KL 009.10 Systems Management Eng Labs v.2.1 Unlocked

Version 2.
Kaspersky Lab www.kaspersky.com
L9.11
Lab 9.1. Managing Licenses of Applications by Other Manufacturers
Lab 9.1
Managing Licenses of Applications by Other Manufacturers

Lab objective. Configure license control limitations for the Perforce application. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. Perforce revision control system is also used in the company. According to the license agreement, 20 users are allowed to use it for free. You want the Licensed applications group management functionality of Kaspersky Security Center to control the number of Perforce client installations and send notifications when their number exceeds 20. Contents. In this lab we will: 1. 2. 3. Activate the Systems Management functionality Create a group of licensed applications for Perforce Generate a report and configure notifications about license violations
Preparation
Turn on the DC computer. Security-Center
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky
Task 1
Activate the Systems Management functionality

As a result of a standard installation, Kaspersky Security Center cannot monitor license violation for the programs installed across the network. To be able to use this capability, a special license is necessary. In this task, we will add the necessary license and make sure that the corresponding interface settings are changed automatically.
L9.12
KASPERSKY LAB KL 009.10: Systems Management Kaspersky Endpoint Security and Management
Security-Center 1. Run the Administration Console
2.
On the Getting started page, in the Administration Server area, click View information about Administration Server key
3. 4.
In the Active key area, click the Modify button In the window that opens, click the Add button
L9.13
Security-Center
5.
On the Select how to add key page, click Load from key file and specify the location of the new key file (ask the instructor about it)
6. 7. 8.
Click Next On the subsequent page, click Finish Select the added key and click OK
9.
Close the Administration Server properties window
L9.14
Security-Center
10. In the Administration Server area of the Getting Started page, click Configure functionality displayed in user interface 11. Note that the Display system management and Display mobile devices management option has been selected automatically
12. Click Cancel 13. Restart the Administration Console
Task 2
Create a group of licensed applications

In this task you will create a group of licensed applications for Perforce and specify its license restrictions.
Security-Center 1. Expand the Applications and vulnerabilities container and open the Licensed applications group management node
2.
Click Add a group of licensed applications
L9.15
Security-Center
3.
Type Perforce for the group name
4.
Click Add
5.
Click Select and select Perforce Visual Components on the list of application
L9.16
Security-Center
6.
Click OK twice
7.
Click Next
8.
Click Add
9.
In the Selecting a key window, click Add
L9.17
Security-Center
10. Type Perforce Free 20-User License for the key name 11. Change the Maximum number value to 20
12. Click OK twice
13. Click Next 14. On the last page of the group creating wizard, click Finish
L9.18 Task 3
Generate a report and configure notifications

In this task you will create a new report template about the statuses of groups of licensed applications and configure e-mail notifications about license violations.
Security-Center 1. In the Licensed applications group management node, click View report on status of groups of licensed applications Type License Management report for the report name and click Next
2.
3.
On the subsequent page, click Finish
L9.19
Security-Center
4. 5.
View the report Open the Getting started page and in the Administration Server area, click Administration Server properties Switch to the Events section Select the Error event type
6. 7.
8.
Open the properties of the The limit of installations has been exceeded for one of the groups of licensed applications event Select the Notify by email option and click OK
9.
10. Close the Administration Server properties window
L9.110 Conclusion
In this lab we studied a new functionality Kaspersky Security Center 10: Licensed applications group management. It enables the administrator to monitor license limitations and expiration dates for any application. For this purpose, a special group is to be created, monitored programs are included in it and license criteria specified, such as quantitative limits and expiration date. This tool helps the administrator to take care of purchasing a new license early before the current license expires, and also plan purchasing additional licenses.
L9.21
Lab 9.2. Installing Windows Updates
Lab 9.2
Installing Windows Updates

Lab objective. Find and install missing Windows updates using the Kaspersky Security Center 10 tools. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. You plan to use the new capabilities of Kaspersky Security Center 10 to regularly search for application vulnerabilities and Windows Updates and automatically install the necessary patches. Also, you want to use the Administration Server as a local Windows update source to save traffic. You need to configure Kaspersky Security Center 10 to solve these tasks. Contents. In this lab we will: 1. 2. 3. 4. Create update download and installation tasks using the Quick Start Wizard Synchronize with Windows Update servers Find vulnerabilities and application updates for the client computers Install critical updates on the workstations
Preparation
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account. PasswordKa5per5Ky Desktop
1. 2.
Boot up the computer named Desktop Log on to the abc\Alex account. Password Ka5per5Ky
Task 1
Create update download and installation tasks

