How it Works
F-secure
Loading...
POLICY MANAGER 9.0
ADMINISTRATOR GUIDE
102 pgs520.66 Kb0
Table of contents
Loading...

F-secure POLICY MANAGER 9.0 ADMINISTRATOR GUIDE

F-Secure Policy Manager
Administrator's Guide

Contents

Chapter 1: Introduction.......................................................................7
Chapter 2: Installing the product......................................................15
F-Secure Policy Manager | TOC | 3
System requirements................................................................................................................8
Policy Manager Server...................................................................................................8
Policy Manager Console................................................................................................8
Main components...................................................................................................................10
Features..................................................................................................................................11
Product registration.................................................................................................................12
Policy-based management.....................................................................................................13
Security issues........................................................................................................................16
Installing Policy Manager in high-security environments........................................................17
Installation order.....................................................................................................................18
Installing Policy Manager Server............................................................................................19
Download and run the installation package.................................................................19
Select components to install........................................................................................19
Complete installation of the product............................................................................20
Check that the installation was successful..................................................................21
Changing the communication directory path..........................................................................22
Installing Policy Manager Console..........................................................................................23
Download and run the installation package.................................................................23
Select components to install........................................................................................23
Complete installation of the product............................................................................23
Run Policy Manager Console......................................................................................24
Changing the web browser path.............................................................................................26
Uninstalling the product..........................................................................................................27
Chapter 3: Using Policy Manager Console......................................29
Overview.................................................................................................................................30
Basic information and tasks....................................................................................................31
Advanced mode user interface....................................................................................32
Contents of the Advanced mode user interface...........................................................33
4 | F-Secure Policy Manager | TOC
Managing domains and hosts.................................................................................................38
Software distribution...............................................................................................................42
Managing policies...................................................................................................................49
Managing operations and tasks..............................................................................................52
Alerts.......................................................................................................................................53
Reporting tool.........................................................................................................................55
Preferences............................................................................................................................58
Local installation and updates with pre-configured packages.....................................46
Settings........................................................................................................................49
Viewing alerts and reports...........................................................................................53
Policy domain / host selector pane..............................................................................55
Report type selector pane............................................................................................55
Chapter 4: Maintaining Policy Manager Server...............................61
Backing up & restoring Policy Manager Console data...........................................................62
Creating the backup................................................................................................................63
Restoring the backup..............................................................................................................64
Replicating software using image files....................................................................................65
Chapter 5: Updating virus definition databases.............................67
Automatic updates with Automatic Update Agent..................................................................68
The benefits of using Automatic Update Agent...........................................................68
Using Automatic Update Agent...............................................................................................70
Configuring Automatic Update Agent..........................................................................70
How to read the log file................................................................................................70
Forcing Automatic Update Agent to check for new updates immediately..............................72
Updating the databases manually..........................................................................................73
Troubleshooting......................................................................................................................74
F-Secure Policy Manager | TOC | 5
Chapter 6: Web Reporting.................................................................75
Generating and viewing reports..............................................................................................76
Creating a printable report...........................................................................................76
Maintaining Web Reporting....................................................................................................78
Creating a backup copy of the Web Reporting database............................................78
Restoring the Web Reporting database from a backup copy......................................78
Web Reporting error messages and troubleshooting.............................................................79
Troubleshooting...........................................................................................................79
Resetting the Web Reporting database.......................................................................79
Chapter 7: Policy Manager Proxy.....................................................81
Overview.................................................................................................................................82
Chapter 8: Troubleshooting..............................................................83
Policy Manager Server and Policy Manager Console............................................................84
Policy Manager Web Reporting..............................................................................................88
Policy distribution....................................................................................................................89
Chapter 9: Ilaunchr error codes.......................................................91
Error codes.............................................................................................................................92
Chapter 10: FSII remote installation error codes............................95
Error codes.............................................................................................................................96
Chapter 11: NSC notation for netmasks..........................................99
NSC notation details.............................................................................................................100
6 | F-Secure Policy Manager | TOC

