INSTALLATION HANDS-ON About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving you the possibility to consult step-by-step instructions. Each given task will be divided into two sections • Actual Task • Conditions, goals and short instructions • Allowing you to work independently • Detailed instructions (step-by-step work through) • In case you can not come up with own solutions Page 2 Task Overview 1. Policy Manager deployment (incl. PMS, PMC and AUSYS) 2. Console initialization and initial configuration 3. AVCS 6.x rollout Page 3 Infrastructure Your environment consists of two computers • Windows 2003 Standard Server (SP3) • Windows XP Professional (SP2) Network • 100 Mbit Ethernet, supporting TCP/IP • C-class network (192.168.100.0/24) Root Update Server XP Pro SP2 2003 Server Page 4 Task 1 Install Policy Manager with all necessary components (not FSAVCS yet) on a single computer • Is such an installation possible in this environment? If needed, the next pages will provide you with a step-by-step walkthrough => After installation is completed, continue on to page 19 Once you have a clear plan how to proceed, install the products and configure it as follows • Limit access to the PMS admin module to local host (use the default ports during installation) Root Update Server XP Pro SP2 2003 Server Page 5 Policy Manager Installation Walk-Through Insert the F-Secure Product CD (old screenshot!) • Select ”F-Secure Policy Manager” Page 6 Policy Manager Installation Walk-Through Choose the installation language • Click “Next” Page 7 Policy Manager Installation Walk-Through Read the F-Secure License Terms and accept the agreement • Click ”Next” Page 8 Policy Manager Installation Walk-Through Accept Custom installation • Click “Next” Page 9 Policy Manager Installation Walk-Through Also here accept default selections • Click “Next” Page 10 Policy Manager Installation Walk-Through Default installation path C:\Program Files\F-Secure is fine • Click “Next” Page 11 Policy Manager Installation Walk-Through There is no old Policy Manager installed, so accept the default • Click ”Next” Page 12 Policy Manager Installation Walk-Through Accept the default Port Numbers • Click ”Next” Page 13 Policy Manager Installation Walk-Through Select F-Secure Anti-Virus Client Security 6.x • Click ”Next” Page 14 Policy Manager Installation Walk-Through Necessary setup information has been collected. System is ready for installation • Click “Start” Page 15 Policy Manager Installation Walk-Through Installation in process. Do not restart the system until 100 % completed • Might take some minutes Page 16 Policy Manager Installation Walk-Through Components have been installed • Click “Next” Page 17 Policy Manager Installation Walk-Through Installation finished successfully • Click “Finish” Page 18 Task 1 Completed F-Secure Policy Manager is now installed • Check the Server Status • Start/Status Monitor • Both Apache modules should have Status: OK • Web Reporting Module will still show an error, because we didn’t initialize the console yet Initializing and configuring the console will be your next task Page 19 Task 2 Initialize and configure Policy Manager Console • Start the Console and go through the initialization process • After that, configure the console as follows • Rename the Root domain to F-Secure • Restrict all user settings (try to find the easiest way) • Define the Policy Manager host communication address • Note: The address defined during the console initialization is the administration module address • Change the server polling interval to 10 seconds (incoming and outgoing requests) • Distribute policies! Task continues on next page… Page 20 Task 2 Perform a general system check • Are all modules working properly? • What does the status monitor say? • Try out the web reporting, does it work? Try to complete this task independently • If needed, next pages will provide you with a step-by-step walk through => If you managed to complete this task, continue on page 36 Page 21 Console Initialization Walk-Through Start Policy Manager from Start menu for initialization • Click “Next” Page 22 Console Initialization Walk-Through Select Administrator mode • Click “Next” Page 23 Console Initialization Walk-Through Accept default • Click “Next” Page 24 Console Initialization Walk-Through Select the location of the key-pair. Defaults are ok. • Click ”Next” Page 25 Console Initialization Walk-Through Create administrator’s cryptographic keys • Move the cursor until the next dialogue box appears Page 26 Console Initialization Walk-Through Enter the administrative password. Use “password” in this hands-on • Click “Next” Page 27 Console Initialization Walk-Through Click ”Finish” Page 28 Console Initialization Walk-Through First Policy Manager Console launch • By default, Policy Manager Console is run in the Anti-Virus Administration mode (AV mode) Policy Manager is now initialized and ready to use Next step is the console configuration and first policy distribution Page 29 Initial Console Configuration Walk-Through Rename the root domain • Right-click the root domain • Select Domain/Host Properties • Rename “Root” to “F-Secure” After that start fine tuning the communication settings • Click Centralized Management tab Page 30 Initial Console Configuration Walk-Through Prevent user from changing most important settings • Click “Do not allow users to change settings…” Page 31 Initial Console Configuration Walk-Through Define communication settings • Set Policy Manager Server address (IP address of your PMS computer) • Set both