In this task you will run the Quick Start Wizard anew to configure the Vulnerability and Patch Management functionality. It will create the necessary tasks. Also, you will need to re-configure the Network Agent policy to make the Administration Server act as a Windows update source.
L9.22
Security-Center 1. 2. 3. Run the Administration Console Right-click the Administration Server node Select All tasks->Quick Start Wizard
4. 5. 6.
On the welcome page of the wizard, click Next Click Add key later to skip adding the license On the Kaspersky Security Network page, click Next On the E-mail notification settings page, click Next On the Update management settings page, select Find and install application updates and Use Administration Server as WSUS server
7.
8.
9.
Click Next
10. Wait until the tasks are created
L9.23
Security-Center 11. On the Proxy server settings page, click Next 12. On the next page, click Next 13. On the final page, click Finish
14. Select the Managed computers node and switch to the Policies tab
15. Open the properties of the Policy - Kaspersky Security Center Network Agent
L9.24
Security-Center
16. Switch to the Software updates and vulnerabilities section 17. Select the Use Administration Server as WSUS server check box
18. Click OK and wait for the policy to be enforced
Task 2
Synchronize with Windows Update servers

The Quick Start Wizard creates an Administration Server task: Perform Windows Update synchronization. This task regularly downloads data about all available updates from Windows Update servers, which enables the Administration Server to act as a WSUS server.
L9.25
Security-Center 1. Open the Administration Server tasks container
2.
Open the Perform Windows Update synchronization task properties Switch to the Applications section Clear all checkboxes corresponding to the Microsoft products except for Windows products
3. 4.
5.
Switch to the Update languages section
L9.26
Security-Center
6.
Select only English (United Kingdom) and English (United States)
7. 8.
Click OK Run the Perform Windows Update synchronization task and wait for it to complete
L9.27
Task 3
Find vulnerabilities and application updates

After the synchronization task completes, the client computers will be able to use the Administration Server as an update server to save the Internet traffic. Vulnerabilities will also be searched against the Kaspersky Lab vulnerability database downloaded together with anti-virus database updates. In this task you will search for application vulnerabilities and updates.
1. 2. Expand the Managed computers node Select the Workstations group and switch to the Tasks tab
3.
Run the Find vulnerabilities and application updates Windows Workstations task and wait for it to finish
L9.28
4.
Expand the Applications and vulnerabilities node Open the Software updates container
5.
6.
Click the Accept button to the right of the You need to accept license agreements for updates message In the License Agreements window, click Accept all
7.
L9.29
Task 4
Install critical updates on the workstations

In this task we will configure the standard Install application updates and fix vulnerabilities task to install only Critical Microsoft updates and only on the workstations.
1. Select the Managed computers node and switch to the Tasks tab
2.
Open the properties of the Install application updates and fix vulnerabilities task Switch to the Settings section
3.
4.
Open the properties of the Microsoft updates: critical updates, security updates and definition updates rule
L9.210
5. 6.
Switch to the Updates categories section Clear all options except for Critical updates
7. 8.
Click OK Switch to the Exclusions from task scope section In the Exclude computers by OS type area, select Server OS
9.
10. Click OK
L9.211
11. Run the Install application updates and fix vulnerabilities task and wait for it to complete
12. Expand the Reports and notifications node 13. Generate the Software update report
14. Look through the report
L9.212
Conclusion
In this lab we studied the rebuilt functionality of Kaspersky Security Center 10Software updates and vulnerabilities. Now the Administration Server can act as a Microsoft Update server to optimize update download and distribution procedure. Also, the new version allows automatically installing program updates on schedule, and using various rules.
L9.31
Lab 9.3. Fixing Program Vulnerabilities
Lab 9.3
Fixing Program Vulnerabilities

Lab objective. Fix vulnerabilities in the Firefox browser. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. Soon after the deployment, you scanned the software installed on the computers for vulnerabilities. Among other results, you found out that an old version of the Firefox browser is used in the network. Your task is to fix vulnerabilities in the Firefox browser on the client computers using the Systems Management functionality of Kaspersky Security Center 10. Contents. In this lab we will: 1. 2. Create a vulnerability fix task for a third-party application Run the vulnerability fix task and study the results
Preparation
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky Desktop
3. 4.
Boot up the computer named Desktop Log on to the abc\Alex account, password Ka5per5Ky
Task 1
Create a vulnerability fix task for a third-party application

