•installing application software to local and remote systems,
•monitoring the activities of all systems in the enterprise to ensure
compliance with corporate policies and centralized control.
When the system has been set up, you can see status information from
the entire managed domain in one single location. In this way it is very
easy to make sure that the entire domain is protected, and to modify the
protection settings when necessary. You can also restrict the users from
making changes to the security settings, and be sure that the protection
is always up-to-date.
8 | F-Secure Policy Manager | Introduction
System requirements
This section provides the system requirements for both Policy Manager Server and Policy Manager Console.
Policy Manager Server
In order to install Policy Manager Server, your system must meet the minimum requirements given here.
Microsoft Windows:Operating system:
•Microsoft Windows Server 2003 SP1 or higher
(32-bit); Standard, Enterprise, Web Edition or Small
Business Server editions
•Windows Server 2003 SP1 or higher (64-bit);
Standard or Enterprise editions
•Windows Server 2008 SP1 (32-bit); Standard,
Enterprise or Web Server editions
•Windows Server 2008 SP1 (64-bit); Standard,
Enterprise, Web Server, Small Business Server or
Essential Business Server editions
•Windows Server 2008 R2; Standard, Enterprise or
Web Server editions
Disk space:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts or using Web
Reporting requires P4 3 GHz level processor or faster.
512 MB RAM, 1 GB RAM recommended.Memory:
Managing more than 5000 hosts or using Web
Reporting requires 1 GB RAM.
5 GB of free hard disk space; 8 GB or more is
recommended. The disk space requirements depend
on the size of the installation.
In addition to this it is recommended to allocate about
1 MB per host for alerts and policies. The actual disk
space consumption per host is hard to anticipate, since
it depends on how the policies are used and how many
installation packages are stored.
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit
network.
Policy Manager Console
In order to install Policy Manager Console, your system must meet the minimum requirements given here.
F-Secure Policy Manager | Introduction | 9
Microsoft Windows:Operating system:
•Windows XP Professional (SP2 or higher)
•Windows Vista (32-bit or 64-bit) with or without
SP1; Business, Enterprise or Ultimate editions
•Windows 7 (32-bit or 64-bit); Professional,
Enterprise or Ultimate editions
•Microsoft Windows Server 2003 SP1 or higher
(32-bit); Standard, Enterprise, Web Edition or Small
Business Server editions
•Windows Server 2003 SP1 or higher (64-bit);
Standard or Enterprise editions
•Windows Server 2008 SP1 (32-bit); Standard,
Enterprise or Web Server editions
•Windows Server 2008 SP1 (64-bit); Standard,
Enterprise, Web Server, Small Business Server or
Essential Business Server editions
•Windows Server 2008 R2; Standard, Enterprise or
Web Server editions
Display:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts requires P4 3 GHz
processor or faster.
512 MB of RAM.Memory:
Managing more than 5000 hosts requires 1 GB of
memory.
200 MB of free hard disk space.Disk space:
Minimum 16-bit display with resolution of 1024x768
(32-bit color display with 1280x1024 or higher
resolution recommended).
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit
network.
10 | F-Secure Policy Manager | Introduction
Main components
The power of Policy Manager lies in the F-Secure management architecture, which provides high scalability
for a distributed, mobile workforce.
Policy Manager
Console
Policy Manager
Server
Management
Agent
Policy Manager Console provides a centralized management console for the security of
the managed hosts in the network. It enables the administrator to organize the network
into logical units for sharing policies. These policies are defined in Policy Manager Console
and then distributed to the workstations through Policy Manager Server. Policy Manager
Console is a Java-based application that can be run on several different platforms. It can
be used to remotely install the Management Agent on other workstations without the
need for local login scripts, restarting, or any intervention by the end user.
Policy Manager Console includes two different user interfaces:
•Anti-virus mode user interface that is optimized for managing Client Security and
Anti-virus for Workstations.
•Advanced mode user interface that can be used for managing other F-Secure
products.
Policy Manager Server is the repository for policies and software packages distributed
by the administrator, as well as status information and alerts sent by the managed hosts.