Introduction

Chapter
1
Topics:
System requirements
Main components
Features
Product registration
Policy-based management
Policy Manager can be used for:
defining security policies,
distributing security policies,
installing application software to local and remote systems,
monitoring the activities of all systems in the enterprise to ensure compliance with corporate policies and centralized control.
When the system has been set up, you can see status information from the entire managed domain in one single location. In this way it is very easy to make sure that the entire domain is protected, and to modify the protection settings when necessary. You can also restrict the users from making changes to the security settings, and be sure that the protection is always up-to-date.
8 | F-Secure Policy Manager | Introduction

System requirements

This section provides the system requirements for both Policy Manager Server and Policy Manager Console.

Policy Manager Server

In order to install Policy Manager Server, your system must meet the minimum requirements given here.
Microsoft Windows:Operating system:
Microsoft Windows Server 2003 SP1 or higher (32-bit); Standard, Enterprise, Web Edition or Small Business Server editions
Windows Server 2003 SP1 or higher (64-bit); Standard or Enterprise editions
Windows Server 2008 SP1 (32-bit); Standard, Enterprise or Web Server editions
Windows Server 2008 SP1 (64-bit); Standard, Enterprise, Web Server, Small Business Server or Essential Business Server editions
Windows Server 2008 R2; Standard, Enterprise or Web Server editions
Disk space:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts or using Web Reporting requires P4 3 GHz level processor or faster.
512 MB RAM, 1 GB RAM recommended.Memory:
Managing more than 5000 hosts or using Web Reporting requires 1 GB RAM.
5 GB of free hard disk space; 8 GB or more is recommended. The disk space requirements depend on the size of the installation.
In addition to this it is recommended to allocate about 1 MB per host for alerts and policies. The actual disk space consumption per host is hard to anticipate, since it depends on how the policies are used and how many installation packages are stored.
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit network.

Policy Manager Console

In order to install Policy Manager Console, your system must meet the minimum requirements given here.
F-Secure Policy Manager | Introduction | 9
Microsoft Windows:Operating system:
Windows XP Professional (SP2 or higher)
Windows Vista (32-bit or 64-bit) with or without SP1; Business, Enterprise or Ultimate editions
Windows 7 (32-bit or 64-bit); Professional, Enterprise or Ultimate editions
Microsoft Windows Server 2003 SP1 or higher (32-bit); Standard, Enterprise, Web Edition or Small Business Server editions
Windows Server 2003 SP1 or higher (64-bit); Standard or Enterprise editions
Windows Server 2008 SP1 (32-bit); Standard, Enterprise or Web Server editions
Windows Server 2008 SP1 (64-bit); Standard, Enterprise, Web Server, Small Business Server or Essential Business Server editions
Windows Server 2008 R2; Standard, Enterprise or Web Server editions
Display:
P4 2 GHz processor or faster.Processor:
Managing more than 5000 hosts requires P4 3 GHz processor or faster.
512 MB of RAM.Memory:
Managing more than 5000 hosts requires 1 GB of memory.
200 MB of free hard disk space.Disk space:
Minimum 16-bit display with resolution of 1024x768 (32-bit color display with 1280x1024 or higher resolution recommended).
10 Mbit network.Network:
Managing more than 5000 hosts requires a 100 Mbit network.
10 | F-Secure Policy Manager | Introduction