We ran the Find vulnerabilities and application updates task in the previous lab. In this task, you will look through the list of found vulnerabilities. Kaspersky Security Center 10 includes a database of third-party applications created by Kaspersky Lab experts. Kaspersky Security Center can use its data to automatically fix vulnerabilities in known applications. The administrator should only approve an update for a third-party application and create a special rule that will periodically install the recommended updates.
L9.32
Security-Center 1. 2. Run Administration Console Expand the Applications and vulnerabilities node Open the Application vulnerabilities container In the Text field, type *Firefox* and press ENTER
3. 4.
5. 6.
Open the properties of any Firefox vulnerability Switch to the Recommended fixes section
7.
Note that a fix is automatically found for the vulnerability. The fix will upgrade the browser to the latest version
L9.33
Security-Center
8. 9.
Open the Software updates container In the Approved field, select Not defined
10. In the Text field, type *firefox* and press ENTER
11. Open the properties of the Mozilla Firefox update that has the largest version number 12. Set the Update approved by your administrator field value to Installation approved
L9.34
Security-Center
13. Switch to the Computers section
14. Make sure that the update is applicable to the Desktop computer 15. Switch to the Fixed vulnerabilities section
16. Make sure that the update fixes all vulnerabilities found in Mozilla Firefox
L9.35
Security-Center
17. Open the Managed computers -> Workstations node and switch to the Tasks tab
18. Click Create a task 19. Type Install 3rd party application updates for the task name
20. Click Next
L9.36
Security-Center
21. Select the Install critical updates and fix vulnerabilities task type
22. Click Next 23. Click Add and then Rule for third-party updates
24. Select to Install approved updates only
25. Click OK
L9.37
Security-Center
26. Click Next in three windows
27. Click Finish
L9.38
Task 2
Fix the vulnerabilities

In this task we will run the vulnerability fix task, wait for its completion and interpret the results. The task is supposed to fix vulnerabilities in the Mozilla Firefox browser.
Security-Center 1. 2. Run the created task Wait for it to complete
L9.39
Security-Center
3. 4.
Open the Application vulnerabilities container Change the filter to Show only fixed
5. 6.
Open the properties of any Firefox vulnerability Open the Vulnerability instances section
7.
Note that the window is empty
L9.310
Security-Center
8.
Select the Show computers with fixed vulnerability checkbox
9.
Note that the vulnerability was fixed on the Desktop computer
Conclusion
In this lab we learned how to fix vulnerabilities in third-party applications using Kaspersky Security Center tools.
L9.41
Lab 9.4. Installing Programs by Other Manufacturers
Lab 9.4
Installing Programs by Other Manufacturers

Lab objective. Install Skype using the Kaspersky Lab database of applications by other manufacturers. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. You want to quickly install the Skype application on the client computers. Your task is to create Skype installation package using the database of applications by other manufacturers available in Kaspersky Security Center 10 and install it on the client computers. Contents. In this lab we will: 1. 2. Create an installation package for Skype Start the remote installation task and interpret the results
Preparation
1. 2.
1. 2.
Task 1
Create an installation package for Skype

A new method of creating installation packages has appeared in Kaspersky Security Center 10from the application database of Kaspersky Lab. Now the administrator does not need to go to the manufacturers site to download an application, nor look for the command-line options to silently install it; all this is done automatically based on the information available in the database.
L9.42
Security-Center 1. 2. 3. Run Administration Console Expand the Remote installation node Open the Installation packages container
4. 5.
Click Create installation package Click the Create installation package for specified executable file button
L9.43
Security-Center
6.
Type Skype for the package name
7. 8. 9.
Click Next Click the Select arrow Select Application from Kaspersky Lab database
10. In the search box, type *skype* and press ENTER 11. Select Skype for Windows 6.x
L9.44
Security-Center
12. Click OK 13. In the License Agreements window, click Accept all
14. Click Next twice 15. Wait for the package to load
16. Click Finish
L9.45
Task 2
Start the remote installation task and interpret the results

In this task you will remotely install the created installation package, wait for the task completion and interpret its results.
Security-Center 1. 2. Right-click the Skype installation package Click Install application
3.
Click the Select computers for deployment button
L9.46
Security-Center
4.
Select the Desktop computer and click Next
5.
Click Next four times and wait for the task to complete
6.
Open the Managed computers \ Workstations \ Desktops group and switch to the Computers tab
L9.47
Security-Center
7. 8.
Open the properties of the Desktop computer Switch to the Applications registry section
9.
Make sure that a new application has been added to the list, Skype 6.1
Conclusion
In this lab we studied a new capability of Kaspersky Security Center 10: creation of installation packages based on the information available in Kaspersky Lab application database.
L9.48
L9.51
Lab 9.5. Manually Prohibit Network Access to Device
Lab 9.5
Manually Prohibit Network Access to Device

Lab objective. Learn how to manually block and allow network devices. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. You want to use the Network Access Control functionality of Kaspersky Security Center 10. When you activate the network access control system, you see an unknown computer in the list of network devices and decide to block network access until all the circumstances are clarified. Contents. In this lab we will: 1. 2. 3. Install the Network Access Control components Enable the Network Access Control subsystem Block a computer manually
Preparation
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky Partner
1. 2.
Boot up the computer named Partner Log on to the Administrator account, passwordKa5per5Ky
Task 1
Install the Network Access Control components