Communication between Policy Manager Server and the managed hosts is accomplished
through the standard HTTP protocol, which ensures trouble-free performance on both
LAN and WAN.
Management Agent enforces the security policies set by the administrator on the managed
hosts, and provides the end user with a user interface and other services. It handles all
management functions on the local workstations and provides a common interface for
all F-Secure applications, and operates within the policy-based management infrastructure.
Web Reporting
Update Server &
Agent
Web Reporting is an enterprise-wide, web-based graphical reporting system included in
Policy Manager Server. With Web Reporting you can quickly create graphical reports
based on historical trend data, and identify computers that are unprotected or vulnerable
to virus outbreaks.
Update Server & Agent are used for updating virus and spyware definitions on the
managed hosts, and are included in Policy Manager Server. The Automatic Update Agent
allows users to receive virus definition database updates and data content without
interrupting their work to wait for files to download from the web. It downloads files
automatically in the background using bandwidth not being used by other Internet
applications. If Automatic Update Agent is always connected to the Internet, it will
automatically receive new virus definition updates within about two hours after they have
been published by F-Secure.
Features
Some of the main features of Policy Manager are described here.
F-Secure Policy Manager | Introduction | 11
Software distribution
Configuration and policy
management
Event management
Performance management
•Installation of F-Secure products on hosts from one central location, and
updating of executable files and data files, including virus definitions updates.
•Updates can be provided in several ways:
•From an F-Secure CD.
•From the F-Secure web site to the customer. These can be automatically
‘pushed’ by Automatic Update Agent, or voluntarily ‘pulled’ from the
F-Secure web site.
•Policy Manager Console can be used to export pre-configured installation
packages, which can also be delivered using third-party software, such as
SMS and similar tools.
•Centralized configuration of security policies. The policies are distributed
from Policy Manager Server by the administrator to the user’s workstation.
Integrity of the policies is ensured through the use of digital signatures.
•Reporting to the Event Viewer (local and remote logs), e-mail, and report
files and creation of event statistics.
•Statistics and performance data handling and reporting.
Task management
•Management of virus scanning tasks and other operations.
12 | F-Secure Policy Manager | Introduction
Product registration
You have the option of providing F-Secure with information regarding the use of Policy Manager by registering
your product.
The following questions and answers provide some more information about registering your installation of
Policy Manager. You should also view the F-Secure license terms
(http://www.f-secure.com/en_EMEA/estore/license-terms/) and privacy policy
(http://www.f-secure.com/en_EMEA/privacy.html).
Why does F-Secure collect data?
In order to improve our service, we collect statistical information regarding the use of F-Secure products. To
help F-Secure provide better service and support, you can allow us to link this information to your contact
information. To allow this, please enter the customer number from your license certificate during the installation
of Policy Manager.
What information is sent?
We collect information that cannot be linked to the end user or the use of the computer. The collected
information includes F-Secure product versions, operating system versions, the number of managed hosts
and the number of disconnected hosts. The information is transferred in a secure and encrypted format.
What do I benefit from submitting information to F-Secure?
When you contact our support, we can provide a solution to your problem more quickly based on the information
collected. In addition, with this information we can further develop our product and services to match the
needs of our customers even better.
Where is the information stored and who can access it?
The data is stored in F-Secure's highly secured data center, and only F-Secure's assigned employees can
access the data.
F-Secure Policy Manager | Introduction | 13
Policy-based management
A security policy is a set of well-defined rules that regulate how sensitive information and other resources are
managed, protected, and distributed.
The management architecture of F-Secure software uses policies that are centrally configured by the
administrator for optimum control of security in a corporate environment. Policy-based management implements
many functions:
•Remotely controlling and monitoring the behavior of the products.
•Monitoring statistics provided by the products and the Management Agent.
•Remotely starting predefined operations.
•Transmission of alerts and notifications from the products to the system administrator.