Main components

The power of Policy Manager lies in the F-Secure management architecture, which provides high scalability for a distributed, mobile workforce.
Policy Manager Console
Policy Manager Server
Management Agent
Policy Manager Console provides a centralized management console for the security of the managed hosts in the network. It enables the administrator to organize the network into logical units for sharing policies. These policies are defined in Policy Manager Console and then distributed to the workstations through Policy Manager Server. Policy Manager Console is a Java-based application that can be run on several different platforms. It can be used to remotely install the Management Agent on other workstations without the need for local login scripts, restarting, or any intervention by the end user.
Policy Manager Console includes two different user interfaces:
Anti-virus mode user interface that is optimized for managing Client Security and Anti-virus for Workstations.
Advanced mode user interface that can be used for managing other F-Secure products.
Policy Manager Server is the repository for policies and software packages distributed by the administrator, as well as status information and alerts sent by the managed hosts. Communication between Policy Manager Server and the managed hosts is accomplished through the standard HTTP protocol, which ensures trouble-free performance on both LAN and WAN.
Management Agent enforces the security policies set by the administrator on the managed hosts, and provides the end user with a user interface and other services. It handles all management functions on the local workstations and provides a common interface for all F-Secure applications, and operates within the policy-based management infrastructure.
Web Reporting
Update Server & Agent
Web Reporting is an enterprise-wide, web-based graphical reporting system included in Policy Manager Server. With Web Reporting you can quickly create graphical reports based on historical trend data, and identify computers that are unprotected or vulnerable to virus outbreaks.
Update Server & Agent are used for updating virus and spyware definitions on the managed hosts, and are included in Policy Manager Server. The Automatic Update Agent allows users to receive virus definition database updates and data content without interrupting their work to wait for files to download from the web. It downloads files automatically in the background using bandwidth not being used by other Internet applications. If Automatic Update Agent is always connected to the Internet, it will automatically receive new virus definition updates within about two hours after they have been published by F-Secure.

Features

Some of the main features of Policy Manager are described here.
F-Secure Policy Manager | Introduction | 11
Software distribution
Configuration and policy management
Event management
Performance management
Installation of F-Secure products on hosts from one central location, and updating of executable files and data files, including virus definitions updates.
Updates can be provided in several ways:
From an F-Secure CD.
From the F-Secure web site to the customer. These can be automatically
‘pushed’ by Automatic Update Agent, or voluntarily ‘pulled’ from the F-Secure web site.
Policy Manager Console can be used to export pre-configured installation packages, which can also be delivered using third-party software, such as SMS and similar tools.
Centralized configuration of security policies. The policies are distributed from Policy Manager Server by the administrator to the user’s workstation. Integrity of the policies is ensured through the use of digital signatures.
Reporting to the Event Viewer (local and remote logs), e-mail, and report files and creation of event statistics.
Statistics and performance data handling and reporting.
Task management
Management of virus scanning tasks and other operations.
12 | F-Secure Policy Manager | Introduction

Product registration

You have the option of providing F-Secure with information regarding the use of Policy Manager by registering your product.
The following questions and answers provide some more information about registering your installation of Policy Manager. You should also view the F-Secure license terms (http://www.f-secure.com/en_EMEA/estore/license-terms/) and privacy policy (http://www.f-secure.com/en_EMEA/privacy.html).
Why does F-Secure collect data?
In order to improve our service, we collect statistical information regarding the use of F-Secure products. To help F-Secure provide better service and support, you can allow us to link this information to your contact information. To allow this, please enter the customer number from your license certificate during the installation of Policy Manager.
What information is sent?
We collect information that cannot be linked to the end user or the use of the computer. The collected information includes F-Secure product versions, operating system versions, the number of managed hosts and the number of disconnected hosts. The information is transferred in a secure and encrypted format.
What do I benefit from submitting information to F-Secure?
When you contact our support, we can provide a solution to your problem more quickly based on the information collected. In addition, with this information we can further develop our product and services to match the needs of our customers even better.
Where is the information stored and who can access it?
The data is stored in F-Secure's highly secured data center, and only F-Secure's assigned employees can access the data.
F-Secure Policy Manager | Introduction | 13

