Windows ADM Templates and Group Policy v1.0 InterSect Alliance International Pty Ltd Page 1 of 8
Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect damages in connection with the use of this material. No part of this work may be reproduced or transmitted in any form or by any means except as expressly permitted by Intersect Alliance International Pty Ltd. This does not include those documents and software developed under the terms of the open source General Public Licence, which covers the Snare agents and some other software. The Intersect Alliance logo and Snare logo are registered trademarks of Intersect Alliance International Pty Ltd. Other trademarks and trade names are marks and names of their owners as may or may not be indicated. All trademarks are the property of their respective owners and are used here in an editorial context without intent of infringement. Specifications and content are subject to change without notice. InterSect Alliance International Pty Ltd Page 2 of 8
About this document This document is designed to assist a systems administrator with managing the Windows Snare Agents configuration from Microsoft Group Policy settings via the supplied administrative templates. Table of Contents: 1. General Overview Agent Management 2. Using the ADM Templates InterSect Alliance International Pty Ltd Page 3 of 8
1. General Overview Agent Management There are several methods available to manage the Windows Snare Agents: Use the Snare Server Agent Management Console (AMC) Manually configure the agent registry settings Manually manage the settings from each agents GUI interface Manage all or part of the configuration via Microsoft Group Policy This document focuses on the Microsoft Group Policy v1.0 settings and how they can be controlled using the administrative templates. This feature was made available for the following agent versions: Snare Agent Type Windows Epilog MSSQL Supported Agent Versions from the V1.0 ADM templates 4.2.x 1.7.x 1.2.x InterSect Alliance International Pty Ltd Page 4 of 8
2. Using the ADM Templates The following Administrative Templates (ADM) are available to configure the Windows Snare Agents either individually or via a super group policy. InterSect Alliance (Super Group Policy).adm InterSect Alliance (Epilog Agents Group Policy).adm InterSect Alliance (MSSQL Agents Group Policy).adm InterSect Alliance (Win Agents Group Policy).adm The above administrative templates can be downloaded from the Intersect Alliance website in the Secure Area. The settings applied through Super Group Policy (SPG), are applicable to all types of agents running on the network. The specific Agent Group Policy (AGP) settings are only applicable to all same type of agents running on the network. The templates can be loaded via the following method: Load the Microsoft Group Policy Management tool via Start/Administrative Tools/Group Policy Management Expand the Group Policy domain and container to load the templates into for example, Right click on the Default Domain Policy and select edit. This will load the Group Policy Management Editor. InterSect Alliance International Pty Ltd Page 5 of 8
Expand the Computer Configuration/Policies/Administrative Template: Policy definitions (ADMX) files Right click on the Administrative Template menu option and then select add and browse to the adm templates that were downloaded. Click on the templates and then select open (note you can select multiple templates using control left click). Once selected select close on the item box. If you expand the Classic Administrative Templates (ADM) menu item you should see the following To manage the settings expand the policy groups and select the individual settings then enable that settings and enter the values desired. For example to set all agents via a Super Group Policy to use the same destination IP, port and protocol change the following: InterSect Alliance International Pty Ltd Page 6 of 8
After the settings have been applied they will be saved in group policy. To force the settings out in the network perform a gpupdate /force from an administrative command prompt. InterSect Alliance International Pty Ltd Page 7 of 8
Once complete review the agent settings and they should have received the updated settings via group policy. You can now see the following highlighted settings are updated in the Snare Agent As you can see the highlighted settings are now managed via GPO (as highlighted by the SGP tags in red) and the other settings (tagged as LR) remain under local control of the agent and local registry. Once the settings are enabled via Super Group Policy (SGP) or Agent Group Policy (AGP), the agent GUI interface can no longer change the settings. If someone was to change the registry it will be overridden with the group policy settings. In general the Super Group Policy template is used to control settings that are common to all Windows Agents. Where individual agent type settings are required then the agent type policies can be selected and updated. Where fine grain control of agent settings from within the same type of agent is required then they should be managed via the Snare Server Agent Management Console or individually. InterSect Alliance International Pty Ltd Page 8 of 8