press the OK button to finish the operation.
By default, the list contains only the <Not connected> built-in profile. The profile cannot be edited or removed. It does not contain a Server for connection and the Network Agent switching to it will not attempt to connect to any server while the
281
R E F E R E N C E G U I D E applications installed on client computers will work with the policies for mobile users. The <Not connected> profile can be used if computers get disconnected from the network.
C
REATING THE
N
ETWORK
A
GENT SWITCHING RULE
To create a rule for switching the Network Agent from one Administration Server to another whenever the network layout changes:
1. Select the Network Agent policy in the console tree.
2. Open the context menu and select Properties .
3. Open the Network tab in the <Policy name> Properties window.
4. Click the Connection profiles link to open the corresponding window. This will open the Network Agent settings configuration window (see the figure below).
Figure 243. The Connection tab
5. Press the Add button located in the Switch profiles section (see the figure below).
6. In the window that opens (see the figure below):
Enter the rule name in the upper entry field.
Select the created profile from the Use connection profile drop-down list.
282
A D D I T I O N A L F E A T U R E S
Use the Switch conditions section to create a list of rule conditions by pressing the Add , Modify , and
Remove buttons. The conditions in a rule are combined using the logic "AND".
Figure 244. The New rule window
7. Check the Rule activated box in order to activate the rule (see the figure above).
8. Press the OK button to finish operations with the rule.
A
DDING A CONDITION TO THE RULE
To add a condition to the rule:
1. Select the Network Agent policy in the console tree.
2. Open the context menu and select Properties .
3. Open the Network tab in the <Policy name> Properties window.
283
R E F E R E N C E G U I D E
4. Click the Connection profiles link to switch to the Network Agent settings configuration window (see the figure below).
Figure 245. The Connection tab
5. Press the Add button located in the Switch profiles section (see the figure below).
284
6. In the Switch conditions section press the Add button (see the figure below).
A D D I T I O N A L F E A T U R E S
Figure 246. The New rule window
7. Select from the drop-down list a value corresponding to the changes in the characteristics of the network to which the client computer is connected (see the figure below):
Subnet – change the subnetwork address and mask;
DNS domain
– change the DNS suffix for a subnetwork;
Default gateway address – change the address of the main network gateway;
DHCP server address
– change the IP address of the network DHCP server;
DNS server address
– change the IP address of the network DNS server;
WINS server address – change the IP address of the network WINS server;
285
R E F E R E N C E G U I D E
Windows domain accessibility
– change the status of the Windows domain to which a client computer is connected.
Figure 247. List of network characteristics
286
A D D I T I O N A L F E A T U R E S
8. Press the Add button and specify the value at which the condition of switching the Agent to another
Administration Server will be satisfied. Create the values necessary for the condition using the Add , Modify , and Remove buttons.
Figure 248. Adding a value
9. Select when the condition will be considered fulfilled:
Matches at least one value from the list .
Does not match any of the values in the list .
10. Press the OK button to finish the operation.
S
EARCH
To view information about an individual computer or a group of computers, you can use the computer search function based on the specified criteria. While searching for computers, information from slave Administration Servers can be enabled. Search results can be saved to a text file.
The search feature can find:
Client computers in administration groups of an Administration Server and its slave Servers; computers that are not added to administration groups, but included in computer networks where an
Administration Server and its slave Servers are installed; all computers in the networks where Administration Server and its slave Servers are installed regardless of whether they are in administration groups.
To find computers, you can also use the following links: Find unassigned computers on the task pane of the
Unassigned computers folder or Find computers on the Groups tab of the task pane of the Managed computers folder.
287
R E F E R E N C E G U I D E
While searching for computers, you can use the following regular expressions:
*
– any string of 0 or more characters;
? – any single character;
[<range>]
– one character from the specified range or array, for example, [0–9] – any digit or [abcdef] – one of the following characters: a, b, c, d, e, f.
D
ETECTING COMPUTERS
To find a computer or a group of computers that match the specified criteria:
1. Use the context menu of the Administration Server node, the Unassigned computers folder or administration group folder to select Search .
2. In the right upper corner of the window, select Find client computers from the drop-down list.
In the window that opens, specify the search criteria on the following tabs: Network , Network activity ,
Application , Computer status , Virus protection, Applications registry and Administration Servers hierarchy .
3. In the Search window that opens specify the required search criteria. The following search criteria are available on the tabs of the window:
On the Network tab (see the figure below):
Computer name in the corporate network or IP address.
Domain to which the client computer belongs.
IP range – initial and final IP addresses;
288
A D D I T I O N A L F E A T U R E S
Computer is located in Active Directory organization unit . If this box is checked, you can select a computer from the Active Directory group. If the computer is a part of the Active Directory unit you can check the Including child organization units box.
Figure 249. Detecting computers. The Network tab
On the Network activity tab (see the figure below):
Whether the computer is an Update Agent. To enable the Is an Update Agent condition, select the desired value ( Yes or No ).
Whether the Do not disconnect from the Administration Server box is checked in the computer properties. To enable the parameter, in the Feature "Do not disconnect from the Administration
Server" string select the required value ( Enabled or Disabled ).
Whether the computer is connected to the Administration Server as the result of switching the connection profile. To enable the Connection profile switched condition, select the desired value
( Yes or No ).
289
R E F E R E N C E G U I D E
Last connection of client computer to the Administration Server. To specify the time interval, check the
Time of the last connection to Administration Server box.
Figure 250. Computer search. The Network activity tab
On the Application tab (see the figure below):
Application name – name of Kaspersky Lab application installed on client computer. You can select the value from the drop-down list. The list provides only the names of applications with administration plug-ins installed in the administrator's workplace.
Application version
– version of the application installed on the client computer.
Critical update name – number or name of the update package installed for the application.
Last modules update
– time interval of last update of program modules installed on client computers.
290
Version of the operating system installed on the computer.
A D D I T I O N A L F E A T U R E S
Figure 251. Computer search. The Application tab
On the Computer status tab (see the figure below):
Computer status
– current computer status:
OK , Critical or Warning .
Computer status description . In this section you can check the boxes next to the options based on which the selected status is assigned to a client computer.
291
R E F E R E N C E G U I D E
Real-time protection status
– current status of the client computer anti-virus protection (select it from the drop-down list).
Figure 252. Computer search. The Computer status tab
On the Virus protection tab (see the figure below):
Anti-virus database date – time interval at which the databases were released.
Database records count
– numerical interval in which the database record count is found.
Last virus scan time – time interval in which the last client computer scan was performed.
292
A D D I T I O N A L F E A T U R E S
Viruses found
– numerical interval at which the number of detected viruses falls.
Figure 253. Computer search. The Virus protection tab
On the Applications registry tab (see the figure below): to search using data about an application, uncheck the Find by update box and specify the necessary parameters: Application name , Application version , Manufacturer .
To search using information on an update installed for an application, check the Find by update box and specify the necessary parameters: Update name , Update version , Manufacturer.
293
R E F E R E N C E G U I D E
Incompatible security application name
– a third-party security application (is selected from the list).
Figure 254. Computer search. The Applications registry tab
Whether this tab is shown or hidden is determined by the user interface settings. To configure this tab to be displayed, go to View Configuring interface menu and check the box in the Display application registry string.
The Administration Servers hierarchy folder is used to specify whether the information stored on slave
Administration Servers will be taken into account while searching for computers (see the figure below).