Policy-based management

A security policy is a set of well-defined rules that regulate how sensitive information and other resources are managed, protected, and distributed.
The management architecture of F-Secure software uses policies that are centrally configured by the administrator for optimum control of security in a corporate environment. Policy-based management implements many functions:
Remotely controlling and monitoring the behavior of the products.
Monitoring statistics provided by the products and the Management Agent.
Remotely starting predefined operations.
Transmission of alerts and notifications from the products to the system administrator.
The information flow between Policy Manager Console and the hosts is accomplished by transferring policy files. There are three kinds of policy files:
Default policy files (.dpf)
Base policy files (.bpf)
Incremental policy files (.ipf)
The current settings of a product consist of all three policy file types:
Default policy files
Base policy files
Incremental policy files
The default policy file contains the default values (the factory settings) for a single product that are installed by the setup. Default policies are used only on the host. If neither the base policy file nor the incremental policy file contains an entry for a variable, then the value is taken from the default policy file. New product versions get new versions of the default policy file.
Base policy files contain the administrative settings and restrictions for all the variables for all F-Secure products on a specific host (with domain level policies, a group of hosts may share the same file). A base policy file is signed by Policy Manager Console, protecting the file against changes while it is passing through the network and while it is stored in the host’s file system. These files are sent from Policy Manager Console to Policy Manager Server. The host periodically polls for new policies created by Policy Manager Console.
Incremental policy files are used to store local changes to the base policy. Only changes that fall within the limits specified in the base policy are allowed. The incremental policy files are then periodically sent to Policy Manager Console so that current settings and statistics can be viewed by the administrator.

Management Information Base

The Management Information Base (MIB) is a hierarchical management data structure used in the Simple Network Management Protocol (SNMP).
In Policy Manager, the MIB structure is used for defining the contents of the policy files. Each variable has an Object Identifier (OID) and a value that can be accessed using the Policy API. In addition to basic SNMP MIB definitions, the F-Secure MIB concept includes many extensions that are needed for complete policy-based management.
The following categories are defined in a product’s MIB:
Settings
Used to manage the workstation in the manner of an SNMP. The managed products must operate within the limits specified here.
Delivers product statistics to Policy Manager Console.Statistics
14 | F-Secure Policy Manager | Introduction
Operations
Private
Traps
Operations are handled with two policy variables: (1) a variable for transferring the operation identifier to the host, and (2) a variable for informing Policy Manager Console about the operations that were performed. The second variable is transferred using normal statistics; it acknowledges all previous operations at one time. A custom editor for editing operations is associated with the subtree; the editor hides the two variables.
The management concept MIBs may also contain variables which the product stores for its internal use between sessions. This way, the product does not need to rely on external services such as Windows registry files.
Traps are the messages (including alerts and events) that are sent to the local console, log file, remote administration process, etc. The following types of traps are sent by most F-Secure products:
Info. Normal operating information from a host.
Warning. A warning from the host.
Error. A recoverable error on the host.
Fatal error. An unrecoverable error on the host.
Security alert. A security hazard on the host.

Installing the product

Chapter
2
Topics:
Security issues
Installing Policy Manager in high-security environments
Installation order
Installing Policy Manager Server
Changing the communication directory path
Installing Policy Manager Console
Changing the web browser path
Uninstalling the product
Here you will find instructions for installing the main product components; Policy Manager Server and Policy Manager Console.
16 | F-Secure Policy Manager | Installing the product

Security issues

Policy Manager Server utilizes Apache Web Server and Jetty Web Server technology, and even though we do the utmost to deliver secure and up-to-date technology we advise you to regularly consult the following sites for information on Apache and Jetty technology and security.
The most up to date information on security issues related to operating systems and Apache web server can be found at the CERT web site: http://www.cert.org.
A document containing advice on how to secure an installation of the Apache web server is available at
http://www.apache.org/docs/misc/security_tips.html and a list of vulnerabilities at http://www.apacheweek.com/features/security-13.
You will find a list of Jetty security reports at http://docs.codehaus.org/display/JETTY/Jetty+Security.
Note: You will find important information about installation and security in the release notes. Read these notes carefully.
F-Secure Policy Manager | Installing the product | 17

