LT Auditor+ 2013. Windows Assessment SP1 Installation & Configuration Guide

Similar documents
Specops Command. Installation Guide

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Moving the TRITON Reporting Databases

Pearl Echo Installation Checklist

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Installing and Configuring Login PI

SQL Server 2008 R2 Express Edition Installation Guide

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

Setting up an MS SQL Server for IGSS

ACTIVE DIRECTORY DEPLOYMENT

Moving the Web Security Log Database

How to Create a Delegated Administrator User Role / To create a Delegated Administrator user role Page 1

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Avatier Identity Management Suite

NovaBACKUP Remote Workforce Version 12.5 Cloud Restore

Upgrade Guide BES12. Version 12.1

Setup and configuration for Intelicode. SQL Server Express

NETWRIX EVENT LOG MANAGER

4cast Client Specification and Installation

NovaBACKUP xsp Version 15.0 Upgrade Guide

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Operating System Installation Guide

Install SQL Server 2014 Express Edition

WhatsUp Gold v16.3 Installation and Configuration Guide

safend a w a v e s y s t e m s c o m p a n y

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Table of Contents. CHAPTER 1 About This Guide CHAPTER 2 Introduction CHAPTER 3 Database Backup and Restoration... 15

NSi Mobile Installation Guide. Version 6.2

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Avatier Identity Management Suite

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

LepideAuditor Suite for File Server. Installation and Configuration Guide

Sitecore Ecommerce Enterprise Edition Installation Guide Installation guide for administrators and developers

Reference and Troubleshooting: FTP, IIS, and Firewall Information

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

intertrax Suite resource MGR Web

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

NETWRIX WINDOWS SERVER CHANGE REPORTER

DocAve Upgrade Guide. From Version 4.1 to 4.5

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Installing Cobra 4.7

Configuration Guide. BES12 Cloud

QUANTIFY INSTALLATION GUIDE

Installation Guide v3.0

Setting Up the Device and Domain Administration

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Installation & Configuration Guide

File Auditor for NAS, Net App Edition

Enterprise Manager. Version 6.2. Installation Guide

Setup Guide for AD FS 3.0 on the Apprenda Platform

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Synthetic Monitoring Scripting Framework. User Guide

EventTracker: Support to Non English Systems

Migrating helpdesk to a new server

WhatsUp Gold v16.1 Installation and Configuration Guide

Migrating MSDE to Microsoft SQL 2008 R2 Express

Management Center. Installation and Upgrade Guide. Version 8 FR4

ManageEngine IT360. Professional Edition Installation Guide.

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Deploying System Center 2012 R2 Configuration Manager

Citrix EdgeSight for NetScaler Rapid Deployment Guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Microsoft Corporation. Project Server 2010 Installation Guide

Installing Active Directory

ProSystem fx Document

Kaspersky Lab Mobile Device Management Deployment Guide

SOFTWARE INSTALLATION INSTRUCTIONS CLIENT/SERVER EDITION AND WEB COMPONENT VERSION 10

RoomWizard Synchronization Software Manual Installation Instructions

EntroWatch - Software Installation Troubleshooting Guide

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Distributing SMS v2.0

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

GUARD1 PLUS SE Administrator's Manual

LT Auditor+ for Windows

Abila MIP. Installation Guide

Installing LearningBay Enterprise Part 2

Administrator s Upgrade Guide.

Laptop Backup - Administrator Guide (Windows)

Integrating LANGuardian with Active Directory

BackupAssist v6 quickstart guide

DriveLock Quick Start Guide

NETWRIX USER ACTIVITY VIDEO REPORTER

Bosch ReadykeyPRO Unlimited Installation Guide, product version 6.5. This guide is item number DOC , revision 2.029, May 2012.

VeriCentre 3.0 Upgrade Pre-Installation and Post Installation Guidelines

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

NETWRIX EVENT LOG MANAGER

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

File System Auditor Release Notes

XMap 7 Administration Guide. Last updated on 12/13/2009

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Server Installation, Administration and Integration Guide

Lieberman Software Corporation Enterprise Random Password Manager

Smart Cloud Integration Pack. For System Center Operation Manager. v User's Guide

Release Note RM Unify CSV Extraction Tool

Zanibal Plug-in For Microsoft Outlook Installation & User Guide Version 1.1

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

Installing GFI MailArchiver

Transcription:

LT Auditor+ 2013 Windows Assessment SP1 Installation & Configuration Guide

Table of Contents CHAPTER 1- OVERVIEW... 3 CHAPTER 2 - INSTALL LT AUDITOR+ WINDOWS ASSESSMENT SP1 COMPONENTS... 4 System Requirements... 4 Pre-requisites for the LT Auditor+ Windows Assessment installation... 4 LT Auditor+ Windows Assessment Components... 4 Installation Steps... 5 LT Auditor+ Windows Assessment Manager Component (LTWAMC)... 5 LT Auditor+ Windows Assessment Agent Component (LTWAAC)... 10 CHAPTER 3 SETUP SCANS WITH LT AUDITOR+ WINDOWS ASSESSMENT (LTWA).. 11 Schedule Scan Jobs... 12 Job Status... 14 Delete Scan Jobs... 14 Run Now... 14 Connect to a Remote Server... 14 CHAPTER 4 REPORTING FOR LT AUDITOR+ WINDOWS ASSESSMENT... 16 CHAPTER 5 SETTING UP DELETION JOB... 18 APPENDIX A POWERSHELL SCRIPTS... 22 APPENDIX B LT AUDITOR+ SETTINGS WHEN USING SYSLOG... 23 Setup LT Auditor+ Windows Assessment (LTWA)... 23 APPENDIX C TROUBLESHOOTING... 26 Check Points... 26 Error messages... 26 APPENDIX D WHAT IS NEW IN LT AUDITOR+ WINDOWS ASSESSMENT SP1... 26 APPENDIX E UPGRADING TO LT AUDITOR+ WINDOWS ASSESSMENT SP1... 28 1 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

2 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Chapter 1- Overview The LT Auditor+ 2013 Windows Assessment (LTWA) application can be used to collect and record information on configuration settings, vulnerabilities and permissions on the following entities: Active Directory Users, Groups, and other objects; Windows (NTFS) File Systems such as DAS (Direct Attached Storage), SAN (Storage Area Networks) and NAS (Network Attached Storage) systems; LTWA integrates into the LT Auditor+ 2013 framework and therefore can leverage audit data collected with other LT Auditor+ 2013 modules. Insights can now be gained on who has the rights to access critical file shares while documenting who does access these file systems. The architecture diagram below shows how the LTWA integrates into the LT Auditor+ ecosystem. 3 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Chapter 2 - Install LT Auditor+ Windows Assessment SP1 Components The section provides an overview on how LTWA is installed and configured. Included in this section are systems requirements, pre-requisites. Please review APPENDIX D for details on what is new in LT Auditor+ Windows Assessment SP1. System Requirements Meet the same systems requirement to install an LT Auditor+ Windows agent as described in the LT Auditor+ 2013 Installation Guide. Pre-requisites for the LT Auditor+ Windows Assessment installation Must have LT Auditor+ 2013 (Framework version HF 1302) installed. Must have LT Auditor+ 2013 Syslog Processor installed. PowerShell 2.0 and above. Installer must have administrative privileges to install LT Auditor+ Windows Assessment. Note: Please review the HF1302 Installation Guide for documentation on installation or upgrade to LT Auditor+ 2013 HF1302. LT Auditor+ Windows Assessment Components After you download and extract the LT_Auditor+_Windows_Assessment.zip file, the following files should be available for the installation process: 1. Setup_LT_Assessment_Manager_x64.exe (Manager component)( 2. Setup_LT_Assessment_Agent_x64.exe (Agent component) 3. Setup_LT_Assessment_Manager_x32.exe (Manager component) 4. Setup_LT_Assessment_Agent_x32.exe (Agent component) 4 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Installation Steps LTWA will require the installation of a Manager component as well as an agent component on target Windows servers to be scanned. LT Auditor+ Windows Assessment Manager Component (LTWAMC) The Manager component (LTWAMC) can be installed on any machine as long as the prerequisite requirements are met. Blue Lance recommends that LTWAMC be installed on the machine that hosts the LT Auditor+ Manager. In following section, the term Setup.exe will used to refer to either Setup_LT_Assessment_Manager_x64.exe or Setup_LT_Assessment_Manager_x32.exe based on the operating system selected. 1. Run Setup.exe file from the root of the installation folder to launch the installation of the LTWAMC. 2. Click Install to being up the following screen. 5 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

3. Click Next to bring up the License information screen. 6 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

4. Read the Software License Agreement, and if acceptable, click on I accept the license terms in the license agreement and click Next. 7 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