294
A D D I T I O N A L F E A T U R E S
To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search.
Figure 255. Detecting computers. The Administration Servers hierarchy tab
4. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found.
5. To save search results in a text file, press the Export to file button and specify the target file in the window that opens.
S
EARCHING FOR ADMINISTRATION GROUPS
To find an administration group that matches the specified criteria:
1. Use the context menu of the Administration Server or administration group folder to select Search .
295
R E F E R E N C E G U I D E
2. In the left upper corner of the window, select Find administration groups from the drop-down list.
In the window that opens, specify search criteria on the following tabs: General and Administration Servers hierarchy .
3. Use the General tab to specify the group name (see the figure below).
Figure 256. Searching for administration group. The General tab
4. The Administration Servers hierarchy tab is used to specify whether the information stored on slave
Administration Servers will be taken into account while searching for computers.
296
A D D I T I O N A L F E A T U R E S
To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search.
Figure 257. Searching for administration group. The Administration Servers hierarchy tab
5. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found.
6. To save search results in a text file, press the Export to file button and specify the target file in the window that opens.
S
EARCHING FOR THE SLAVE
A
DMINISTRATION
S
ERVERS
To find a slave administration Server that matches the specified criteria:
1. Use the context menu of the Administration Server or administration group folder to select Search .
297
R E F E R E N C E G U I D E
2. In the left upper corner of the window select Find slave Administration Servers from the drop-down list.
In the window that opens, specify search criteria on the following tabs: General and Administration Servers hierarchy .
3. Use the General tab to specify the name of the Server (see the figure below).
Figure 258. Searching for a slave Administration Server. The General tab
4. The Administration Servers hierarchy tab is used to specify whether the information stored on slave
Administration Servers will be taken into account while searching for computers.
298
A D D I T I O N A L F E A T U R E S
To take this data into account, check the Include data from slave Servers (down to level) box. Then specify the maximum nesting level to be included in the search.
Figure 259. Searching for a slave Administration Server. The Administration Servers hierarchy tab
5. After you have specified the search criteria, press the Find now button and a list of computers matching the specified criteria will be displayed in the bottom part of the window. This list will also contain general information about the computers found.
6. To save search results in a text file, press the Export to file button and specify the target file in the window that opens.
D
ATA BACKUP
Backup copying allows you to move an Administration Server from one computer to another without data losses and restore information in case of Administration Server database transfer to another host or upgrade to a newer version of the Kaspersky Administration Kit application.
299
R E F E R E N C E G U I D E
To create a backup copy of the Administration Server data, use one of the following options:
Administration Kit and after installation of the Administration Server it is located in the root of the program folder specified during application installation.
To restore the Administration Server data, start the klbackup utility on the computer with the newly installed Administration Server.
The names of the databases of the new and old SQL servers must be the same.
D
ATA BACKUP TASK
Kaspersky Administration Kit tasks folder.
To create an Administration Server data backup task:
1. Select the Kaspersky Administration Kit tasks folder in the console tree, open its context menu and select the New Task command.
select the following settings:
Select Administration Server data backup (see the figure below) as the task type.
Figure 260. Creating a task. Selecting the task type
300
A D D I T I O N A L F E A T U R E S
While configuring the task (see the figure below) specify: the Backup folder, for saving the backup copy of the data; this folder must be write-accessible for both the Administration Server and for the SQL server on which the Administration Server database is installed; the password that will be used for encrypting/decrypting the Administration Sever certificate; re-enter the password in the field below.
Figure 261. Creating a data backup task. Configuring the settings
A backup copy of the data is created in the specified folder as a subfolder under a name that reflects the current date and time of the operation in the klbackup YYYY-MM-DD # HH-MM-SS format (where
YYYY is the year, MM – month, DD – day, HH – hour, MM – minutes, SS – seconds). The following information will be saved in this folder: information database of the Administration Sever (policies, tasks, application settings, events saved on the Administration Server); configuration information about the structure of the administration groups and client computers; repository of the installation files for deployment of applications (contents of the Packages folder);
Administration Server certificate.
If required, restrict the maximum number of backup copies (subfolders) that can be simultaneously located in Backup. To do this, check the Limit the number of backup copies saved box and specify the required number of copies. If the imposed restriction has been met, the previous, older copies stored in Backup will be removed.
To configure an Administration Server backup data task:
1. Select the required task in the results pane of the Kaspersky Administration Kit tasks folder, open its context menu and select the Properties command.
301
R E F E R E N C E G U I D E
2. In the window that opens, select the Settings tab (see the figure below). This tab displays the same settings that were configured when the task was created: folder for saving the backup data copy password that will be used for encrypting/decrypting the Administration Sever certificate; re-enter the password in the field below; restriction imposed on the number of backup copies.
Specify the required values for these settings.
3. To confirm the settings, press the Apply or OK button.
Figure 262. Configuring the data backup task
D
ATA BACKUP AND RESTORATION UTILITY KLBACKUP
Administration Server data can be copied for backup purposes and further restoration using not only the Administration
package of Kaspersky Administration Kit. Data is restored using only the klbackup utility, which can work in one of two modes:
302
A D D I T I O N A L F E A T U R E S
I
NTERACTIVE MODE OF CREATING A BACKUP COPY AND DATA RESTORATION
For an interactive mode of creating a backup copy of the Administration Server data:
1. Launch the klbackup utility located in the C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit folder.
2. In the wizard window that opens, select the action (see the figure below):
Backup Administration Server data .
Restore Administration Server data .
If you enable the option to Restore or backup Administration Server Certificate only , the wizard will save or restore just the Administration Server certificate.
Press the Next button.
Figure 263. Backup copying
303
R E F E R E N C E G U I D E
3. In the next window specify the Password and Backup destination folder (see the figure below). Press the
Next button to perform backup.
Figure 264. Creating the backup destination folder
When restoring the certificate, the password matching the password provided during backup copying must be provided. If the password is incorrect, the certificate will not be restored.
If during the restoration of the Administration Server data, the path to the shared folder has changed, you should verify correct execution of tasks in which the folder is used (update, remote deployment tasks) and, if necessary, change the settings.
N
ON
-
INTERACTIVE MODE OF CREATING A BACKUP COPY AND DATA
RESTORATION
For a non-interactive mode of creating a backup copy of the Administration Server data, run the klbackup utility on the computer where the Administration Server is installed, with the required set of command line options.
Utility command line syntax: klbackup [-logfile LOGFILE] -path BACKUP_PATH [-use_ts]|[-restore] -savecert PASSWORD
If the password is not entered in the command line of the klbackup utility, the utility will prompt you to enter it in the interactive mode.
The command line parameters are as follows:
-logfile LOGFILE – save a report about copying/restoring the Administration Server data;
304
A D D I T I O N A L F E A T U R E S
-path BACKUP_PATH – save information in the BACKUP_PATH folder / restore user data from the
BACKUP_PATH folder (required parameter);
The database server account and the klbackup utility must have access rights to modify data in the
BACKUP_PATH folder.
-use_ts – when saving the data, copy information into the folder under the name that reflects the current date and time of the operation in format klbackup YYYY-MM-DD # HH-MM-SS in the BACKUP_PATH folder. If no modifier is specified, information will be saved in the root of the BACKUP_PATH folder.
When attempting to save information to the folder in which a backup copy already exists, an error message will appear and no update will occur.