Installing Policy Manager in high-security environments

Policy Manager is designed to be used in internal corporate networks mainly for managing F-Secure anti-virus products, and should not be used over public networks such as the Internet.
Note: When installing Policy Manager in high-security environments, you should make sure that the administration port (by default port 8080) and the host port (by default port 80) are not visible on the Internet.
Built-in security features
Policy Manager has built-in security features that ensure detection of changes in the policy domain structure and policy data. More importantly, it is impossible to deploy unauthorized changes to managed hosts. Both these features rely on a management key pair that is available to administrators only. These features, based on strong digital signatures, will in most cases provide the right balance between usability and security in most antivirus installations, but the following features may require additional configuration in high-security environments:
By default, all users can access Policy Manager Server in read-only mode but are only able to view the management data. This is a convenient way of sharing information to users who are not allowed full administrative rights. Multiple users can keep a read-only session open simultaneously, monitoring the system status without affecting other administrators or managed hosts in any way.
To enable easy migration to new management keys, it is possible to re-sign the policy domain structure and policy data with a newly generated or previously existing key pair. If this is done accidentally, or intentionally by an unauthorized user, the authorized user will notice the change when he tries to log in to Policy Manager the next time. In the worst case, the authorized user needs to recover backups in order to remove the possible changes made by the unauthorized user. In any case, the policy domain structure and policy data changes will be detected, and there is no way to distribute the changes to managed hosts without the correct original key pair.
Both of these features may be undesirable in a high-security environment where even seeing the management data should be restricted. As an alternative, Policy Manager Console and Policy Manager Server can be installed on the same machine, and access limited to the localhost. Remote administrator access to Policy Manager Console can be arranged by using a secure remote desktop product.
Web Reporting in high-security environments
Web Reporting is designed to be used in internal corporate networks for generating graphical reports of, for example, Client Security virus protection status and alerts. F-Secure does not recommend using Web Reporting over public networks such as Internet.
An alternative for high-security environments is to limit access to Web Reporting to localhost only during the installation. After this, only the person who has physical access to the localhost can use Web Reporting.
18 | F-Secure Policy Manager | Installing the product

Installation order

You should install Policy Manager components in a specific order when installing them on separate machines.
To install Policy Manager, please follow this installation order (unless you are installing Policy Manager Server and Policy Manager Console on the same machine, in which case setup installs all components during the same installation process):
1. Policy Manager Server,
2. Policy Manager Console,
3. managed point applications.
F-Secure Policy Manager | Installing the product | 19

Installing Policy Manager Server

This section contains instructions for installing Policy Manager Server.
To install Policy Manager Server, you need physical access to the server machine.
Policy Manager Server is the link between Policy Manager Console and the managed hosts and acts as the repository for policies and software packages distributed by the administrator, as well as status information and alerts sent by the managed hosts.
Communication between Policy Manager Server and other components can be achieved through the standard HTTP protocol, which ensures trouble-free performance on LAN and global networks.
The information stored by Policy Manager Server includes the following files:
Policy domain structure.
Policy data, which is the actual policy information attached to each policy domain or host.
Base policy files generated from the policy data.
Status information, including incremental policy files, alerts, and reports.
Autoregistration requests sent by the hosts.
Product installation and virus definition database update packages.
Statistics and historical trend data about the hosts.

Download and run the installation package

The first stage in installing Policy Manager is to download and run the installation package.
To begin installing the product:
1.
Download the installation package from www.f-secure.com/webclub.
You will find the file in the Download section of the Policy Manager page.
2. Double-click the executable file to begin installation. Setup begins.
3. Select the installation language from the drop-down menu and click Next to continue.
4. Read the license agreement information, then select I accept this agreement and click Next to continue.