The information flow between Policy Manager Console and the hosts is accomplished by transferring policy
files. There are three kinds of policy files:
•
Default policy files (.dpf)
•
Base policy files (.bpf)
•
Incremental policy files (.ipf)
The current settings of a product consist of all three policy file types:
Default policy
files
Base policy files
Incremental
policy files
The default policy file contains the default values (the factory settings) for a single
product that are installed by the setup. Default policies are used only on the host. If
neither the base policy file nor the incremental policy file contains an entry for a variable,
then the value is taken from the default policy file. New product versions get new versions
of the default policy file.
Base policy files contain the administrative settings and restrictions for all the variables
for all F-Secure products on a specific host (with domain level policies, a group of hosts
may share the same file). A base policy file is signed by Policy Manager Console,
protecting the file against changes while it is passing through the network and while it
is stored in the host’s file system. These files are sent from Policy Manager Console to
Policy Manager Server. The host periodically polls for new policies created by Policy
Manager Console.
Incremental policy files are used to store local changes to the base policy. Only changes
that fall within the limits specified in the base policy are allowed. The incremental policy
files are then periodically sent to Policy Manager Console so that current settings and
statistics can be viewed by the administrator.
Management Information Base
The Management Information Base (MIB) is a hierarchical management data structure used in the Simple
Network Management Protocol (SNMP).
In Policy Manager, the MIB structure is used for defining the contents of the policy files. Each variable has
an Object Identifier (OID) and a value that can be accessed using the Policy API. In addition to basic SNMP
MIB definitions, the F-Secure MIB concept includes many extensions that are needed for complete policy-based
management.
The following categories are defined in a product’s MIB:
Settings
Used to manage the workstation in the manner of an SNMP. The managed
products must operate within the limits specified here.
Delivers product statistics to Policy Manager Console.Statistics
14 | F-Secure Policy Manager | Introduction
Operations
Private
Traps
Operations are handled with two policy variables: (1) a variable for transferring
the operation identifier to the host, and (2) a variable for informing Policy
Manager Console about the operations that were performed. The second
variable is transferred using normal statistics; it acknowledges all previous
operations at one time. A custom editor for editing operations is associated
with the subtree; the editor hides the two variables.
The management concept MIBs may also contain variables which the product
stores for its internal use between sessions. This way, the product does not
need to rely on external services such as Windows registry files.
Traps are the messages (including alerts and events) that are sent to the
local console, log file, remote administration process, etc. The following types
of traps are sent by most F-Secure products:
Info. Normal operating information from a host.
Warning. A warning from the host.
Error. A recoverable error on the host.
Fatal error. An unrecoverable error on the host.
Security alert. A security hazard on the host.
Installing the product
Chapter
2
Topics:
•
Security issues
•
Installing Policy Manager in
high-security environments
•
Installation order
•
Installing Policy Manager Server
•
Changing the communication
directory path
•
Installing Policy Manager Console
•
Changing the web browser path
•
Uninstalling the product
Here you will find instructions for installing the main product components;
Policy Manager Server and Policy Manager Console.
16 | F-Secure Policy Manager | Installing the product
Security issues
Policy Manager Server utilizes Apache Web Server and Jetty Web Server technology, and even though we
do the utmost to deliver secure and up-to-date technology we advise you to regularly consult the following
sites for information on Apache and Jetty technology and security.
The most up to date information on security issues related to operating systems and Apache web server can
be found at the CERT web site: http://www.cert.org.
A document containing advice on how to secure an installation of the Apache web server is available at
http://www.apache.org/docs/misc/security_tips.html and a list of vulnerabilities at
http://www.apacheweek.com/features/security-13.
You will find a list of Jetty security reports at http://docs.codehaus.org/display/JETTY/Jetty+Security.
Note: You will find important information about installation and security in the release notes. Read these
notes carefully.
F-Secure Policy Manager | Installing the product | 17
Installing Policy Manager in high-security environments
Policy Manager is designed to be used in internal corporate networks mainly for managing F-Secure anti-virus
products, and should not be used over public networks such as the Internet.
Note: When installing Policy Manager in high-security environments, you should make sure that the
administration port (by default port 8080) and the host port (by default port 80) are not visible on the
Internet.