The use of the -use_ts option can maintain the archive of the Administration Server data. For example, if the
C:\KLBackups folder was specified using the -path modifier, then information about the Administration Server status as of June 19, 2006, 11:30:18 will be saved in the klbackup 2006-06-19 # 11-30-18 folder.
-restore – restore the Administration Server data. The data will be restored based on information stored in the BACKUP_PATH folder. If the modifier is missing, the data will be copied into the BACKUP_PATH folder.
-savecert PASSWORD – save or restore the Administration Server certificate using the password specified in the PASSWORD setting for encrypting/decrypting the certificate.
Full restoration of the administration system data requires mandatory saving of the Administration Server certificate.
When restoring the certificate, the password matching the password provided during backup copying must be provided. If the password is incorrect, the certificate will not be restored.
If during the restoration of the Administration Server data, the path to the shared folder has changed, you should verify correct execution of tasks in which the folder is used (update, remote deployment tasks) and, if necessary, change the settings.
M
OVING THE
A
DMINISTRATION
S
ERVER TO A DIFFERENT COMPUTER
To move the Administration Server to a different computer:
1. Create a backup copy of the Administration Server data.
2. Install a new Administration Server.
To simplify moving the administration groups, it is desirable that the new server's address match the old server's address. The address (computer's name in the Windows network or IP address) is indicated in the Network
Agent's settings as part of the parameters used to connect to the Server.
3. Restore the old server's data from the backup copy on the new Administration Server.
4. If the addresses (computer's name in the Windows network or the IP address) of the new and the old servers do not match, create a Change Kaspersky Administration Server task on the old server for the Managed computers group to connect the client computers to the new Server.
If the addresses match, there is no need to create the server change task as the connection will be made using the Server address specified in the settings.
5. Remove the old Administration Server.
305
R E F E R E N C E G U I D E
To move the Administration Server to a different computer, and change the Administration Server database:
1. Create a backup copy of the Administration Server data.
2. Install a new SQL server.
To ensure that the information is moved correctly, the database on the new SQL server must have the same collation as the old SQL server being replaced.
3. Install a new Administration Server. The names of the databases of the new and old SQL servers must be the same.
To simplify moving the administration groups, it is desirable that the new server's address match the old server's address. The address (computer's name in the Windows network or IP address) must be indicated in the
Network Agent's settings as part of the parameters used to connect to the Server.
4. Restore the old server's data from the backup copy on the new Administration Server.
5. If the addresses (computer's name in the Windows network or the IP address) of the new and the old servers do not match, create a Change Kaspersky Administration Server task on the old server for the Managed computers group to connect the client computers to the new Server.
If the addresses do match, there is no need to create the server change task as the connection will be made automatically.
6. Remove the old Administration Server.
T
RACKING VIRUS OUTBREAKS
Kaspersky Administration Kit allows control over virus activity on client computers using the Virus outbreak event registered in the Administration Server operation.
E
NABLING VIRUS OUTBREAK DETECTION
To ensure that the Virus outbreak event is registered in administration groups and that a notification about it is issued:
1. In the console tree select the node corresponding to the necessary Administration Server, open the context menu and use the Properties command. This will open the Administration Server <server name> Properties dialog window.
306
A D D I T I O N A L F E A T U R E S
2. On the Virus outbreak tab (see the figure below) check the boxes next to the names of the required types of anti-virus applications, and specify parameter values that determine the threshold of virus activity. Any time that a threshold is exceeded will be considered as increased virus activities producing a Virus outbreak event.
Figure 265. Viewing the Administration Server properties. The Virus outbreak tab
307
R E F E R E N C E G U I D E
3. Use the Events tab (see the figure below) while configuring Critical events to select the Virus outbreak event type and specify the notification settings.
Figure 266. Viewing the Administration Server properties. The Events tab
308
A D D I T I O N A L F E A T U R E S
4. In policies for all anti-virus applications use the Events tab (see the figure below) to configure the Critical event to select the Infected objects detected type of events and in the properties window of this event check the On
Administration Server for (days) box.
Figure 267. Editing a policy. The Events tab
To count the Infected objects detected events, only information from the client computers of the master
Administration Server is to be taken into account. For each slave Server the Virus outbreak event is configured individually.
C
HANGING THE APPLICATION POLICY WHEN A
V
IRUS OUTBREAK
EVENT IS REGISTERED
To ensure that the current application policy changes once a Virus outbreak event occurs:
1. Open the Administration Server properties window.
2. Select the Virus outbreak tab.
3. Click the Configure policies to activate on "Virus outbreak" event link and use the window that opens (see the figure below) to:
309
R E F E R E N C E G U I D E
Select the virus outbreak type according to the application type: Anti-Virus for workstations and servers,
Anti-Virus for mail servers, Anti-Virus for perimeter protection.
Figure 268. Configuring the Virus outbreak event . Selecting the policies for activation
In the appropriate field create the list of policies using the buttons to the right:
To add a policy to the list, press the Add button and in the Select a policy window (see the figure below) check the box of the required policy in the suggested tree. If you select an administration group, then all the policies of that group will be marked for addition to the list.
310
A D D I T I O N A L F E A T U R E S
To remove a policy from the list, select the policy and press the Delete button (see the figure above).
Figure 269. The group selection window
A
UTOMATION OF THE
K
ASPERSKY
A
DMINISTRATION
K
IT
OPERATION
(
KLAKAUT
)
Operation of the Kaspersky Administration Kit can be automated using the klakaut automation object. This utility and its help system are located in the application installation folder in the klakaut subfolder.
C
USTOM TOOLS
Kaspersky Administration Kit makes it possible to create a list of external tools, i.e. applications, which will be invoked for a client computer from the Administration Console using the Custom tools group of the context menu. Each tool in the list will be associated with a separate menu command, which the Administration Console uses to start the application corresponding to that tool.
The application starts on the administrator's workstation, i.e. the computer with the installed Administration Console. The application can accept the attributes of a remote client computer as command line options (NetBIOS name, DNS name,
IP address). The remote computer can be accessed via a specifically opened tunneled connection.
The default list of custom tools contains the following service programs for each client computer:
Remote diagnostics – Kaspersky Administration Kit remote diagnostics utility.
Remote Desktop – standard Windows Remote Desktop Connection component.
Computer management
– standard Windows component.
You can add or remove custom tools and edit their settings using the Add , Remove , and Modify buttons.
C
ONFIGURING INTERFACE
Kaspersky Administration Kit allows the administrator to configure the Administration Console interface.
311
R E F E R E N C E G U I D E
To change the specified interface settings:
1. In the console tree, select the Administration Server node.
2. Go to the View Configuring interface menu. This will open the corresponding window (see the figure below).
Figure 270. Viewing the group properties. The Configuring interface window
3. In the window that opens, you can specify the following parameters:
Display slave Administration Servers .
Display security settings tabs .
Display application registry .
The maximum number of computers displayed in the results pane . This setting determines the number of computers displayed in the Administration Console results pane. The default value is 2000.
If the number of computers in the group exceeds the specified value, a corresponding notification will be displayed on the screen. To view the list of all computers, increase the parameter value.
The parameter defined for the maximum number of displayed hosts in the settings of a group (or domain) applies to all groups on all hierarchy levels and for all domains.
