Kaspersky Lab KASPERSKY ANTI-VIRUS-ADMINISTRATION KIT 5.0 User Manual

KASPERSKY LAB
Kaspersky® Administration Kit
version 5.0
Getting started
KASPERSKY® ADMINISTRATION KIT
VERSION 5.0
Getting started
© Kaspersky Lab
http://www.kaspersky.com/
Revision date: December 2005
Contents
CHAPTER 1. INTRODUCTION ...................................................................................... 4
CHAPTER 2. GETTING STARTED................................................................................ 6
2.1. Installing MSDE 2000............................................................................................ 7
2.2. Installing the Administration Server and Administration Console ........................ 8
2.3. Quick Start Wizard................................................................................................. 9
2.4. Creating an administration group........................................................................ 10
2.5. Remote installation of the Network Agent .......................................................... 11
2.6. Kaspersky Anti-Virus application deployment .................................................... 12
2.7. Checking the operation of the update task......................................................... 13
2.8. Configuring notifications ...................................................................................... 14
2.9. Testing the notification system and on-demand scan task ................................ 15
2.10. Generating reports............................................................................................. 15
CHAPTER 3. UPGRADING FROM 4.Х TO VERSION 5.Х......................................... 17
CHAPTER 4. CONCLUSION........................................................................................ 18
APPENDIX A. KASPERSKY LAB................................................................................. 19
A.1. Other Kaspersky Lab Products .......................................................................... 20
A.2. Contact Us........................................................................................................... 25
APPENDIX B. LICENSE AGREEMENT....................................................................... 27
CHAPTER 1. INTRODUCTION
This document outlines the main steps a network security administrator must take to quickly and efficiently install an anti-virus protection system, based on
Kaspersky Lab’s applications, across a corporate network using Kaspersky Administration Kit.
This document examines a simple scenario in which anti-virus protection is installed on several computers. For successful installation, the computers must run Windows NT/2000/2003/XP.
This document also describes the process of upgrading Kaspersky Lab’s applications from version 4.x to version 5.x.
Refer to the Kaspersky Administration Kit Administrator’s Guide for detailed information on the application’s functionality.
Kaspersky Administration Kit 5 is designed for managing the anti-virus protection system within a corporate network. The application enables the administrator to do the following:
Deploy Kaspersky Lab’s applications across the network.
Remotely manage the anti-virus protection system from a single location.
Receive notifications across the network about virus protection-related
events.
Accumulate statistics and reports from all installations.
Kaspersky Administration Kit 5 consists of the following components:
The Administration Server lets administrators manage Kaspersky Lab’s
applications installed across a network from a central location. The applications which can be managed currently are Kaspersky Anti-Virus for Workstations 5.0 and Kaspersky Anti-Virus for File Servers 5.0. The Administration Server stores all the data about the corporate anti-virus protection system in a Microsoft Development Environment (MSDE) 2000 or MS SQL Server 2000 database. MSDE 2000 Service Patch (SP) 3 or MS SQL Server 2000 SP 3 must be installed and configured before Administration Server is installed. You can install MSDE 2000 SP 3 from the package included with Kaspersky Administration Kit 5.
Introduction 5
The Network Agent is installed on workstations which are protected by
either Kaspersky Anti-Virus for Workstations 5.0 or Kaspersky Anti-Virus for File Servers 5.0, and managed via the Administration Server. This component coordinates the interaction between Kaspersky Lab applications, running on client computers, and the Administration Server. The Network Agent receives commands from the Administration Server and dispatches information about the anti-virus protection status of client computers.
The Administration Console provides a user interface for Server and
Agent administration services. This component snaps into the Microsoft Management Console (MMC).
CHAPTER 2. GETTING STARTED
To build an effective protection system around your corporate network, follow these steps:
1. Install MSDE 2000 SP 3 or SQL Server 2000 SP 3 (see section 2.1 on page 7). Skip this step if your network already has either of these database servers installed.
2. Install the Administration Server and Administration Console (see section 2.2 on page 8).
3. Configure the initial settings of the anti-virus protection system using the Quick Start Wizard (see section 2.3 on page 9).
4. Create administration groups to manage groups of client computers by applying group policies and tasks (see section 0 on page 10).
5. Remotely install the Network Agent on client computers to allow their anti-virus application to interact with the Administration Server (see section 2.5 on page 11).
6. Remotely install Kaspersky Anti-Virus for Workstations 5.0 or Kaspersky Anti-Virus for File Servers 5.0 on selected client computers (see section 2.6 on page 12).
7. Configure the downloading of anti-virus database updates from the Internet by the Administration Server, and verify that the operation is successful. Verify that the databases are being updated on client computers (see section 2.7 on page 13).
8. Configure options for notifying the administrator of virus-related events on client computers (see section 2.8 on page 14).
9. Run an on-demand scan on client computers and check the notification task performed on client computers (see section 2.9 on page 14).
10. View a report on the anti-virus protection of client computers and the number of viruses detected by Kaspersky Lab’s applications (see section 2.10 on page 15).
Getting started 7
If the steps above have been successfully completed, you have built a reliable anti-virus protection system for your corporate network.
The following sections describe these steps in more detail.