After a typical installation of Kaspersky Security Center, the Network Access Control subsystem is inactive. To be able to use this functionality, it is necessary to assign the Enforcer role to at least one computer within each broadcast domain (subnet). Any computer where the Network Agent and a special driver are installed can act as an Enforcer. In this task, we will assign the Enforcer role to the computer where the Administration Server is installed.
L9.52
KASPERSKY LAB KL 009.10: Systems Management Kaspersky Endpoint Security for Windows
Security-Center 1. Click Start, Control Panel, Uninstall a program
2.
Select Kaspersky Security Center Administration Server and click Uninstall/Change Click Next
3.
4.
Click Modify
L9.53
Security-Center
5.
Select the Network Access Control check box
6.
Click Next
7. 8.
Click Modify Wait for the installation to complete
9.
Click Finish
L9.54 Task 2
Enable the Network Access Control subsystem

After the driver is installed, the Network access management subsystem is ready, but still inactive. The activation has two steps: Enable Enforcermust be done for each computer assigned the Enforcer role Enable the Network Access Controlcan be done either centrally via the agent policy, or individually for each Enforcer
Security-Center Partner 1. Open the Servers subgroup and switch to the Computers tab
2.
Open the properties of the Security-Center computer Switch to the Applications section
3.
L9.55
Security-Center
Partner
4.
Open the properties of the Kaspersky Security Center Network Agent application Switch to the Managing network access (NAC), Settings section Change the NAC agent operation mode to Main
5.
6.
7.
Click OK twice to close the properties of the Security-Center computer Select the Managed computers node and switch to the Policies tab
8.
9.
Open the properties of the Policy - Kaspersky Security Center Network Agent
L9.56
Security-Center Partner
10. Switch to the Managing network access (NAC) | Settings section 11. Change the NAC operation mode to Standard 12. Close the lock to make these settings required
13. Click OK 14. Wait for the policy to be enforced
L9.57
Task 3
Block a computer manually

The administrator has found an unfamiliar computer in the Administration Console and wants to prohibit any network activity for this device until all the circumstances are clarified.
Security-Center Partner 1. 2. Expand the Unassigned computers node Open the Network devices container
3.
Right-click the Partner computer
4.
Click Block device
L9.58
Security-Center Partner
5.
On the Partner computer, start Internet Explorer Go to www.google.com
6.
7. 8. Right-click the Partner computer
Make sure that the page is inaccessible
L9.59
Security-Center
Partner
9.
Click the Block device menu item again to uncheck it
10. On the Partner computer, restart Internet Explorer 11. Try to open www.google.com once again
12. Make sure that network activity is not blocked this time
L9.510
Conclusion
In this lab we studied the procedure of activating the Network Access Control subsystem. Any computer within a broadcast domain (subnet) can act as an Enforcerfor this purpose, it is necessary to install the Network Agent and a special driver on it. Driver installation can be enabled in the properties of the Network Agent installation package. Also, we tested the simplest example of the subsystem operation in this lab. The administrator can block network access for any device with a single click on the list of detected network devices.
L9.61
Lab 9.6. Redirecting Computers to Authorization Page
Lab 9.6
Redirecting Computers to Authorization Page

Lab objective. Provide a guest computer with network access. Scenario. You are an Anti-Virus security administrator in ABC company. The companys business is organized so that visitors often bring their notebooks in the office. You do not want them to uncontrolledly connect to the corporate network, and plan to use the NAC functionality of Kaspersky Security Center 10 to block network access for non-corporate computers. Meanwhile, the purpose of a visit may necessitate network access. To make the visitors feel at ease, you plan to redirect guest computers to the authorization portal instead of complete blocking so that they are able to access the network using a password. The guest username and password will be communicated to the managers, who will give them to the visitors as necessary. Contents. In this lab we will: 1. 2. 3. Add the gateway or domain controller to the white list Create a rule for redirecting http requests to the authorization page Test the rule
Preparation
Turn on DC computer. Security-Center
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky Partner
3. 4.
Boot up the computer named Partner Log on to the Administrator account, passwordKa5per5Ky
Task 1
Add the gateway or domain controller to the white list

In this task, to avoid accidental blocking of the gateway or domain controller, add both servers to the white list.
L9.62
Security-Center 1. 2. Start the Administration Console Open the Managed computers node and switch to the Policies tab
3.
Open the properties of Policy - Kaspersky Security Center Network Agent Switch to the Managing network access (NAC), Network elements section
4.
5.
Click Add
L9.63
Security-Center
6.
Type Gateway for the element name
7. 8.
Click Add Type IP address 10.28.0.2
9.
Click OK twice
10. Click Add
L9.64
Security-Center
11. Type DC for the element name
12. Click Add 13. Type IP address 10.28.0.10
14. Click OK twice
15. Switch to the White list section 16. Click Add
L9.65
Security-Center
17. Select the Gateway element 18. Click OK
19. Similarly, add the DC element
20. Click OK
L9.66 Task 2
Create a rule for redirecting http requests to the authorization page