Select components to install

The next stage is to select the product components to install.
To continue installing the product:
1. Select the components to install and click Next to continue.
Select both Policy Manager Server and Policy Manager Console to install both components on the
same machine.
Select Policy Manager Server if you want to install Policy Manager Console on a separate machine.
2. Choose the destination folder and then click Next.
It is recommended to use the default installation directory. If you want to install the product in a different directory, you can click Browse and select a new directory.
Note: If you have Management Agent installed on the same machine, this window will not be shown.
3. Enter your customer number and then click Next.
You can find your customer number in the license certificate provided with the product.
20 | F-Secure Policy Manager | Installing the product
4. If setup does not detect any previous installation of Policy Manager, it asks you to confirm if a previous
installation of the product exists:
If a previous version has been installed, select I have an existing F-Secure Policy Manager
installation. Enter the communication directory path of the installed Policy Manager. The contents of
this directory will be copied under <server installation directory>\commdir\(communication directory under the Policy Manager Server installation directory), and this will be the directory that Policy Manager Server will use as a repository. You can use the previous commdir as a backup, or you can delete it once you have verified that Policy Manager Server is correctly installed.
If no previous version has been installed, select I do not have an existing F-Secure Policy Manager.
This will not require an existing commdir, and will create an empty commdir in the default location (under <F-Secure Policy Manager 5 installation directory>\commdir).
5. Click Next to continue.
6. Select whether you want to keep the existing settings or change them:
Note: This dialog is displayed only if a previous installation of Policy Manager Server was detected
on the computer.
By default the setup keeps the existing settings. Select this option if you have manually updated the
Policy Manager Server configuration. This option automatically keeps the existing administration, host and web reporting ports.
If you want to change the ports from the previous installation, select Change settings. This option
overwrites the edited configuration and restores the default settings.
7. Click Next to continue.
8. Select the Policy Manager Server modules to enable:
The Host module is used for communication with the hosts. The default port is 80.
The Administration module is used for communication with Policy Manager Console. The default
HTTP port is 8080.
Note: If you want to change the default port for communication, you will also need to change the
HTTP Port Number setting in Policy Manager Console.
By default, access to the Administration module is restricted to the local machine. This is the most secure way to use the product. When using a connection over a network, please consider securing the communication with F-Secure SSH.
The Web Reporting module is used for communication with Web Reporting. Select whether it should
be enabled. Web Reporting uses a local socket connection to the Administration module to fetch server data. The default port is 8081.
By default, access to Web Reporting is allowed also from other computers. If you want to allow access only from this computer, select Restrict access to the local machine.
9. Click Next to continue.
10. Select the product installation package(s) to install from the list of available packages, then click Next to
continue.

Complete installation of the product

The next stage is to complete the installation of the product.
1. Review the changes that setup is about to make, then click Start to start installing the selected components. When completed, the setup shows whether all components were installed successfully.
2. Click Finish to complete the installation.
F-Secure Policy Manager | Installing the product | 21
3. Restart your computer if you are prompted to do so.

Check that the installation was successful

The next stage is to check that the product was installed correctly.
To determine if your installation was successful:
1. Open a web browser on the machine where Policy Manager Server was installed.
2. Enter http://localhost:8080 as the address (if you used the default admin port number during the
installation) and press Enter. If the server installation was successful, a welcome page will be displayed.
Note: Policy Manager Server starts serving hosts only after Policy Manager Console has initialized the Communication directory structure, which happens automatically when you run Policy Manager Console for the first time.
22 | F-Secure Policy Manager | Installing the product

Changing the communication directory path

If the existing network drive on which the communication directory is located is getting full, you can change its location by using these instructions.
To change the communication directory path:
1. Choose a new network path on a drive with more space.
2. Create the path and ensure that the Local Service user has full control access rights to all the directories
on the path.
3. Stop the Policy Manager Server service.
4. Copy the whole directory structure from the old commdir path to the new path.
5. Change the value for the CommDir and CommDir2 directives in httpd.conf (in the <Policy Manager
Server installation directory>\conf\ directory).
The default configuration contains the following configuration:
CommDir "C:\Program Files\F-Secure\Management Server 5\CommDir" CommDir2 "C:\Program Files\F-Secure\Management Server 5\CommDir"
If you want to change the communication directory location to E:\CommDir, change the directives to reflect that configuration. For example:
CommDir "E:\CommDir" CommDir2 "E:\CommDir"
6. Start the Policy Manager Server service.
7. Check that everything still works.
8. Delete the old commdir files.
F-Secure Policy Manager | Installing the product | 23