312
REFERENCE INFORMATION
The tables in this section contain reference information about the context menu items of the Administration Console objects, results pane objects and the meaning of statuses assigned to network objects and administration groups.
I N THIS SECTION
C
ONTEXT MENU
The table below contains a list of Administration Console objects and the context menu commands available for them.
Table 3. Context menu items of the Administration Console objects
O BJECT I TEM C OMMAND PURPOSE
General items of the context menu
Refresh
Export list
Properties
Kaspersky Administration
Kit
<Administration Server name>
Create Administration Server
Connect to Administration Server
Managed computers
Refresh the selected object.
Export the current list into file.
Open the properties window for the selected object.
Add an Administration Server to the console tree.
Connect to Administration Server.
Disconnect from Administration
Server
Install application
Search
View
Delete
Configuring interface
Install application
Search
Reset Virus Counter
Virus activity level
Disconnect from Administration Server.
Launch the Deployment Wizard.
Open the computer search window.
Modify interface settings.
Remove an Administration Server from the console tree.
Create and run a deployment task for a group.
Search for computers, groups and slave
Administration Servers matching the specified criteria.
Reset virus counters for the client computers included in groups.
Create a report about the virus activity level of the client computers included in a group.
Create an administration group. New Group
All tasks Create groups structure Create a group structure based on the domain structure or the Active Directory.
313
R E F E R E N C E G U I D E
O BJECT
Managed computers
Policies
Managed computers
Group tasks
Managed computers
Client computers
Managed computers
Administration Servers
I TEM C OMMAND PURPOSE
All tasks Force synchronization Force synchronization for the computers included in the administration group.
All tasks
Import
Show message
New Policy
All tasks Import
View Inherited policies
New Task
All tasks Import
View Inherited tasks
New Computer
View Administration Server
Show a message to the user.
Import a policy from a file.
Create a policy.
Import a policy from a file.
Display inherited policies in the results pane.
Create a group task.
Import a task from file.
Display inherited group tasks in the results pane.
Add a client computer to the group.
Go to the master Administration Server.
Reports and notifications New Report template
Kaspersky Administration
Kit tasks
New Task
Tasks for specific computers
All tasks Import
New Task
All tasks Import
New New selection Event and computer selections Computer selections
Event and computer selections Events
All tasks
New
Import
New selection
All tasks Import
Unassigned computers Search
Unassigned computers
Domains
Unassigned computers
Active Directory
Unassigned computers
IP subnets
Repositories Updates
All tasks
View
New
Computer Activity
Find computer
IP range
Repositories Installation packages
New Installation package
Download updates
Configure updating settings
Create a report template.
Create a task executed only by the
Administration Server.
Import a task from file.
Create a task for any set of client computers.
Import a task from file.
Create a selection to search for computers.
Import a task from file.
Create a selection to search for computers.
Import selection from file.
Search for computers, groups and slave
Administration Servers matching the specified criteria.
Configure the Administration Server response to the absence of computer activity in the network.
Find a computer located in the Active Directory organization unit.
Add an IP subnet to the network.
Create an installation package.
Create an Administration Server updates download task.
Configure the updates download task of the
Administration Server.
314
R E F E R E N C E I N F O R M A T I O N
O BJECT I TEM
Anti-virus Database Versions
Report
All tasks Clear updates repository
Repositories Licenses Add License
Licensing Report
Install license
C OMMAND PURPOSE
Create and view a report on database versions.
Clear updates repository on the Administration
Server.
Install a new license.
Create and view a report on the licenses installed on client computers.
Create a task for the installation of a new license for a Kaspersky Lab application managed via
Kaspersky Administration Kit.
R
ESULTS PANE
The table below contains a list of Administration Console objects and the columns displayed for them in the standard view results pane.
O BJECT
Managed computers
Managed computers
Managed computers
Policies
Group tasks
C OLUMN
Name
Name
Status
Failed
Application
Inherited
Modified
Name
Modified
Running
Scheduled
Paused
Task type
Application
Completed
Table 4. Items in the results pane
C OLUMN DESCRIPTION
Names of child folders inside the
Managed computers folder.
Policy name.
Policy status. If a policy is enabled, the
Active value is displayed. If a policy is disabled, the field is empty.
Name of the application regulated by a policy.
Name of the group from which a policy was inherited. If the policy is not inherited, the field is empty.
The icon is displayed next to the name of an inherited policy.
Date and time of last policy modification.
Task name.
Task type.
Name of the application for which the task is created.
Date and time of last task modification.
The number of computers on which a task is in progress.
The number of computers on which a task is completed.
The number of computes on which a task is completed with an error.
The number of computers on which a task is scheduled.
The number of computers on which a task
315
R E F E R E N C E G U I D E
O BJECT C OLUMN
Inherited
Managed computers Client computers
Name
Managed computers
Administration Servers
Name
Reports and notifications Name
Kaspersky Administration Kit tasks Name
Task type
Application
Modified
Scheduled
Paused
Running
Tasks for specific computers
Completed
Failed
Name
Task type
Application
Modified
Scheduled
Paused
Running
Completed
Failed
C OLUMN DESCRIPTION is paused.
Name of the group from which a task was inherited. If the task is not inherited, the field is empty.
The icon is displayed next to the name of an inherited task.
Computer name (NETBIOS name or host
IP address).
Computer name (NETBIOS name or host
IP address).
Report or notification name.
Task name.
Task type.
Name of the application for which the task is created.
Date and time of last task modification.
The number of computers on which a task is scheduled.
The number of computers on which a task is paused.
The number of computers on which a task is in progress.
The number of computers on which a task is completed.
The number of computes on which a task is completed with an error.
Task name.
Task type.
Name of the application for which the task is created.
Date and time of last task modification.
The number of computers on which a task is scheduled.
The number of computers on which a task is paused.
The number of computers on which a task is in progress.
The number of computers on which a task is completed.
The number of computes on which a task is completed with an error.
316
O BJECT
Event and computer selections
C OLUMN
Name
Unassigned computers Domains Name
OS Type
Domain
Agent Anti-Virus
Visible
Last update date
Status
Status description
Last status date
DNS Name
IP-address
Connecting to Server
Unassigned computers Active
Directory
Name
OS Type
Domain
Agent / Anti-Virus
317
R E F E R E N C E I N F O R M A T I O N
C OLUMN DESCRIPTION
Selection name.
Computer name (NETBIOS name or host
IP address).
Name of the operating system installed on the computer.
One of the following icons appears next to the computer name depending on the operating system type: – for a server, and – for a workstation.
Windows domain or workgroup including the host.
The status of applications installed on a computer. For the Network Agent or an anti-virus application that can be managed by Kaspersky Administration Kit the "+"
(plus) sign is displayed, if they are installed on a computer. If the applications are not installed, the "-" (minus) sign is displayed.
Date when a computer was last registered by its Server in the network.
Date of the last database or application update on the host.
Current computer status
( OK / Warning / Critical ), assigned on the basis of administrator-defined criteria. The condition that caused assignment of the current status is displayed in brackets.
The reason for assigning a status to the client computer.
Date when the information about a computer on its Administration Server was last updated.
DNS name of a computer.
IP-address of a computer.
Last time when the Network Agent installed on client computer contacted the
Administration Server.
Computer name (NETBIOS name or host
IP address).
Name of the operating system installed on the computer.
One of the following icons appears next to the computer name depending on the operating system type: – for a server, and
– for a workstation.