In this task you will create a rule that will redirect all http requests from the client computers that are not managed by Kaspersky Security Center to the authorization page. First of all, you will create a category of network devices to which the rule will be applied. It will include guest computers (computers not managed by the Administration Server in terms of Kaspersky Security Center NAC). Additionally, you will need to set the username and password to be specified by guests on the authorization portal.
Security-Center 1. Re-open the properties of Policy - Kaspersky Security Center Network Agent Switch to the Managing network access (NAC) | Network elements section
2.
3. 4.
Click Add Type Unmanaged Computers for the element name
L9.67
Security-Center
5. 6.
Click the Add drop-down arrow Select By computer status
7.
Clear the Computer is managed with Kaspersky Security Center checkbox
8. 9.
Click OK Switch to Authorization page | Accounts
10. Click Add
L9.68
Security-Center
11. Type Guest for the account name 12. Type Qwerty!@ for the password 13. Confirm the Qwerty!@ password
14. Click OK 15. Switch to Access rules | Access restrictions
16. Click Add 17. Type Authorization page for the rule name 18. Click Add 19. Add the Unmanaged Computers element
L9.69
Security-Center
20. In the Restrict network access area, select Redirect to authorization portal
21. Click OK
L9.610
Task 3
Test the rule

After the rule is created and applied, any network activity will be prohibited until the user is authorized. In this task, we will make sure of that.
Security-Center Partner 1. On the Partner computer, start Internet Explorer Go to www.google.com
2.
3.
Make sure that the authorization page opens instead of the Google search page
L9.611
Security-Center
Partner
4. 5.
Type Guest for the login Type Qwerty!@ for the password
6.
Click Submit
7.
Make sure that the initially requested page opens after the successful authorization
L9.612 Conclusion
In this lab we studied a simple authorization portal scenario based on Kaspersky Security Center NAC. If necessary, the administrator can replace the standard authorization page with a custom one to extend its functionality.
L9.71
Lab 9.7. Limiting Access Based on Computer Status
Lab 9.7
Limiting Access Based on Computer Status

Lab objective. Configure limited network access for computers whose status is not OK. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. You want to use the network access control functionality to restrict access to external networks for computers whose status is not OK. At the same time, the local network resources must be accessible even for computers having the Critical status. Contents. In this lab we will: 1. 2. Create a rule allowing computers whose status is not OK to access only the local network resources Test the rule
Preparation
1. 2.
3. 4.
L9.72
Task 1
Create a rule allowing access only to the local network resources

In this task you will create a rule allowing computers whose status is not OK to access only the local network resources. Access to the Internet will be blocked until the computer status changes to OK.
Security-Center 1. 2. Run the Administration Console Select the Managed omputers node and switch to the Policies tab
3.
Open the properties of Policy - Kaspersky Security Center Network Agent
L9.73
Security-Center
4.
Switch to the Managing network access (NAC), Network elements section
5. 6.
Click Add Type Bad Status for the element name
7. 8.
Click the Add drop-down arrow Select By computer status
L9.74
Security-Center Select the Computer status is Warning and Computer status is Critical check boxes
9.
10. Click OK twice 11. Switch to the Network services addresses section
12. Click Add 13. Type Internal addresses for the element name
14. Click Add
L9.75
Security-Center
15. Select Specify IP subnet using the address and the subnet mask 16. In the Subnet address field, type 10.28.0.0 17. In the Subnet mask field, type 255.255.255.0
18. Click OK
19. Click OK 20. Switch to the Access rules, Access restrictions section
21. Click Add 22. Type Bad Status for the rule name 23. Click Add
L9.76
Security-Center 24. Add the Bad Status network element 25. In the Restrict network access area, select Allow specified addresses only 26. Click Select 27. Add the Internal addresses network resource
28. Click OK
L9.77
Task 2
Test the rule