Installing Policy Manager Console

This section contains instructions for installing Policy Manager Console.
Policy Manager Console can operate in two modes:
Administrator mode - you can use Policy Manager Console to its full extent.
Read-only mode - you can view Policy Manager Console information but cannot perform any administrative tasks (this mode is useful, for example, for helpdesk personnel).
The same console installation can be used for both administrator and read-only connections. The following sections explain how to run the Policy Manager Console setup from the installation package, and how to select the install operation mode when the console is run for the first time. The setup is identical for both modes, and it is always possible to add new administrator and read-only connections after the initial startup.

Download and run the installation package

The first stage in installing Policy Manager is to download and run the installation package.
To begin installing the product:
1.
Download the installation package from www.f-secure.com/webclub.
You will find the file in the Download section of the Policy Manager page.
2. Double-click the executable file to begin installation. Setup begins.
3. Select the installation language from the drop-down menu and click Next to continue.
4. Read the license agreement information, then select I accept this agreement and click Next to continue.

Select components to install

The next stage is to select the product components to install.
To continue installing the product:
1. Select the components to install (Policy Manager Console) and click Next to continue.
2. Choose the destination folder and then click Next.
It is recommended to use the default installation directory. If you want to install the product in a different directory, you can click Browse and select a new directory.
3. Click Next to continue.
4. Specify the F-Secure Policy Manager Server address and Administration port number, then click Next
to continue.
Note: Depending on the installation method, this window is not always displayed.

Complete installation of the product

The next stage is to complete the installation of the product.
1. Review the changes that setup is about to make, then click Start to start installing the selected components. When completed, the setup shows whether all components were installed successfully.
2. Click Finish to complete the installation.
3. Restart your computer if you are prompted to do so.
24 | F-Secure Policy Manager | Installing the product

Run Policy Manager Console

The last stage in setting up the product is to run Policy Manager Console for the first time.
To run Policy Manager Console for the first time:
1. Run Policy Manager Console by selecting Start Programs F-Secure Policy Manager Console
F-Secure Policy Manager Console.
When Policy Manager Console is run for the first time, the Console Setup Wizard collects the information needed to create an initial connection to the server. The first page of the Policy Manager Console setup wizard summarizes the installation process.
2. Click Next to continue.
3. Select your user mode according to your needs:
Administrator mode - enables all administrator features.
Read-only mode - allows you to view administrator data, but no changes can be made. If you select
Read-only mode, you will not be able to administer hosts. To change to Administrator mode, you
will need the admin.pub and admin.prv administration keys.
4. Click Next to continue.
5. Enter the address of the Policy Manager Server that is used for communicating with the managed hosts,
then click Next to continue.
6. Enter the path where the administrator’s public key and private key files will be stored. By default, key files are stored in the Policy Manager Console installation directory: Program
Files\F-Secure\Administrator.
7. Click Next to continue.
Note: If the key-pair does not already exist, it will be created later in the setup process.
8. Move your mouse cursor around in the window to initialize the random seed used by the management
key-pair generator.
Using the path of the mouse movement ensures that the seed number for the key-pair generation algorithm has enough random variation.
When the progress indicator has reached 100%, the Passphrase dialog box will open automatically.
9. Enter a passphrase, which will secure your private management key.
10. Re-enter your passphrase in the Confirm passphrase field and click Next.
11. Click Finish to complete the setup process.
Policy Manager Console will generate the management key-pair. After the key-pair is generated, Policy Manager Console will start.
The setup wizard creates the user group FSPM users. The user who was logged in and ran the installer is automatically added to this group. To allow another user to run Policy Manager you must manually add this user to the FSPM users user group.
Policy Manager Console starts in Anti-virus mode, which is an optimized user interface for managing Client Security, Anti-virus for Workstations and Anti-virus for Windows Servers. If you are going to use Policy Manager Console for managing any other F-Secure product, you should use the Advanced mode user interface. You
can access it by selecting View Advanced mode from the menu. When setting up workstations, you must provide them with a copy of the admin.pub key file (or access to
it). If you install the F-Secure products on the workstations remotely with Policy Manager, a copy of the admin.pub key file is installed automatically on them. However, if you run the setup from a CD, you must transfer a copy of the admin.pub key file manually to the workstations. The best and most secure method is to copy the admin.pub file to a diskette and use this diskette for workstation installations. Alternatively,
F-Secure Policy Manager | Installing the product | 25
you can put the admin.pub file in a directory that can be accessed by all hosts that will be installed with remotely managed F-Secure products.
26 | F-Secure Policy Manager | Installing the product