Built-in security features
Policy Manager has built-in security features that ensure detection of changes in the policy domain structure
and policy data. More importantly, it is impossible to deploy unauthorized changes to managed hosts. Both
these features rely on a management key pair that is available to administrators only. These features, based
on strong digital signatures, will in most cases provide the right balance between usability and security in
most antivirus installations, but the following features may require additional configuration in high-security
environments:
•By default, all users can access Policy Manager Server in read-only mode but are only able to view the
management data. This is a convenient way of sharing information to users who are not allowed full
administrative rights. Multiple users can keep a read-only session open simultaneously, monitoring the
system status without affecting other administrators or managed hosts in any way.
•To enable easy migration to new management keys, it is possible to re-sign the policy domain structure
and policy data with a newly generated or previously existing key pair. If this is done accidentally, or
intentionally by an unauthorized user, the authorized user will notice the change when he tries to log in to
Policy Manager the next time. In the worst case, the authorized user needs to recover backups in order
to remove the possible changes made by the unauthorized user. In any case, the policy domain structure
and policy data changes will be detected, and there is no way to distribute the changes to managed hosts
without the correct original key pair.
Both of these features may be undesirable in a high-security environment where even seeing the management
data should be restricted. As an alternative, Policy Manager Console and Policy Manager Server can be
installed on the same machine, and access limited to the localhost. Remote administrator access to Policy
Manager Console can be arranged by using a secure remote desktop product.
Web Reporting in high-security environments
Web Reporting is designed to be used in internal corporate networks for generating graphical reports of, for
example, Client Security virus protection status and alerts. F-Secure does not recommend using Web Reporting
over public networks such as Internet.
An alternative for high-security environments is to limit access to Web Reporting to localhost only during the
installation. After this, only the person who has physical access to the localhost can use Web Reporting.
18 | F-Secure Policy Manager | Installing the product
Installation order
You should install Policy Manager components in a specific order when installing them on separate machines.
To install Policy Manager, please follow this installation order (unless you are installing Policy Manager Server
and Policy Manager Console on the same machine, in which case setup installs all components during the
same installation process):
1. Policy Manager Server,
2. Policy Manager Console,
3. managed point applications.
F-Secure Policy Manager | Installing the product | 19
Installing Policy Manager Server
This section contains instructions for installing Policy Manager Server.
To install Policy Manager Server, you need physical access to the server machine.
Policy Manager Server is the link between Policy Manager Console and the managed hosts and acts as the
repository for policies and software packages distributed by the administrator, as well as status information
and alerts sent by the managed hosts.
Communication between Policy Manager Server and other components can be achieved through the standard
HTTP protocol, which ensures trouble-free performance on LAN and global networks.
The information stored by Policy Manager Server includes the following files:
•Policy domain structure.
•Policy data, which is the actual policy information attached to each policy domain or host.
•Base policy files generated from the policy data.
•Status information, including incremental policy files, alerts, and reports.
•Autoregistration requests sent by the hosts.
•Product installation and virus definition database update packages.
•Statistics and historical trend data about the hosts.
Download and run the installation package
The first stage in installing Policy Manager is to download and run the installation package.
To begin installing the product:
1.
Download the installation package from www.f-secure.com/webclub.
You will find the file in the Download section of the Policy Manager page.
2. Double-click the executable file to begin installation.
Setup begins.
3. Select the installation language from the drop-down menu and click Next to continue.
4. Read the license agreement information, then select I accept this agreement and click Next to continue.
Select components to install
The next stage is to select the product components to install.
To continue installing the product:
1. Select the components to install and click Next to continue.
•Select both Policy Manager Server and Policy Manager Console to install both components on the
same machine.
•Select Policy Manager Server if you want to install Policy Manager Console on a separate machine.
2. Choose the destination folder and then click Next.
It is recommended to use the default installation directory. If you want to install the product in a different
directory, you can click Browse and select a new directory.
Note: If you have Management Agent installed on the same machine, this window will not be shown.