Windows domain or workgroup including the host.
The status of applications installed on a
R E F E R E N C E G U I D E
O BJECT C OLUMN
Visible
Last update date
Status
Status description
Last status date
DNS Name
IP-address
Connecting to Server
Unassigned computers IP subnets Name
OS Type
Domain
Agent
Visible
Status
/ Anti-Virus
Last update date
C OLUMN DESCRIPTION computer. For the Network Agent or an anti-virus application that can be managed by Kaspersky Administration Kit the "+"
(plus) sign is displayed, if they are installed on a computer. If the applications are not installed, the "-" (minus) sign is displayed.
Date when a computer was last registered by its Server in the network.
Date of the last database or application update on the host.
Current computer status
( OK / Warning / Critical ), assigned on the basis of administrator-defined criteria. The condition that caused assignment of the current status is displayed in brackets.
The reason for assigning a status to the client computer.
Date when the information about a computer on its Administration Server was last updated.
DNS name of a computer.
IP-address of a computer.
Last time that the Network Agent installed on client computer contacted the
Administration Server.
Computer name (NETBIOS name or host
IP address).
Name of the operating system installed on the computer.
One of the following icons appears next to the computer name depending on the operating system type:
– for a server,
– for a workstation.
Windows domain or workgroup including the host.
The status of applications installed on a computer. For the Network Agent or an anti-virus application that can be managed by Kaspersky Administration Kit the "+"
(plus) sign is displayed, if they are installed on a computer. If the applications are not installed, the "-" (minus) sign is displayed.
Date when a computer was last registered by its Server in the network.
Date of the last database or application update on the host.
Current computer status
( OK / Warning / Critical ), assigned on the basis of administrator-defined criteria. The condition that caused assignment of the current status is displayed in brackets.
318
O BJECT
Repositories packages
Repositories
Repositories
Installation
Updates
Licenses
Repositories Quarantine
C OLUMN
Status description
Last status date
DNS Name
IP-address
Connecting to Server
License period
Expiration date
Application
Active for
Additional for
About client
Computer
Name
Status
Current action
Name
Application
Version number
Name
Description
Creation date
Received
Size
Serial number
Type
License count
R E F E R E N C E I N F O R M A T I O N
C OLUMN DESCRIPTION
The reason for assigning a status to the client computer.
Date when the information about a computer on its Administration Server was last updated.
DNS name of a computer.
IP-address of a computer.
Last time that the Network Agent installed on client computer contacted the
Administration Server.
Installation package name.
Application for which the installation package is intended.
Installation version number.
Update name.
Update description.
Kaspersky Lab database release date.
Administration Server download updates date.
Size of the downloaded update.
License number.
The type of installed license (for example, commercial or trial).
Restrictions specified in a license (e.g., the number of computers on which a license may be installed).
Period of license validity.
License expiration date.
Application for which the license is activated.
The number of hosts on which the license is active at the moment.
The number of hosts on which the license is reserved at the moment.
Information about the owner obtained from the key file.
Client computer where an object was found.
Quarantined file name.
Object status assigned to it by an antivirus application.
Action to be performed with the object selected when the object was quarantined.
319
R E F E R E N C E G U I D E
O BJECT
Repositories Backup
C OLUMN
Date of placement
Virus name
Description
Restoration folder
User
Size
Computer
Name
Status
Current action
Date of placement
Virus name
Description
Restoration folder
User
Size
Repositories Unprocessed files Computer
Name
Status
Current action
Date of placement
Virus name
Description
Restoration folder
User
320
C OLUMN DESCRIPTION
Date when an object detected was quarantined.
Name of the threat as it appears in
Kaspersky Lab Virus Encyclopedia.
File description given by the user.
The folder where the file was located before being moved to Quarantine.
The name of the user who has quarantined the file.
File size.
Client computer where an object was found.
Quarantined file name.
Object status assigned to it by an antivirus application.
Action to be performed with the object selected when the object was quarantined.
Date when an object detected was quarantined.
Name of the threat as it appears in
Kaspersky Lab Virus Encyclopedia.
File description given by the user.
The folder where the file was located before being moved to Backup.
The name of the user who has moved the file to Backup.
File size.
Client computer where an object was found.
Quarantined file name.
Object status assigned to it by an antivirus application.
Action to be performed with the object selected when the object was quarantined.
Date when an object detected was quarantined.
Name of the threat as it appears in
Kaspersky Lab Virus Encyclopedia.
File description given by the user.
The folder where the file was located before being moved to the Unprocessed files folder.
The name of the user who has moved the file to the Unprocessed files folder.
R E F E R E N C E I N F O R M A T I O N
O BJECT C OLUMN
Size
C OLUMN DESCRIPTION
File size.
S
TATUSES OF COMPUTERS
,
TASKS AND POLICIES
I
The table below contains a list of icons displayed in the console tree and the results pane of the Administration Console next to the names of client computers, tasks and policies. These icons describe the status of objects.
CON
Table 5. Statuses of computers, tasks and policies
S TATUS
Computer running an operating system for workstations, detected in the network and not included in any administration group.
Computer running an operating system for workstations, included in an administration group, status OK .
Computer running an operating system for workstations, included in an administration group, status Warning .
Computer running an operating system for workstations, included in an administration group, status Critical .
Computer running an operating system for workstations, included in an administration group, the connection of which with Administration Server is no longer maintained.
Computer running an operating system for servers, detected in the network and not included in any administration group.
Computer running an operating system for servers, included in an administration group, status OK .
Computer running an operating system for servers, included in an administration group, status Warning .
Computer running an operating system for servers, included in an administration group, status Critical .
Computer running an operating system for servers, included in an administration group, the connection of which with Administration Server is no longer maintained.
Cluster included in an administration group, status OK .
Active policy.
Inactive policy.
Active policy inherited from the master Administration Server.
A task (group task, Administration Server task or a task for specific computers) with the status Scheduled or
Completed .
A task (group task, Administration Server task or a task for specific computers) with the status Running .
A task (group task, Administration Server task or a task for specific computers) with the status Failed .
A task inherited from the master Administration Server.
321
GLOSSARY
A
K A S P E R S K Y A D M I N I S T R A T I O N K I T A D M I N I S T R A T O R
The person managing the application operations via the Kaspersky Administration Kit system of remote centralized administration.
B
D A T A B A S E S
Databases compiled by the experts at Kaspersky Lab and containing detailed descriptions of all existing threats to computer security, detection and neutralization methods. The database is constantly updated at Kaspersky Lab as new threats emerge.
W
R E S T O R A T I O N
Relocation of the original object from Quarantine or Backup to its original folder where the object had been stored before it was quarantined, disinfected or deleted, or to a user-defined folder.
R E S T O R A T I O N O F A D M I N I S T R A T I O N S E R V E R D A T A
Restoration of Administration Server data from the information saved in backup copy using the backup utility. The utility can restore: information database of the Administration Sever (policies, tasks, application settings, events saved on the
Administration Server); configuration information about the structure of the logical network and client computers; repository of the installation files for deployment of applications (content of the Packages, Uninstall, Updates folders);
Administration Server certificate.
Q
E
R E S E R V E L I C E N S E
The license installed for the operation of a Kaspersky Lab application, which has not been activated. A reserve license is activated when the current license expires.
