Hi, Can anyone tell me does SEC 5.4.0 allow for management of a AD setup that contains multiple domains? If it does how do you set this up? Thanks
This thread was automatically locked due to age.
Hi, Can anyone tell me does SEC 5.4.0 allow for management of a AD setup that contains multiple domains? If it does how do you set this up? Thanks
Hello daniel clarkson1,
I see you've also posted in the Central forum - are you comparing the two versions?
management of a AD setup
depends on what you mean. Basically SEC doesn't care about AD. The management component (RMS) which is used to send policies from SEC to the endpoints and status reports from the endpoints to SEC requires that the endpoints can locate (by name or IP) and connect to (on ports 8192 and 8194) the server and ideally the server can connect back to the endpoints' port 8194.
Endpoints update either via UNC (they must be able to locate, reach, and access the share) or HTTP. Depending on the topology it might be expedient to have additional update managers (SUMs) for the individual domains.
There are several ways to install the Endpoint software. Once this is done the endpoint contacts the server, appears in the console, and can subsequently be managed. One way to install is deployment from the console (Protect computers). For this to work you must somehow pre-populate the console with the desired computer objects. Again there are several ways - from importing the names from a text file, importing from AD, discovering, to synchronizing with AD.
If you want to deploy (whether manually or automatically with AD-sync) from SEC your computer names must be globally unique (while SEC can discern computer with the same name in different domains, when it comes to Protect it tries to resolve just the unqualified (NetBIOS-)name), and you need an account that has administrative rights on the endpoint and can access the share on the server.
As the question has come up recently - AD sync has no filtering or post-processing options, it simply mirrors the OU tree and the contained computer objects.
Christian
Hello daniel clarkson1,
I see you've also posted in the Central forum - are you comparing the two versions?
management of a AD setup
depends on what you mean. Basically SEC doesn't care about AD. The management component (RMS) which is used to send policies from SEC to the endpoints and status reports from the endpoints to SEC requires that the endpoints can locate (by name or IP) and connect to (on ports 8192 and 8194) the server and ideally the server can connect back to the endpoints' port 8194.
Endpoints update either via UNC (they must be able to locate, reach, and access the share) or HTTP. Depending on the topology it might be expedient to have additional update managers (SUMs) for the individual domains.
There are several ways to install the Endpoint software. Once this is done the endpoint contacts the server, appears in the console, and can subsequently be managed. One way to install is deployment from the console (Protect computers). For this to work you must somehow pre-populate the console with the desired computer objects. Again there are several ways - from importing the names from a text file, importing from AD, discovering, to synchronizing with AD.
If you want to deploy (whether manually or automatically with AD-sync) from SEC your computer names must be globally unique (while SEC can discern computer with the same name in different domains, when it comes to Protect it tries to resolve just the unqualified (NetBIOS-)name), and you need an account that has administrative rights on the endpoint and can access the share on the server.
As the question has come up recently - AD sync has no filtering or post-processing options, it simply mirrors the OU tree and the contained computer objects.
Christian