After the rule for computers whose status is not OK is created and applied, they will be allowed to access only the local network addresses. When the status will change to OK, any network activity will be allowed. In this task we will make sure of that.
Security-Center Desktop 1. Open the Desktops subgroup and switch to the Computers tab
2.
Make sure that the Desktop computer status is OK (green) Open computer properties and switch to the Applications section
3.
L9.78
Security-Center Desktop
4.
Select Kaspersky Endpoint Security 10 for Windows and click the Stop button Wait for the application to become Inactive
5.
6. 7.
Click OK Click Refresh in the Administration Console
8.
Make sure that the Desktop computer status has changed to Critical (red)
L9.79
Security-Center
Desktop
9.
On the Desktop computer, run Internet Explorer
10. Go to www.google.com
11. Make sure that the page is inaccessible 12. On the Start menu, click Run 13. Type \\dc 14. Press ENTER
15. Make sure that the local network is accessible
L9.710
16. In the Administration Console, switch to the Computers tab within the Desktops subgroup
17. Open computer properties and switch to the Applications section
18. Select Kaspersky Endpoint Security 10 for Windows and click the Run button
L9.711
Security-Center
Desktop
19. Wait for the application to become Running
20. Click OK 21. Click Refresh in the Administration Console
22. Make sure that the Desktop computer status is OK (green) again
L9.712
23. On the Desktop computer, restart Internet Explorer 24. Once again, try to go to www.google.com
25. Make sure that this time the page is successfully displayed 26. Open the Servers subgroup and switch to the Computers tab
27. Open the properties of the Security-Center computer
L9.713
Security-Center
Desktop
28. Switch to the Applications section
29. Open the properties of the Kaspersky Security Center Network Agent application 30. Switch to the Managing network access (NAC), Settings section 31. Change the NAC agent operation mode to Disabled
32. Click OK twice to close the properties of the Security-Center computer
Conclusion
In this lab we studied the capability to grant access only to some addresses and block the other network activity. For example, a computer that mismatches some criteria can be prohibited from accessing external networks. In this lab, the rule allows the managed computers whose status is not OK to access only the local network addresses and blocks any other activities.
L9.714
L9.81
Lab 9.8. Capturing Operating System Image
Lab 9.8
Capturing Operating System Image

Lab objective. Create an operating system image to be deployed to the client computers using Kaspersky Security Center 10. Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is used for managing client computers. Microsoft Windows 7 operating system is installed on the client computers in the company. The decision was made to deploy a new operating system, Microsoft Windows 8. You are going to use the OS image capture and distribution functionality of Kaspersky Security Center 10. First of all, you need to activate this functionality and create an image of a computer where Windows 8 operating system and the necessary programs (including Network Agent) are installed already. Contents. In this lab we will: 1. 2. Install Windows Automated Installation Kit Capture the computer image with Microsoft Windows 8 operating system and the necessary programs, including Network Agent
Preparation
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky
Task 1
Prepare Kaspersky Security Center to image capturing

After the standard installation, Kaspersky Security Center cannot capture operating system images for two reasons. First, for the Administration Server to be able to capture images, Windows Automated Installation Kit (WAIK) must be installed on the server. It is a free set of tools that automate Windows installation, which can be downloaded from the Microsoft web site. Second, the OS image capture and distribution functionality is not included in the standard distribution of Kaspersky Security Center. These features can be enabled only with a special license, which we installed in lab 9.1. We will install WAIK in this task.
L9.82
Security-Center 1. Make sure that you are working with the Administration Server virtual machine On the VMware console menu, click VM, Removable Devices, CD\DVD, Settings In the Connection area, select Use ISO image file Click the Browse button to select the KB3AIK_EN.ISO file (ask the instructor where this file is located)
2.
3.
4.
5. 6.
Click OK In the AutoPlay window that opens, select Run StartCD.exe
L9.83
Security-Center
7.
On the welcome page of the Windows Automated Installation Kit wizard, click Windows AIK Setup
8.
On the welcome page of the WAIK installation wizard, click Next
9.
On the License Terms page, select I Agree and click Next
L9.84
Security-Center
10. On the Select Installation Folder page, click Next
11. On the Confirm Installation page, click Next
12. Wait for the installation to finish 13. On the Installation Complete page, click Close
L9.85
Task 2
Capture the operating system image

Generally, to be able to capture an operating system image, it is sufficient to know credentials of an administrative account for this computer. However, usually, images help the administrators to save time and effort on installing not only the operating system, but also standard applications. That is why all programs that must be installed on the computers to be given to the users should also be installed on the computer from which the image is taken. These applications may include Microsoft Office or some special software packages. Also, since Kaspersky Security Center is used in the organization, Network Agent must be installed on this computer. Then, after the image is deployed on a computer, it will immediately connect to the Administration Server. Therefore, we will use a computer with pre-installed Network Agent in this task. Preparatory actions are not necessary before capturing the image. After the image is deployed to a new computer, Network Agent will automatically detect that the equipment has changed and will generate a new identifier for the Administration Server. This identifier will tell the Administration Server that it is a new computer.
Security-Center Reference 1. 2. 3. Run the Administration Console Open the Remote installation container, Installation packages node Boot up the computer named Reference
4.
Click Create installation package
L9.86
Security-Center Reference
5.
On the Select installation package type page, click Create installation package based on OS image of reference computer
6. 7.
On the subsequent page, click Next Type Capture Windows 8 Image for the task name and click Next
8.
On the Settings page, in the Installation package name field, type Windows 8 Enterprise English for the package name Click the Browse button next to the Computer of which the OS image will be taken field and select the Reference computer in the Managed computers\Reference group
9.
10. Clear the Create backup copy of the computer state check box 11. Click the Browse button next to the Shared folder for storing images field and select the shared folder where the image will be saved: \\Security-Center\Pub
L9.87
Security-Center
Reference
12. Specify the account that has the Write permission on the selected shared folder: username ABC\Administrator, password Ka5per5Ky, and click Next
13. On the Selecting account to start the task page, click Next
14. On the following page, click Next
L9.88
15. Click Finish
16. On the Reference computer, log on to the ABC\dummy account, password Ka5per5Ky
17. Double-click the Desktop widget in the lower-left corner of the window 18. Wait for the restart message
L9.89
Security-Center
Reference
19. Click Restart 20. Wait for the computer to start to a Command Prompt and run the image capturing script
21. Wait for the Capturing of image was started status of the Capture Windows 8 Image task
22. Click View results and look through the current task execution results
L9.810
23. The task will complete in 1 or 2 hours
Conclusion
In this lab we captured an operating system image to be deployed across the network. The Network Agent is not actually required to be installed on the computer; the only requirement is knowing an administrators credentials. However, since the computer should have all the necessary programs installed, we may say that Network Agent is also a pre-requisite. The administrator need not prepare the computer for image capturing anyhow. All actions are performed automatically. If software is regularly updated on the standard computer and the image should also be updated, the image capture task can be scheduled to automatically start weekly or monthly.
L9.91
Lab 9.9. Deploying Operating System
Lab 9.9
Deploying Operating System