3. Enter your customer number and then click Next.
You can find your customer number in the license certificate provided with the product.
20 | F-Secure Policy Manager | Installing the product
4. If setup does not detect any previous installation of Policy Manager, it asks you to confirm if a previous
installation of the product exists:
•If a previous version has been installed, select I have an existing F-Secure Policy Manager
installation. Enter the communication directory path of the installed Policy Manager. The contents of
this directory will be copied under <server installation directory>\commdir\(communication
directory under the Policy Manager Server installation directory), and this will be the directory that
Policy Manager Server will use as a repository. You can use the previous commdir as a backup, or
you can delete it once you have verified that Policy Manager Server is correctly installed.
•If no previous version has been installed, select I do not have an existing F-Secure Policy Manager.
This will not require an existing commdir, and will create an empty commdir in the default location
(under <F-Secure Policy Manager 5 installation directory>\commdir).
5. Click Next to continue.
6. Select whether you want to keep the existing settings or change them:
Note: This dialog is displayed only if a previous installation of Policy Manager Server was detected
on the computer.
•By default the setup keeps the existing settings. Select this option if you have manually updated the
Policy Manager Server configuration. This option automatically keeps the existing administration, host
and web reporting ports.
•If you want to change the ports from the previous installation, select Change settings. This option
overwrites the edited configuration and restores the default settings.
7. Click Next to continue.
8. Select the Policy Manager Server modules to enable:
•The Host module is used for communication with the hosts. The default port is 80.
•The Administration module is used for communication with Policy Manager Console. The default
HTTP port is 8080.
Note: If you want to change the default port for communication, you will also need to change the
HTTP Port Number setting in Policy Manager Console.
By default, access to the Administration module is restricted to the local machine. This is the most
secure way to use the product. When using a connection over a network, please consider securing the
communication with F-Secure SSH.
•The Web Reporting module is used for communication with Web Reporting. Select whether it should
be enabled. Web Reporting uses a local socket connection to the Administration module to fetch
server data. The default port is 8081.
By default, access to Web Reporting is allowed also from other computers. If you want to allow access
only from this computer, select Restrict access to the local machine.
9. Click Next to continue.
10. Select the product installation package(s) to install from the list of available packages, then click Next to
continue.
Complete installation of the product
The next stage is to complete the installation of the product.
1. Review the changes that setup is about to make, then click Start to start installing the selected components.
When completed, the setup shows whether all components were installed successfully.
2. Click Finish to complete the installation.
F-Secure Policy Manager | Installing the product | 21
3. Restart your computer if you are prompted to do so.
Check that the installation was successful
The next stage is to check that the product was installed correctly.
To determine if your installation was successful:
1. Open a web browser on the machine where Policy Manager Server was installed.
2. Enter http://localhost:8080 as the address (if you used the default admin port number during the
installation) and press Enter.
If the server installation was successful, a welcome page will be displayed.
Note: Policy Manager Server starts serving hosts only after Policy Manager Console has initialized the
Communication directory structure, which happens automatically when you run Policy Manager Console
for the first time.
22 | F-Secure Policy Manager | Installing the product
Changing the communication directory path
If the existing network drive on which the communication directory is located is getting full, you can change
its location by using these instructions.
To change the communication directory path:
1. Choose a new network path on a drive with more space.
2. Create the path and ensure that the Local Service user has full control access rights to all the directories
on the path.
3. Stop the Policy Manager Server service.
4. Copy the whole directory structure from the old commdir path to the new path.
5. Change the value for the CommDir and CommDir2 directives in httpd.conf (in the <Policy Manager
Server installation directory>\conf\ directory).
The default configuration contains the following configuration:
CommDir "C:\Program Files\F-Secure\Management Server 5\CommDir"
CommDir2 "C:\Program Files\F-Secure\Management Server 5\CommDir"
If you want to change the communication directory location to E:\CommDir, change the directives to
reflect that configuration. For example:
CommDir "E:\CommDir"
CommDir2 "E:\CommDir"
6. Start the Policy Manager Server service.
7. Check that everything still works.
8. Delete the old commdir files.
F-Secure Policy Manager | Installing the product | 23
Installing Policy Manager Console
This section contains instructions for installing Policy Manager Console.