5. Click Install to start the installation. 8 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

6. Click Finish to complete the installation of the LTWAMC. LTAWMC is installed to the LT Auditor+ folder that hosts the LT Auditor+ SMF installation. 9 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

LT Auditor+ Windows Assessment Agent Component (LTWAAC) The Agent component (LTWAAC) has to be installed on Windows machines and following table can be used as a guideline. Category Scan Information Target Active Directory To scan for Active Directory Users, Groups or any other AD objects File System To scan for files and folders LTWAAC should be installed on one Domain Controller in the environment LTWAAC should be installed on any File Server where there is a requirement to scan for information on the local file system. If the LTWAMC (Manager Component) is installed on a Domain Controller then there is no need to install the LTWAAC on any other Domain Controller. To install LTWAAC copy the Setup_LT_Assessment_Agent_x64.exe or Setup_LT_Assessment_Agent_x32.exe to the target Windows machine and run the executable. The installation steps are identical to the steps described in the section above for the LTWAMC. 10 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Chapter 3 Setup Scans with LT Auditor+ Windows Assessment (LTWA) This section provides instructions on how to use the LT Auditor+ Windows Assessment Console (LTWAC) to schedule scans. This application is installed on the machine where the LTWAMC was installed. To launch the LTWAC click Start All Programs Blue Lance, Inc. Windows Assessment Console to bring up the following window. 11 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

The left pane (Assessment Pane) displays a list of scripts that be selected for any scan job. Click on any script to display the possible reports that be generated in the Assessment Details pane. The following events can be performed with the LTWAC. Schedule Scan Jobs To schedule a scan job: 1. Select one or more scripts listed in the Assessment pane. 2. Click the Schedule button to bring up the Schedule window 12 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

3. Select the desired Frequency for the job. 4. Select Data Transfer Mode. The default data transfer mode leverages LT Auditor+ s communication protocols to transfer data to the LT Auditor+ Manager. This is the recommended approach, however customers can choose to transfer using a Syslog server. To use Syslog: a. Select Syslog and enter the IP Address of the server where the LT Auditor+ Syslog Processor has been installed. b. Select the protocol to use for sending data collected during the scan to the Syslog server. 13 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Please review Appendix B for additional configuration information when using Syslog. 5. Input parameters that can be passed for certain scan jobs. If a selected script requires parameters, the Parameters section will display the default parameters that can be modified. Details on parameters are discussed in APPENDIX A 6. Click the Save button to save the scan job. Job Status The status of any job is displayed by clicking the + symbol that prefixes all scheduled jobs. Details are available on whether the job ran successfully or failed. Delete Scan Jobs To delete a scan job: 1. Click on the desired scan job to delete in the Schedule pane. 2. Right-click and select Delete or click the Delete button. Run Now To run a job immediately: 1. Click on the desired scan job in the Schedule pane. 2. Right-Click and select Run now or click on the Run now button. Connect to a Remote Server To schedule jobs on remote machines: 1. Click the Connect button and browse to the Security Management Framework (SMF) folder where LT Auditor+ has been installed. 14 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

2. Setup a Scan job as described above, Prior to clicking the Connect button, please ensure that you have a drive mapped to the target agent machine. 15 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Chapter 4 Reporting for LT Auditor+ Windows Assessment The default reports are created under the Windows Assessment reporting group as shown below: Click on any of the report and details on how to query a report are provided in the description field. 16 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Please review the LT Auditor+ 2013 Configuration guide for details on configuring and scheduling reports. 17 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Chapter 5 Setting up deletion job Scheduling the deletion of Windows Assessments from the database is done by following these steps Step 1. Login to the Microsoft SQL Server Management Studio and navigate to the section Jobs. Right click and select New Job to create a new job. 18 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Step 2. Enter the details as shown below. Step 3. Select Steps and click on New to create a new step and enter the following details [dbo].[usys_assessmentdatafindfordelete] @SourceDBName = 'LTAProductionDB', @SourceDBSchemaName = 'dbo', 19 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

@DeleteBatchSize = 10000 Note: Select the Production Database only Step 4. Select Schedules and enter the details as shown below. 20 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

Step 5. Click on OK to save the details. The deletion job retains the last assessment run and all older jobs are deleted for each category. 21 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