A V A I L A B L E U P D A T E
A package of updates for the modules of a Kaspersky Lab application including a set of urgent patches released during a certain time interval, and modifications to the application architecture.
F
T A S K
Functions performed by a Kaspersky Lab application are implemented as tasks, for example: Real-time protection of files , Full computer scan and Database update .
T A S K F O R S P E C I F I C C O M P U T E R S
A task assigned for a set of client computers from arbitrary administration groups and performed on those hosts.
322
G L O S S A R Y
E
H
A D M I N I S T R A T I O N S E R V E R C L I E N T ( C L I E N T C O M P U T E R )
A computer, server or workstation running the Network Agent and managed Kaspersky Lab applications.
A D M I N I S T R A T I O N C O N S O L E
Kaspersky Administration Kit component that provides user interface for the management services of the Administration
Server and Network Agent.
I
L O C A L T A S K
A task defined and running on a single client computer.
K
D I R E C T A P P L I C A T I O N M A N A G E M E N T
Application management via local interface.
I N C O M P A T I B L E A P P L I C A T I O N
Anti-virus application of another vendor or a Kaspersky Lab application that does not support management via
Kaspersky Administration Kit.
L
U P D A T E
The procedure of replacement / addition of new files (databases or application modules), downloaded from the
Kaspersky Lab's update servers.
K A S P E R S K Y A D M I N I S T R A T I O N K I T O P E R A T O R
A user monitoring the status and operation of a protection system managed with Kaspersky Administration Kit.
P
T A S K S E T T I N G S
Task-specific application settings.
A P P L I C A T I O N S E T T I N G S
Application settings which are general for all types of its tasks and regulating its operation in general, for example, application performance, logging, and Backup settings.
A P P L I C A T I O N C O N F I G U R A T I O N P L U G I N
A specialized component that provides the interface for application management via the Administration Console. Each application that can be managed via Kaspersky Administration Kit has its own plug-in. It is included in all Kaspersky Lab applications that can be controlled using Kaspersky Administration Kit.
V I R U S A C T I V I T Y T H R E S H O L D
Maximum allowed number of events of the specified type within a limited time; when this is exceeded, it is interpreted as increased virus activity and as a threat of a virus attack. This property is important during periods of virus outbreaks since it enables administrators to react in a timely manner to virus attack threats.
323
R E F E R E N C E G U I D E
P
A D M I N I S T R A T O R ' S W O R K S T A T I O N
Computer with the installed component that provides an application management interface. For anti-virus products, this is the Anti-Virus Console, and for Kaspersky Administration Kit - the Administration Console.
The administrator's workstation is used to configure and manage the server portion of the application; in Kaspersky
Administration Kit - to build the centralized anti-virus system protection for corporate LAN based on Kaspersky Lab applications.
B A C K U P
Special Backup of objects created prior to their first disinfection or removal.
O
K A S P E R S K Y L A B U P D A T E S E R V E R S
List of Kaspersky Lab's HTTP and FTP servers from which applications download databases and module updates to your computer.
A D M I N I S T R A T I O N S E R V E R C E R T I F I C A T E
The certificate used for the Administration Server authentication during connection of Administration Consoles to it and data exchange with client computers. The Administration Server certificate is created during server installation; it is stored in the Cert subfolder of the program folder.
P R O T E C T I O N S T A T U S
Current protection status, which defines the level of computer security.
P E R I O D O F L I C E N S E V A L I D I T Y
Time period during which you can use full functionality of a Kaspersky Lab application. Typically, a validity period of a license is one calendar year after its installation. After license expiration the application functionality becomes limited: you cannot update the application database.
U
R E M O T E I N S T A L L A T I O N
Installation of Kaspersky Lab applications using the services provided by Kaspersky Administration Kit.
E V E N T S E V E R I T Y
Property of an event encountered during the operation of a Kaspersky Lab application. There are four severity levels:
Critical event .
Error .
Warning .
Info .
Events of the same type may have different severity levels depending on the situation in which the event occurred.
L O G O N S C R I P T B A S E D I N S T A L L A T I O N
Method for remote installation of Kaspersky Lab applications, which allows you to link the start of a remote setup task to specified user account(s). When the user logs in to the domain, the system attempts to install the application on the corresponding client computer. This method is recommended for deployment of the company's applications on computers running Microsoft Windows 98 / Me operating systems.
R
324
G L O S S A R Y
P U S H I N S T A L L
Method for remote installation of Kaspersky Lab applications, which lets you install software on the specified client hosts.
For successful push install completion, the account used for the task must have sufficient rights for the remote launch of applications on client computers. This method is recommended for installing software on computers running Microsoft
Windows NT / 2000 / 2003 / XP operating systems and supporting that functionality or to computers running Microsoft
Windows 98 / Me with the Network Agent installed.
S
T
C E N T R A L I Z E D A P P L I C A T I O N M A N A G E M E N T
Remote application management using the administration services provided in Kaspersky Administration Kit.
325
KASPERSKY LAB ZAO
Kaspersky Lab was founded in 1997. Today it is the leading developer of a wide range of high-performance information security software products, including anti-virus, anti-spam and anti-hacking systems.
Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has offices in the
United Kingdom, France, Germany, Japan, the Benelux countries, China, Poland, Romania and the USA (California). A new company office, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky
Lab's partner network includes over 500 companies worldwide.
Today, Kaspersky Lab employs over a thousand highly qualified specialists, including 10 MBA degree holders and 16
PhD degree holders. All the Kaspersky Lab's senior anti-virus experts are members of the Computer Anti-Virus
Researchers Organization (CARO).
Our company's most valuable assets are the unique knowledge and collective expertise accumulated during fourteen years of continuous fighting against computer viruses. A thorough analysis of computer virus activities enables the company's specialists to anticipate trends in the development of malware, and to provide our users with timely protection against new types of attacks. This advantage is the basis of Kaspersky Lab's products and services. The company's products remain one step ahead of other vendors in delivering comprehensive anti-virus coverage to our clients.
Years of hard work have made the company one of the top anti-virus software developers. Kaspersky Lab was the first to develop many of the modern standards for anti-virus software. The company's flagship product, Kaspersky Anti-Virus, reliably protects all types of computer systems against virus attacks, including workstations, file servers, mail systems, firewalls, Internet gateways and hand-held computers. Its easy-to-use management tools maximize the automation of anti-virus protection for computers and corporate networks. A large number of developers worldwide use the Kaspersky
Anti-Virus kernel in their products, including Nokia ICG (USA), Aladdin (Israel), Sybari (USA), G Data (Germany),
Deerfield (USA), Alt-N (USA), Microworld (India), and BorderWare (Canada).
Kaspersky Lab's customers enjoy a wide range of additional services that ensure both stable operation of the company's products, and full compliance with the customer’s specific business requirements. We design, implement and support corporate anti-virus systems. Kaspersky Lab's anti-virus database is updated every hour. The company provides its customers with 24-hour technical support service in several languages.
If you have any questions, comments, or suggestions, you can contact us through our dealers, or at Kaspersky Lab ZAO directly. We will be glad to assist you, via phone or email, in any matters related to our products. You will receive full and comprehensive answers to all your questions.