Policy Manager Console can operate in two modes:
•Administrator mode - you can use Policy Manager Console to its full extent.
•Read-only mode - you can view Policy Manager Console information but cannot perform any administrative
tasks (this mode is useful, for example, for helpdesk personnel).
The same console installation can be used for both administrator and read-only connections. The following
sections explain how to run the Policy Manager Console setup from the installation package, and how to
select the install operation mode when the console is run for the first time. The setup is identical for both
modes, and it is always possible to add new administrator and read-only connections after the initial startup.
Download and run the installation package
The first stage in installing Policy Manager is to download and run the installation package.
To begin installing the product:
1.
Download the installation package from www.f-secure.com/webclub.
You will find the file in the Download section of the Policy Manager page.
2. Double-click the executable file to begin installation.
Setup begins.
3. Select the installation language from the drop-down menu and click Next to continue.
4. Read the license agreement information, then select I accept this agreement and click Next to continue.
Select components to install
The next stage is to select the product components to install.
To continue installing the product:
1. Select the components to install (Policy Manager Console) and click Next to continue.
2. Choose the destination folder and then click Next.
It is recommended to use the default installation directory. If you want to install the product in a different
directory, you can click Browse and select a new directory.
3. Click Next to continue.
4. Specify the F-Secure Policy Manager Server address and Administration port number, then click Next
to continue.
Note: Depending on the installation method, this window is not always displayed.
Complete installation of the product
The next stage is to complete the installation of the product.
1. Review the changes that setup is about to make, then click Start to start installing the selected components.
When completed, the setup shows whether all components were installed successfully.
2. Click Finish to complete the installation.
3. Restart your computer if you are prompted to do so.
24 | F-Secure Policy Manager | Installing the product
Run Policy Manager Console
The last stage in setting up the product is to run Policy Manager Console for the first time.
To run Policy Manager Console for the first time:
1. Run Policy Manager Console by selecting Start ➤ Programs ➤ F-Secure Policy Manager Console ➤
F-Secure Policy Manager Console.
When Policy Manager Console is run for the first time, the Console Setup Wizard collects the information
needed to create an initial connection to the server. The first page of the Policy Manager Console setup
wizard summarizes the installation process.
2. Click Next to continue.
3. Select your user mode according to your needs:
•Administrator mode - enables all administrator features.
•Read-only mode - allows you to view administrator data, but no changes can be made. If you select
Read-only mode, you will not be able to administer hosts. To change to Administrator mode, you
will need the admin.pub and admin.prv administration keys.
4. Click Next to continue.
5. Enter the address of the Policy Manager Server that is used for communicating with the managed hosts,
then click Next to continue.
6. Enter the path where the administrator’s public key and private key files will be stored.
By default, key files are stored in the Policy Manager Console installation directory: Program
Files\F-Secure\Administrator.
7. Click Next to continue.
Note: If the key-pair does not already exist, it will be created later in the setup process.
8. Move your mouse cursor around in the window to initialize the random seed used by the management
key-pair generator.
Using the path of the mouse movement ensures that the seed number for the key-pair generation algorithm
has enough random variation.
When the progress indicator has reached 100%, the Passphrase dialog box will open automatically.
9. Enter a passphrase, which will secure your private management key.
10. Re-enter your passphrase in the Confirm passphrase field and click Next.
11. Click Finish to complete the setup process.
Policy Manager Console will generate the management key-pair. After the key-pair is generated, Policy
Manager Console will start.
The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer
is automatically added to this group. To allow another user to run Policy Manager you must manually add
this user to the FSPM users user group.
Policy Manager Console starts in Anti-virus mode, which is an optimized user interface for managing Client
Security, Anti-virus for Workstations and Anti-virus for Windows Servers. If you are going to use Policy Manager
Console for managing any other F-Secure product, you should use the Advanced mode user interface. You
can access it by selecting View ➤ Advanced mode from the menu.