Lab objective. Deploy an operating system from the created image using Kaspersky Security Center 10. Scenario. You are an Anti-Virus security administrator in ABC company, where Kaspersky Security Center 10 is used for managing client computers. The company migrates to Windows 8 and your task is to deploy the new operating system both on old and new computers. You already created an image of Windows 8 with installed programs, and now you need to deploy the image to the computers using Kaspersky Security Center 10. Contents. In this lab we will: 1. 2. Install the Windows 8 image to the managed computers Install the Windows 8 image to bare metal computerscomputers without an operating system
Preparation
Turn on DC computer. Security-Center
1. 2.
Boot up the computer named Security-Center Log on to the abc\Administrator account, passwordKa5per5Ky Desktop
3. 4.
Boot up the computer named Desktop Log on to the abc\Alex account, password Ka5per5Ky
Task 1
Deploy the image to the managed computers

In this task you will deploy the Microsoft Windows 8 image to the managed computers. The image contains an installed Network Agent with configured Administration Server connection settings, and the computer will be manageable right after the installation.
L9.92
Security-Center Desktop 1. Run Kaspersky Security Center Administration Console Expand the Remote installation container and open the Installation packages node On the shortcut menu of the Windows 8 Enterprise English installation package, select Install application
2.
3.
4.
On the Selecting computers for installation page, click Select computers for deployment
L9.93
Security-Center
Desktop
5.
Select the Desktop computer in the Workstations\Desktops group and click Next
6. 7.
On the subsequent page, click Next On the page where the action in case of restart is to be selected, leave the default choice and click Next
L9.94
8.
On the Selecting account to access the computer page, click Next
9.
On the subsequent page, click Next
10. On the Starting installation page, also click Next
L9.95
Security-Center
Desktop
11. Make sure that the task is running
12. On the Desktop computer, wait for the restart message
13. Click Restart 14. Wait for automatic start of the script that installs the system from an image
L9.96
15. After this process finishes, Windows 8 operating system will boot (this may take more than 5 minutes). Wait for the license agreement to appear
16. Select the I accept the license terms for using Windows checkbox and click Accept
L9.97
Security-Center
Desktop
17. Type Desktop for the computer name
18. Click Next
L9.98
19. Click Use express settings
L9.99
Security-Center
Desktop
20. Click Sign in with a Microsoft account at the bottom
L9.910
21. Click Local account
L9.911
Security-Center
Desktop
22. On the account setup page, type: User name: Alex Password: Ka5per5Ky Reenter password: Ka5per5Ky Password hint: Eugene (or whatever you prefer, as Eugene is blatantly a non-secure hint)
23. Click Finish
L9.912
24. On the Security-Center computer, make sure that the task is completed
25. Open the Workstations\Desktops group and switch to the Computers tab
26. Note that the Desktop computer is disconnected from the network
L9.913
Security-Center
Desktop
27. Open the properties of the Desktop computer
28. Note the warning that there are other computers having the same name in the network 29. Click View in the warning area
30. Right-click the computer in the table and select All tasks, Move to group on the shortcut menu
31. In the Select group window, select the Desktops group and click OK 32. Click the Close button to close the table 33. Close the Properties: Desktop window
L9.914
34. On the Computers page, click Refresh
35. Make sure that there are two computers named Desktop in the group nowone disconnected from the server running Windows 7 operating system, and another one connected to the server running Windows 8 operating system 36. Delete the Desktop computer with Windows 7 operating system
L9.915
Task 2
Deploy the image to a new machine without an operating system