APPENDIX A PowerShell Scripts LT Auditor+ Windows Assessment uses PowerShell scripts to perform scans. The following table describes the available scripts and the parameters than are accepted for each script. Script Name Reports for this script Parameters GroupMembership Group Memberships Members of Domain Admins/Enterprise Groups Groups Belonged To Groups Without Members UserLastLogons Users Who Have Not Logged In For 90 Days Users Who Have Never Logged In UserPasswordSettings User Passwords Expiring In 30 days Users with Expired Passwords Users With Passwords That Never Expire Users who do not Require Passwords useraccountexpiration User Accounts Expiring In 90 Days Expired User Accounts Accounts That Never Expire SecurityADOU Security Permissions on OUs Security Principals on OUs SecurityADUser Security Permissions on Users Security Principals on Users SecurityADGroup Security Permissions on Groups Security Principals on Groups SecurityADContainer Security Permissions on Containers Security Principals on Containers SecurityFiles Security Permissions on Files FilesIncludeInherited, Security Principals on Files Ownership/Security Permissions on Files FilesStartPath SecurityDirectories Security Permissions on Folders FolderIncludeInherited, Ownership/Security Permissions on Folders FolderStartPath OUSummary OU Summary OULinkedGPOs OUs Linked with GPOs UserSettings User Settings Users With no Email Addresses Users With no Managers 22 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

APPENDIX B LT Auditor+ settings when using Syslog The following steps outline how to configure LT Auditor+ to use the Syslog server. Setup LT Auditor+ Windows Assessment (LTWA) LT Auditor+ Windows Assessment is an add-on module for LT Auditor+ 2013. LTWA requires: 1. LT Auditor+ 2013 HF1302 (or higher) installed and configured in your environment. (For installing and configuring LT Auditor+ 2013 HF1302 please review the HF1302 installation and configuration documentation. 2. The LT Auditor+ 2013 Syslog Processor installed either on the LT Auditor+ Manager machine or any other Windows server. 3. On the LT Auditor+ Group (Manager/Agent) that hosts your Syslog Server Right-Click on the Group and select Assign Assessment Settings to set the default filter and rules. This rules will apply to the new Windows Assessment auditing arm. For example if your Syslog server is hosted on the same machine as the LT Auditor+ Manager follow these steps: a. Right click on the Manager Group and select Assign Assessment Settings b. This will create a filter under the Windows Assessment auditing arm: 23 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

c. After installation of the LTWA components, please ensure that all agent machines are added to the LT Auditor+ Syslog Host and Host-Type tables displayed below. This is achieved with a right-click on the Group and selecting the option Add Assessment Agents. 24 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

25 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

APPENDIX C Troubleshooting Check Points 1. Ensure that scanned data is received by the Kiwi Syslog Server 2. Check PowerShell versions for all agent servers. Supported versions are 2.0 and 3.0. To check launch the PowerShell windows and run the command: $PSVersionTable.PSVersion and this should return the version information as shown below: 3. Ensure that you run the scans for Active Directory objects on a Windows Domain Controller Error messages Any error messages are logged to the Application log 1.) The term 'Get-ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Resolution Please run the scripts on an Active Directory environment. 2.) Failed. Error trying to send message. Resolution Check the connectivity to the Syslog server from the machine running the scripts. Also check the Application log event id 5005 for detailed error. APPENDIX D What is new in LT Auditor+ Windows Assessment SP1 The primary change in LTWA SPI is the ability to transfer assessment data using the standard LT Auditor+ communication engine. The core benefits of using this approach are: 26 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

1. Removes requirement to have a Syslog server thereby improving stability and redundancy by eliminating a single point of failure 2. Reducing network traffic and congestion as data is not streamed in real time to the Syslog server. 3. Eliminating bottleneck issues on the Syslog server when receiving high volumes of data. 27 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

APPENDIX E Upgrading to LT Auditor+ Windows Assessment SP1 To upgrade to SP1 follow these steps. (Note In following section, the term Setup.exe will used to refer to either Setup_LT_Assessment_Manager_x64.exe or Setup_LT_Assessment_Manager_x32.exe based on the operating system selected. 1. Download LT Auditor+ for Windows Assessment SP1 and extract the zip file. 2. On the Manager machine run Setup.exe to bring the following Window 3. Click Yes to start the upgrade process and the following screen will appear 28 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

4. Click Next to start the upgrade process 5. Click Finish to complete. 29 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

6. Repeat steps 2 to 5 for all agent machines but with the executable Setup_LT_Assessment_Agent After the upgrade we recommend that all scheduled jobs be deleted and create new jobs to leverage the new settings. 30 LT Auditor + 2013 Windows Assessment SP1 Installation & Configuration Guide

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information