When setting up workstations, you must provide them with a copy of the admin.pub key file (or access to
it). If you install the F-Secure products on the workstations remotely with Policy Manager, a copy of the
admin.pub key file is installed automatically on them. However, if you run the setup from a CD, you must
transfer a copy of the admin.pub key file manually to the workstations. The best and most secure method
is to copy the admin.pub file to a diskette and use this diskette for workstation installations. Alternatively,
F-Secure Policy Manager | Installing the product | 25
you can put the admin.pub file in a directory that can be accessed by all hosts that will be installed with
remotely managed F-Secure products.
26 | F-Secure Policy Manager | Installing the product
Changing the web browser path
Policy Manager Console acquires the file path to the default web browser during setup.
If you want to change the web browser path:
1. Select Tools ➤ Preferences from the menu.
2. Select the Locations tab and enter the new file path.
F-Secure Policy Manager | Installing the product | 27
Uninstalling the product
Follow these steps to uninstall Policy Manager components.
To uninstall any Policy Manager components:
1. Open the Windows Start menu and go to Control Panel.
2. Select Add/Remove Programs.
3. Select the component you want to uninstall (Policy Manager Console or Policy Manager Server), and click
Add/Remove.
The F-Secure Uninstall dialog box appears.
4. Click Start to begin uninstallation.
5. When the uninstallation is complete, click Close.
6. Repeat the above steps if you want to uninstall other Policy Manager components.
7. When you have uninstalled the components, exit Add/Remove Programs.
8. It is recommended that you reboot your computer after the uninstallation.
Rebooting is necessary to clean up the files remaining on your computer after the uninstallation, and
before the subsequent installations of the same F-Secure products.
Using Policy Manager Console
Chapter
3
Topics:
•
Overview
•
Basic information and tasks
•
Managing domains and hosts
•
Software distribution
•
Managing policies
•
Managing operations and tasks
•
Alerts
•
Reporting tool
•
Preferences
Policy Manager Console is a remote management console for the most
commonly used F-Secure security products, designed to provide a
common platform for all of the security management functions required
in a corporate network.
30 | F-Secure Policy Manager | Using Policy Manager Console
Overview
This section provides some general information about Policy Manager Console.
The conceptual world of Policy Manager Console consists of hosts that can be grouped within policy domains.
Policies are host-oriented. Even in multi-user environments, all users of a specific host share common settings.
An administrator can create different security policies for each host, or create a single policy for many hosts.
The policy can be distributed over a network to workstations, servers, and security gateways.
With Policy Manager Console, you can:
•Set the attribute values of managed products.
•Determine rights for users to view or modify attribute values that were remotely set by the administrator.
•Group the managed hosts under policy domains sharing common attribute values.
•Manage host and domain hierarchies easily.
•Generate signed policy definitions, which include attribute values and restrictions.
•Display status.
•Handle alerts.
•Handle F-Secure anti-virus scanning reports.
•Handle remote installations.
•View reports in HTML format, or export reports to various formats.
Policy Manager Console generates the policy definition, and displays status and alerts. Each managed host
has a module (Management Agent) enforcing the policy on the host.
Policy Manager Console recognizes two types of users: administrators and read-only mode users.
The administrator has access to the administration private key. This private key is stored as a file, which may
be shared among users with management rights. The administrator uses Policy Manager Console to define
policies for different domains and individual hosts.
In read-only mode, the user can:
•View policies, statistics, operation status, version numbers of installed products, alerts and reports.
•Modify Policy Manager Console properties, because its installation is user-based and modifications cannot
affect other users.
The user cannot do any of the following in read-only mode:
•Modify the domain structure or the properties of domains and hosts.
•Modify product settings.
•Perform operations.
•Install products.
•Save policy data.
•Distribute policies.
•Delete alerts or reports.
There can be only one administrator mode connection to Policy Manager Server at a time. There can be
several read-only connections to Policy Manager Server simultaneously.
Loading...
+ 72 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.