In this task you will install the Microsoft Windows 8 operating system from the created image to bare metal using Kaspersky Security Center. The main condition of a bare metal installation is the availability of a PXE server that starts client computers at a command prompt over the network, and a DHCP server that informs the computer about the network parameters, which is a must for loading the image from the Administration Server.
Security-Center Bare_Metal 1. Boot up the computer named Bare_Metal
2.
Make sure that an operating system is not installed there Write down or remember the MAC address of the computer, which is written on its screen (CLIENT MAC ADDR)
3.
L9.916
Security-Center Bare_Metal
4.
On the Administration Server, expand the Remote installation container and open the Deploying computer images node
5.
Click Manage the list of PXE servers in the network
L9.917
Security-Center
Bare_Metal
6.
Click Add and select the Security-Center computer from the Servers group
7. 8.
Click OK In the PXE server properties window, click OK too
9.
Make sure that Security-Center has appeared in the list of PXE servers and click OK
10. Click Add MAC address of target computer 11. Type the MAC address of the Bare_Metal computer (the address elements should be separated by colons or hyphens)
12. Click OK
L9.918
13. Right-click the added computer and select Assign OS image installation package on its shortcut menu
14. Select the Windows 8 Enterprise English installation package and click OK
L9.919
Security-Center
Bare_Metal
15. Restart the Bare_Metal computer 16. Wait for the computer to boot at a command prompt over the network and for the image deployment script to start
17. When Windows 8 starts, repeat steps 15-23 of Task 1, name the computer Desktop2 and specify the John username with Ka5per5Ky password 18. Right-click the Administration Server node and select Search on its shortcut menu 19. In the Search window, type Desktop2 in the Computer Name field and click Find now
20. On the shortcut menu of the found computer, select All tasks, Move to group
L9.920
21. In the Select group window, specify the Workstations, Desktops group
22. Click OK and close the Search window 23. Open the Desktops group
24. Make sure that both computers Desktop and Desktop2, which are installed from the same image, are simultaneously connected to the Administration Server
Conclusion
In this lab we remotely installed operating system from a previously created image. This mechanism can be used both for upgrading the operating system on managed computers and for deploying software to new computers. The key elements for image deployment are a DHCP server, which sends network parameters to the computers started at a command prompt, and a PXE server, which allows starting the computers without an operating system over the network.
V 2.1

KL 009.10 Systems Management Eng Labs v.2.1 Unlocked

Uploaded by

Copyright:

Available Formats

KL 009.10 Systems Management Eng Labs v.2.1 Unlocked

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KL 009.10 Systems Management Eng Labs v.2.1 Unlocked

Uploaded by

Copyright:

Available Formats

Version 2.

Kaspersky Lab www.kaspersky.com

Managing Licenses of Applications by Other Manufacturers

Activate the Systems Management functionality

Security-Center 1. Run the Administration Console

Close the Administration Server properties window

12. Click Cancel 13. Restart the Administration Console

Create a group of licensed applications

Click Add a group of licensed applications

Type Perforce for the group name

In the Selecting a key window, click Add

12. Click OK twice

Generate a report and configure notifications

On the subsequent page, click Finish

10. Close the Administration Server properties window

Installing Windows Updates

Create update download and installation tasks

10. Wait until the tasks are created

18. Click OK and wait for the policy to be enforced

Synchronize with Windows Update servers

Security-Center 1. Open the Administration Server tasks container

Switch to the Update languages section

Select only English (United Kingdom) and English (United States)

Find vulnerabilities and application updates

Install critical updates on the workstations

14. Look through the report

Fixing Program Vulnerabilities

Create a vulnerability fix task for a third-party application

10. In the Text field, type *firefox* and press ENTER

13. Switch to the Computers section

20. Click Next

24. Select to Install approved updates only

26. Click Next in three windows

27. Click Finish

Fix the vulnerabilities

Security-Center 1. 2. Run the created task Wait for it to complete

Note that the window is empty

Select the Show computers with fixed vulnerability checkbox

Note that the vulnerability was fixed on the Desktop computer

Installing Programs by Other Manufacturers

Create an installation package for Skype

Type Skype for the package name

16. Click Finish

Start the remote installation task and interpret the results

Security-Center 1. 2. Right-click the Skype installation package Click Install application

Click the Select computers for deployment button

Select the Desktop computer and click Next

Manually Prohibit Network Access to Device

Install the Network Access Control components

Security-Center 1. Click Start, Control Panel, Uninstall a program

Select the Network Access Control check box

Click Modify Wait for the installation to complete

Enable the Network Access Control subsystem

13. Click OK 14. Wait for the policy to be enforced

Block a computer manually

Right-click the Partner computer

Click Block device

On the Partner computer, start Internet Explorer Go to www.google.com

7. 8. Right-click the Partner computer

10. In the Text field, type firefox and press ENTER