Kaspersky Lab official site:
Virus Encyclopedia:
Anti-virus laboratory: http://www.kaspersky.com http://www.securelist.com [email protected]
(only for sending suspicious objects in archives) http://support.kaspersky.com/virlab/helpdesk.html
(for sending requests to virus analysts)
326
INDEX
A
Adding
Administration Server ............................................................................................................................................. 26 client computer ..................................................................................................................................................... 134 slave Server ............................................................................................................................................................ 52
Administration Server ................................................................................................................................................... 51
C
Cisco Network Admission Control ................................................................................................................................ 49
Client computers connecting to the Server ....................................................................................................................................... 162 message to the user ............................................................................................................................................. 159 monitoring ............................................................................................................................................................... 71 restarting............................................................................................................................................................... 156 shutting down ....................................................................................................................................................... 152 turning on.............................................................................................................................................................. 149
Context menu ............................................................................................................................................................. 318
D
Data backup utility ..................................................................................................................................................................... 307
Data backup copying task ....................................................................................................................................................................... 304
Deleting policy ...................................................................................................................................................................... 84
E
Event selection customizing ........................................................................................................................................................... 212
Event selections creating ................................................................................................................................................................. 210 viewing the event log ............................................................................................................................................ 209
Exporting policies.................................................................................................................................................................... 93 tasks ..................................................................................................................................................................... 120
G
Group tasks filter ....................................................................................................................................................................... 125 inheritance ............................................................................................................................................................ 119
Groups settings ................................................................................................................................................................... 66 structure.................................................................................................................................................................. 58
I
Importing policies.................................................................................................................................................................... 94 tasks ..................................................................................................................................................................... 121
Information panel creating ................................................................................................................................................................. 181
Information panels changing ............................................................................................................................................................... 185
IP subnet
327
R E F E R E N C E G U I D E
K creating ................................................................................................................................................................. 235 modifying ...................................................................................................................................................... 232, 236
KASPERSKY LAB ...................................................................................................................................................... 332
L
License distribution ............................................................................................................................................................ 269 installation ............................................................................................................................................................. 266 obtaining a key file ................................................................................................................................................ 268 report .................................................................................................................................................................... 268
LICENSE .................................................................................................................................................................... 263
M
Management policies.................................................................................................................................................................... 74
MANAGEMENT
ADMINISTRATION GROUPS ................................................................................................................................ 56
ADMINISTRATION SERVER ................................................................................................................................. 21
LICENSES ............................................................................................................................................................ 263
Managing client computer ..................................................................................................................................................... 149
MANAGING APPLICATION ......................................................................................................................................... 74
Mobile users profile .................................................................................................................................................................... 283 switching conditions .............................................................................................................................................. 287 switching rules ...................................................................................................................................................... 286
N
Network Agent ............................................................................................................................................................ 132
Network Discovery ..................................................................................................................................................... 228
Notifications ................................................................................................................................................................ 202 configuring the settings ........................................................................................................................................... 17 limit ....................................................................................................................................................................... 202
P
Policies activation ................................................................................................................................................................ 82 configuring the settings ........................................................................................................................................... 77 copying ................................................................................................................................................................... 84 creating ................................................................................................................................................................... 74 deleting ................................................................................................................................................................... 84 exporting ................................................................................................................................................................. 93 importing ................................................................................................................................................................. 94 mobile users ......................................................................................................................................................... 282
Policies and tasks conversion wizard ................................................................................................................... 94, 121
Polling
Active Directory group .......................................................................................................................................... 231
IP subnets ............................................................................................................................................................. 232
Windows network ................................................................................................................................................. 229
Q
Quarantine removing an object ............................................................................................................................................... 274 restoring an object ................................................................................................................................................ 275
R
Removing
328
I N D E X
Administration Server ............................................................................................................................................. 28 object .................................................................................................................................................................... 274
Report template creating ................................................................................................................................................................. 174 editing ................................................................................................................................................................... 186
Reports
Administration Servers hierarchy .......................................................................................................................... 199 delivery ................................................................................................................................................................. 195 generating ............................................................................................................................................................. 192 licenses................................................................................................................................................................. 268 viewing.................................................................................................................................................................. 192
Repositories application registry ................................................................................................................................................ 276
Backup.................................................................................................................................................................. 273 installation packages ............................................................................................................................................ 270
Quarantine ............................................................................................................................................................ 273
REPOSITORIES
LICENSES ............................................................................................................................................................ 263
UPDATING ........................................................................................................................................................... 240
S