2.1. Installing MSDE 2000

Skip this step if your network already has Microsoft Development Environment (MSDE) 2000 SP 3 or SQL Server 2000 SP 3 installed.
To install MSDE 2000 from the package included in Kaspersky Administration Kit,
1. Select a computer on which to install the Administration Server database. This is typically the same computer on which Administration Server will be installed.
2. Run the setup.exe file in the MSDE2KSP3 directory on the Kaspersky
Administration Kit 5.0 installation CD.
3. Follow the setup wizard’s instructions.
After you have performed all the installation steps, the MSDE 2000 SP 3 application will be installed on the selected computer. MSDE 2000 SP 3 requires no administration.
The version of MSDE contained in the Kaspersky Administration Kit package can be used only with Kaspersky Administration Kit.
The Administration Server uses MSDE 2000 SP 3 or SQL Server 2000 SP 3 to store anti-virus protection data in a central database.
klbackup application included in the Kaspersky Administration Kit
The distribution package creates backup copies of the Administration Server data. For details of this utility, please refer to the Administrator’s Guide.
8 Kaspersky Administration Kit 5.0
2.2. Installing the Administration
Server and Administration Console
During installation, you can select to install either the Administration Server and the Administration Console, or only the Administration Console. The Administration Server cannot be installed without the Console. The default option is to install both components.
If necessary, the Administration Console can be installed on another computer, and manage the Administration Server via the network.
To install the Administration Server and / or the Administration Console,
1. Select a computer on which to install the components. If there is a Windows domain structure on your network, it is recommended that you install the Administration Server on a member of the domain.
You can install Administration Server 5.x on the same computer that Administration Server 4.x is on. The Administration Servers of versions
5.x and 4.х are independent of one another and can run concurrently on the same computer without any compatibility issues.
You are advised to posess domain administrator rights when installing
the product. This will allow to automatically create KLAdmins and KLOperators groups and to provide necessary credentials to account,
under which Administration server will operate.
2. Run the setup.exe file from the Kaspersky Administration Kit 5 installation CD.
3. Follow the wizard’s instructions.
Select the domain administrator account as the service account under which the Administration Server will start on this computer.
Getting started 9
2.3. Quick Start Wizard
To perform initial configuration of anti-virus protection settings,
1. Run the Administration Console by clicking Start Æ Programs Æ Kaspersky Administration Kit Æ Kaspersky Administration Kit.
2. Connect to the Administration Server by clicking the Administration Server node in the console tree. Accept the server certificate.

3. Open the shortcut menu and select Quick Start Wizard.

4. Wait until the Administration Server finishes searching your network and detects all computers on the network.
5. Create administration groups by one of the following methods:
If you are only dealing with several test computers, select the
Manual option to manually add test client computers to the
group.
If you are deploying the anti-virus protection system throughout a corporate network, select one of the following methods of automatically creating logical networks:
o Add computers to a group using Windows networking.
In this case, the logical network will be based on the structure of Windows domains and user groups (administration groups will coincide with Windows domains and user groups).
o Add computers to a group using the structure of the
previous version of Kaspersky Administration Kit. In
this case, the logical network will be based upon the network of Kaspersky Administration Kit 4.x.
6. Specify options for sending email notifications generated by Kaspersky Lab’s applications. These settings can be edited as part of the Administration Server properties. For more information, refer to the Administrator’s Guide.
10 Kaspersky Administration Kit 5.0
7. Create a policy for Kaspersky Anti-Virus for Workstations 5, and define tasks to activate the anti-virus protection system. Kaspersky Administration Kit 5 uses group policies to apply settings uniformly to all computers in a group. Tasks are actions performed by the anti-virus software on all computers in a group.
The wizard will create the following policies and tasks:
An upper-level policy for all anti-virus applications, with default settings. Later you will be able to view and modify the policy settings. In order to apply changes that you have made in the policy to the client computers and to prevent the user from
altering these settings, use the
A global task for updating the Administration Server from the Internet.
The application will download updates, to both the anti-virus database and to program modules, from Kaspersky Lab’s update servers, and save them to the shared folder specified during the installation of Administration Server. Client computers will retrieve the updates from this shared folder.
Click the Updater Settings button to configure updating options
for the Administration Server.
symbol.
An upper-level group task to update anti-viruses databases on client computers will be created, with default settings. The client computers will be configured to retrieve updates from the shared folder.
An on-demand scan task for client computers will be created, with default settings.
2.4. Creating an administration
group
To add a new group to the logical network,
1. In the console tree or the Groups folder in the details pane, select a
group to which you want to add a new group. Open the shortcut menu
Loading...
+ 23 hidden pages