Changing the web browser path

Policy Manager Console acquires the file path to the default web browser during setup.
If you want to change the web browser path:
1. Select Tools Preferences from the menu.
2. Select the Locations tab and enter the new file path.
F-Secure Policy Manager | Installing the product | 27

Uninstalling the product

Follow these steps to uninstall Policy Manager components.
To uninstall any Policy Manager components:
1. Open the Windows Start menu and go to Control Panel.
2. Select Add/Remove Programs.
3. Select the component you want to uninstall (Policy Manager Console or Policy Manager Server), and click
Add/Remove.
The F-Secure Uninstall dialog box appears.
4. Click Start to begin uninstallation.
5. When the uninstallation is complete, click Close.
6. Repeat the above steps if you want to uninstall other Policy Manager components.
7. When you have uninstalled the components, exit Add/Remove Programs.
8. It is recommended that you reboot your computer after the uninstallation.
Rebooting is necessary to clean up the files remaining on your computer after the uninstallation, and before the subsequent installations of the same F-Secure products.

Using Policy Manager Console

Chapter
3
Topics:
Overview
Basic information and tasks
Managing domains and hosts
Software distribution
Managing policies
Managing operations and tasks
Alerts
Reporting tool
Preferences
Policy Manager Console is a remote management console for the most commonly used F-Secure security products, designed to provide a common platform for all of the security management functions required in a corporate network.
30 | F-Secure Policy Manager | Using Policy Manager Console

Overview

This section provides some general information about Policy Manager Console.
The conceptual world of Policy Manager Console consists of hosts that can be grouped within policy domains. Policies are host-oriented. Even in multi-user environments, all users of a specific host share common settings.
An administrator can create different security policies for each host, or create a single policy for many hosts. The policy can be distributed over a network to workstations, servers, and security gateways.
With Policy Manager Console, you can:
Set the attribute values of managed products.
Determine rights for users to view or modify attribute values that were remotely set by the administrator.
Group the managed hosts under policy domains sharing common attribute values.
Manage host and domain hierarchies easily.
Generate signed policy definitions, which include attribute values and restrictions.
Display status.
Handle alerts.
Handle F-Secure anti-virus scanning reports.
Handle remote installations.
View reports in HTML format, or export reports to various formats.
Policy Manager Console generates the policy definition, and displays status and alerts. Each managed host has a module (Management Agent) enforcing the policy on the host.
Policy Manager Console recognizes two types of users: administrators and read-only mode users.
The administrator has access to the administration private key. This private key is stored as a file, which may be shared among users with management rights. The administrator uses Policy Manager Console to define policies for different domains and individual hosts.
In read-only mode, the user can:
View policies, statistics, operation status, version numbers of installed products, alerts and reports.
Modify Policy Manager Console properties, because its installation is user-based and modifications cannot affect other users.
The user cannot do any of the following in read-only mode:
Modify the domain structure or the properties of domains and hosts.
Modify product settings.
Perform operations.
Install products.
Save policy data.
Distribute policies.
Delete alerts or reports.
There can be only one administrator mode connection to Policy Manager Server at a time. There can be several read-only connections to Policy Manager Server simultaneously.
Loading...
+ 72 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use