Slave Servers adding ..................................................................................................................................................................... 52 configuring .............................................................................................................................................................. 53 viewing.................................................................................................................................................................... 54
Statistics ............................................................................................................................................................. 177, 178
Switching between Servers .......................................................................................................................................... 25
T
Tasks
Administration Server ............................................................................................................................................. 97
Administration Server change task ....................................................................................................................... 146 data backup copying ............................................................................................................................................. 304 delivery of reports ................................................................................................................................................. 195 execution .............................................................................................................................................................. 123 exporting ............................................................................................................................................................... 120 for specific computers ............................................................................................................................................. 97 group tasks ............................................................................................................................................................. 97 importing ............................................................................................................................................................... 121 installing a license ................................................................................................................................................ 266 local ...................................................................................................................................................................... 111 managing the client computers ............................................................................................................................. 149 viewing results ...................................................................................................................................................... 124
Traffic limit .................................................................................................................................................................... 51
U
Update distribution ............................................................................................................................................ 256, 257, 258 downloading ......................................................................................................................................................... 240
Update Agents ..................................................................................................................................................... 73, 258
Updates verification ............................................................................................................................................................ 252 viewing.................................................................................................................................................................. 255
V
Virus outbreak detection ............................................................................................................................................................... 311 policy .................................................................................................................................................................... 314
Virus protection .......................................................................................................................................................... 281
329
advertisement
Related manuals
advertisement
Table of contents
- 8 About this Guide
- 8 In this document
- 9 Document conventions
- 10 Additional data sources
- 10 Information sources for further research
- 11 Discussing Kaspersky Lab applications in web forum
- 11 Contacting the User documentation development group
- 12 Starting and stopping the application
- 13 Quick Start Wizard
- 13 Step 1. Adding a license
- 16 Step 2. Network Discovery
- 17 Step 3. Configuring notification settings
- 17 Step 4. Configuring anti-virus protection
- 19 Step 5. Downloading updates
- 20 Step 6. Completing the wizard
- 21 Managing Administration Servers
- 21 Connection to the Administration Server
- 23 The utility for selecting the Administration Server service account (klsrvswch)
- 24 Disconnecting from Server
- 25 Switching between Servers
- 25 Adding a Server to the console tree
- 26 Granting rights to use a Server
- 27 Removing a Server from the console tree
- 28 Viewing and changing Administration Server settings
- 28 General Administration Server settings
- 37 Event processing settings
- 44 Virus outbreak event parameters
- 46 General guidelines for relocation of computers
- 49 Configuring Integration with Cisco Network Admission Control (NAC)
- 51 Traffic limit rules
- 51 Slave Administration Servers
- 51 Adding a slave Server
- 53 Configuring the connection of the slave Server to the master Server
- 54 Viewing administration groups of a slave Administration Server
- 55 Connecting to the Administration Server via Internet
- 56 Managing administration groups
- 56 Adding, moving and deleting a group
- 58 Creating the structure of administration groups
- 59 The structure of groups based on the Windows network domains and workgroups
- 61 Group structure based on Active Directory
- 63 Group structure based on the content of the text file
- 65 Viewing information about a group
- 66 Viewing and changing group settings
- 66 General settings
- 68 Granting rights to work with a group
- 69 Conditions that determine computer status
- 70 Monitoring of client computer activity
- 72 Automatic installation of applications on client computers
- 73 Creating the list of Update Agents
- 74 Remote management of applications
- 74 Managing policies
- 74 Creating a policy
- 77 Displaying inherited policy in the nested group results pane
- 77 Viewing and configuring policy settings
- 82 Activating a policy
- 83 Activating a policy based on an event
- 83 Policy for mobile user
- 84 Deleting a policy
- 84 Copying a policy
- 84 Configuring the Network Agent's policy
- 88 Configuring the settings of the Administration Server policy
- 93 Exporting a policy
- 94 Importing a policy
- 94 Policies conversion
- 96 Managing tasks
- 96 Kaspersky Administration Kit tasks
- 96 Tasks for specific computers
- 97 Creating a group task
- 108 Creating an Administration Server task
- 109 Creating a task for specific computers
- 110 Creating a local task
- 112 Viewing and changing task settings
- 118 Displaying an inherited group task in the results pane of a nested group
- 118 Automatic operating system loading on the client computers before task execution
- 119 Turning off the computer after the task execution
- 119 Restricting time for the task execution
- 119 Exporting a task
- 120 Importing a task
- 120 Tasks conversion
- 120 Starting and stopping tasks manually
- 121 Pausing / resuming tasks manually
- 121 Monitoring task execution
- 122 Viewing results of the task execution stored on the Administration Server
- 123 Configuring the event filter for a group task
- 126 Configuring event filter for a selected computer
- 128 Removing a filter
- 128 Local application settings
- 128 Viewing application settings
- 131 Configuring Network Agent
- 133 Client computers
- 133 Adding computers to group
- 134 Viewing information about a client computer
- 138 Viewing client system information
- 145 Administration Server change task
- 148 Client computer management task
- 148 Turning on the client computer
- 151 Shutting down the client computer
- 154 Restarting the client computer
- 158 Sending a message to the user of the client computer
- 161 Connecting the client computer to the Administration Server manually. The klmover.exe utility
- 162 Client-to-Administration Server connection check frequency
- 162 Verifying connection of the client computer to Administration Server manually. The klnagchk.exe utility
- 163 Checking the connection between the client computer and the Administration Server using the Check connection action
- 163 Remote diagnostics of client computers utility (klactgui)
- 165 Enabling and disabling trace, downloading the trace file
- 166 Downloading application settings
- 168 Downloading event logs
- 168 Launching the diagnostics and downloading the results of its operation
- 170 Starting, restarting and stopping the applications
- 172 Reports and notifications
- 172 Creating a report template
- 175 Viewing statistics
- 176 Creating a statistics page
- 178 Changing the set of statistics pages
- 179 Creating an information panel
- 183 Changing the set of information panels
- 184 Viewing and editing report templates
- 190 Generating and viewing reports
- 193 Reports delivery task
- 197 Administration Servers hierarchy reports
- 198 Restricting the number of records included in reports
- 200 Notification limit
- 200 Notifications
- 200 Email notification
- 203 Use NET SEND
- 204 Notification using the executable file to run
- 207 Event and computer selections
- 207 Event selections
- 207 Viewing Kaspersky Administration Kit event log
- 208 Creating an event selection
- 209 Customizing an event selection
- 213 Saving information about events to file
- 214 Deleting events
- 214 Computer selections
- 215 Viewing a computer selection
- 217 Creating a computer selection
- 217 Configuring a computer selection
- 225 Unassigned computers
- 225 Network Discovery
- 226 Viewing and changing the settings for Windows network polling
- 228 Viewing and modifying Active Directory group properties
- 229 Viewing and modifying the settings for IP subnet polling
- 230 Viewing and changing domain settings
- 232 Creating an IP subnet
- 233 Viewing and modifying the IP subnet settings
- 236 Viewing and modifying the Active Directory group properties
- 237 Update
- 237 Creating the task of downloading updates to the repository
- 240 Adding an update source
- 243 Configuring connection to the update servers
- 245 Determining the updates list
- 247 Configuring other update task settings
- 249 Verifying downloaded updates
- 252 Viewing downloaded updates
- 253 Automatic distribution of updates
- 253 Automatic distribution of updates to the client computers
- 253 Automatic distribution of updates to the slave Servers
- 253 Automatic installation of updates to program modules
- 254 Creating the list of Update Agents and configuring the agents
- 256 The task of downloading updates by the Update Agents
- 259 Managing licenses
- 259 Viewing information about installed licenses
- 262 Installing a license
- 263 Running the license installation task creation wizard
- 263 Creating and viewing report on licenses
- 264 Obtaining license using activation code
- 265 Automatic distribution of license
- 266 Repositories
- 266 Installation packages
- 266 Quarantine
- 267 Viewing the properties of a quarantined object
- 268 Removing an object from Quarantine
- 268 Scanning the Quarantine folder on the client computer
- 269 Restoring an object from the Quarantine
- 269 Saving an object from the Quarantine to disk
- 269 Backup
- 269 Viewing the properties of an object placed into the Backup
- 270 Removing an object from the Backup
- 270 Restoring the object from the Backup
- 271 Saving an object from the Backup to disk
- 271 Unprocessed files
- 271 Disinfecting the object from the Unprocessed files folder
- 271 Saving the object from the Unprocessed files folder to disk
- 272 Removing the object from the Unprocessed files folder
- 272 Application registry
- 277 Additional features
- 277 Monitoring anti-virus protection status using system registry data
- 278 Mobile users
- 279 Creating a profile for the mobile users
- 282 Creating the Network Agent switching rule
- 283 Adding a condition to the rule
- 287 Search
- 288 Detecting computers
- 295 Searching for administration groups
- 297 Searching for the slave Administration Servers
- 299 Data backup
- 300 Data backup task
- 302 Data backup and restoration utility klbackup
- 303 Interactive mode of creating a backup copy and data restoration
- 304 Non-interactive mode of creating a backup copy and data restoration
- 305 Moving the Administration Server to a different computer
- 306 Tracking virus outbreaks
- 306 Enabling virus outbreak detection
- 309 Changing the application policy when a Virus outbreak event is registered
- 311 Automation of the Kaspersky Administration Kit operation (klakaut)
- 311 Custom tools
- 311 Configuring interface
- 313 Reference information
- 313 Context menu
- 315 Results pane
- 321 Statuses of computers, tasks and policies
- 322 Glossary
- 322 Kaspersky Administration Kit administrator
- 322 Databases
- 322 Restoration
- 322 Restoration of Administration Server data
- 322 Reserve license
- 322 Available update
- 322 Task
- 322 Task for specific computers
- 323 Administration Server client (Client computer)
- 323 Administration Console
- 323 Local task
- 323 Direct application management
- 323 Incompatible application
- 323 Update
- 323 Kaspersky Administration Kit operator
- 323 Task settings
- 323 Application settings
- 323 Application configuration plug-in
- 323 Virus activity threshold
- 324 Administrator's workstation
- 324 Backup
- 324 Kaspersky Lab update servers
- 324 Administration Server certificate
- 324 Protection status
- 324 Period of license validity
- 324 Remote installation
- 324 Event severity
- 324 Logon script-based installation
- 325 Push install
- 325 Centralized application management
- 326 Kaspersky Lab ZAO
- 327 Index