polling intervals to 10 seconds Page 32 Initial Console Configuration Walk-Through Distribute the Policy, select File/Distribute (or press CTRL + D) Page 33 System Status Check Overall Check the status of the Policy Manager Server • From the start menu: Start/Programs/F-Secure Policy Manager Server/Status Monitor • The Web Reporting error should now be fixed Page 34 System Status Check (Optional) Web Reporting Open Report web interface • From the start menu: Start/Programs/F-Secure Policy Manager Server/FSecure Policy Manager Web Reporting Page 35 Task 2 completed Policy Manager initialization and configuration has been finalized • The next task will be F-Secure Anti-Virus Client Security 6 rollout Root Update Server XP Pro SP2 F-Secure PMS / PMC Page 36 Task 3 Install AVCS 6.x on your client computer running Windows XP SP2 • Is the installation possible without any changes to the host? • Any conflicting software installed on the target system? • Which rollout method is best suited for this environment? • Which methods are possible? • Is there a firewall installed on the host preventing certain rollout methods? Task continues on next page… Page 37 Task 3 Once you have a clear plan on how to rollout AVCS 6.x, and you have checked all issues mentioned on the previous page, go ahead with the rollout Try to complete this task independently • If needed, the next pages will provide you with a step-by-step walk through => If you managed to complete this task and your client has rebooted, continue on page 61 Page 38 Pre-Rollout Checks Check your target host for installed conflicting software • Check if there is conflicting software installed on the computer • If there is, check if that product is automatically detected and removed by F-Secure Sidegrade Function • Important: Always check all your hosts for conflicting software before your start any rollout Page 39 Pre-Rollout Checks If the XP Firewall on your host is enabled: • F-Secure Intelligent Installations requires certain inbound traffic allowed on target host (TCP 135 and 445) • Try to connect to the ports from your PMS • Open the command prompt and telnet the ports • There will be no response, so you need to allow the above mentioned protocols on your target host • Try to come up with a solution, without disabling the firewall! Page 40 XP Firewall Configuration Configure XP SP2 firewall exceptions • Allow “File and Printer Sharing” • Press “Edit” • Enable SMB only (TCP 445) • Disable all other ports • Create a new service and allow RPC • Press “Add Port” • Name: RPC, Port number: 135 • Confirm by pressing OK Page 41 Remote Installation Walk-Through Select ”Installation” tab on the editor pane • Click “Autodiscover Windows hosts…” Page 42 Remote Installation Walk-Through Select your target host from the list • Click “Install” Page 43 Remote Installation Walk-Through Select F-Secure Anti-Virus Client Security 6.x • Click “Next” Page 44 Remote Installation Walk-Through Check that F-Secure Anti-Virus for Client Security 6.x is the only selection • Click “Next” Page 45 Remote Installation Walk-Through Include the policy from your root domain “F-Secure” • Click “Next” Page 46 Remote Installation Walk-Through Accept the default domain account • Domain administrator account will be used to access the target host • Click “Next” Page 47 Remote Installation Walk-Through Check the installation details, correct if necessary (“Back” button) • Click “Start” Page 48 Remote Installation Walk-Through Click “Next” Page 49 Remote Installation Walk-Through Instructor will provide you with the correct keycode • After typing the keycode, click “Next” Page 50 Remote Installation Walk-Through Install Virus Protection, E-mail scanning and Internet Shield • Click ”Next” Page 51 Remote Installation Walk-Through Select the language the product will use • Click “Next” Page 52 Remote Installation Walk-Through Choose centrally managed installation • Click “Next” Page 53 Remote Installation Walk-Through Specify your Policy Manager Server’s URL • Click “Next” Page 54 Remote Installation Walk-Through No need to add a custom property at this stage • Click ”Next” Page 55 Remote Installation Walk-Through At this point you will be able to choose whether to remove conflicting software automatically • Accept the default setting • Click “Next” Page 56 Remote Installation Walk-Through Select “Restart after installation, in” • Change the countdown to 1 minute • Type a reboot message • Click “Finish” Page 57 Remote Installation Walk-Through Wait while Intelligent Installation creates the distribution package • This step might take some minutes (depending on your system) • Do not press “Cancel” Page 58 Remote Installation Walk-Through F-Secure Setup will start and install AVCS 6.x to your computer Wait until the Reboot message appears on your screen • Don’t reboot yet, minimize the window Page 59 Remote Installation Walk-Through The ”Installation progress” window shows you if the installation has finished successfully • Close this window • Also close the autodiscover wizard window • Distribute policies! • Close Policy Manager Console On the other computer, open the reboot dialogue again and click reboot Page 60 System Status Check After the reboot • Open F-Secure Anti-Virus Client Security 6.x by double-clicking the F-Secure icon in the system tray • Click “Central Management” • Check Last connection and Policy file counter Page 61 Task 3 Completed Congratulations! You have successfully finished the Installation hands-on Root Update Server F-Secure AVCS 6 F-Secure PMS / PMC Page 62