INSTALLATION HANDS-ON

About the Hands-On

This hands-on section is structured in a way, that it allows you to work independently, but still giving you the possibility to consult step-by-step instructions.

Each given task will be divided into two sections• Actual Task

• Conditions, goals and short instructions

• Allowing you to work independently

• Detailed instructions (step-by-step work through)

• In case you can not come up with own solutions

Task Overview

1. Policy Manager deployment (incl. PMS, PMC and AUSYS)

2. Console initialization and initial configuration

3. AVCS 6.x rollout

Infrastructure

Your environment consists of two computers• Windows 2003 Standard Server (SP3)

• Windows XP Professional (SP2)

Network • 100 Mbit Ethernet, supporting TCP/IP

• C-class network (192.168.100.0/24)

XP Pro SP2 2003 Server

Root Update Server

Task 1

Install Policy Manager with all necessary components (not FSAVCS yet) on a single computer• Is such an installation possible in

this environment?

Once you have a clear plan how to proceed, install the products and configure it as follows• Limit access to the PMS admin

module to local host (use the default ports during installation)

If needed, next pages will provide you with a step-by-step walk through

=> After installation is completed, continue on page 19

XP Pro SP2 2003 Server

Root Update Server

Policy Manager Installation Walk-Through

Insert the F-Secure Product CD (old screenshot!)• Select ”F-Secure Policy Manager”


Choose the installation language• Click “Next”


Read the F-Secure License Terms and accept the agreement • Click ”Next”


Accept Custom installation• Click “Next”


Also here accept default selections• Click “Next”


Default installation path C:\Program Files\F-Secure is fine• Click “Next”


There is no old Policy Manager installed, so accept the default• Click ”Next”


Accept the default Port Numbers• Click ”Next”


Select F-Secure Anti-Virus Client Security 6.x• Click ”Next”


Necessary setup information has been collected. System is ready for installation• Click “Start”


Installation in process. Do not restart the system until 100 % completed• Might take some minutes


Components have been installed• Click “Next”


Installation finished successfully• Click “Finish”

Task 1 Completed

F-Secure Policy Manager is now installed• Check the Server Status

• Start/Status Monitor

• Both Apache modules should have Status: OK

• Web Reporting Module will still show an error, because we didn’t initialize the console yet

Initializing and configuring the console will be your next task

Task 2

Initialize and configure Policy Manger Console• Start the Console and go through the initialization process

• After that, configure the console as follows

• Rename the Root domain to F-Secure

• Restrict all user settings (try to find the easiest way)

• Define the Policy Manger host communication address

• Note: The address defined during the console initialization is the administration module address

• Change the server polling interval to 10 seconds (incoming and outgoing requests)

• Distribute policies!

Task continues on next page…

Task 2

Perform a general system check• Are all modules working properly?

• What does the status monitor say?• Try out the web reporting, does it work?

Try to complete this task independently• If needed, next pages will provide you with a step-by-step walk through

=> If you managed to complete this task, continue on page 36

Console Initialization Walk-Through

Start Policy Manger from Start menu for initialization• Click “Next”


Select Administrator mode• Click “Next”


Accept default• Click “Next”


Select the location of the key-pair. Defaults are ok.• Click ”Next”


Create administrator’s cryptographic keys• Move the cursor until the next dialogue box appears


Enter the administrative password. Use “password” in this hands-on• Click “Next”


Click ”Finish”


First Policy Manager Console launch• By default, Policy Manager Console is run in the Anti-Virus

Administration mode (AV mode)

Policy Manger is now initialized and ready to use

Next step is the console configuration and first policy distribution

Initial Console Configuration Walk-Through

Rename the root domain• Right-click the root domain

• Select Domain/Host Properties

• Rename “Root” to “F-Secure”

After that start fine tuning the communication settings• Click Centralized Management tab


Prevent user from changing most important settings• Click “Do not allow users to change settings…”


Define communication settings• Set Policy Manager Server address (IP address of your PMS computer)

• Set both polling intervals to 10 seconds


Distribute the Policy, select File/Distribute (or press CTRL + D)

System Status CheckOverall

Check the status of the Policy Manager Server• From the start menu:

Start/Programs/F-Secure Policy Manager Server/Status Monitor

• The Web Reporting error should now be fixed

System Status Check (Optional)Web Reporting

Open Report web interface• From the start menu: Start/Programs/F-Secure Policy Manager Server/F-

Secure Policy Manager Web Reporting

Task 2 completed

Policy Manager initialization and configuration has been finalized• The next Task will be F-Secure Anti-Virus

Client Security 6 rollout

XP Pro SP2 F-SecurePMS / PMC

Root Update Server

Task 3

Install AVCS 6.x on your client computer running Windows XP SP2• Is the installation possible without any changes to the host?

• Any conflicting software installed on the target system?• Which rollout method suits best for this environment?

• Which methods are possible?• Is there a firewall installed on the host preventing certain rollout

methods

Task continues on next page…

Task 3

Once you have a clear plan, how to rollout AVCS 6.x, and you have checked all issues mentioned on the previous page, go ahead with the rollout

Try to complete this task independently• If needed, next pages will provide you with a step-by-step walk through

=> If you managed to complete this task and your client has rebooted, continue on page 61

Pre-Rollout Checks

Check your target host for installed conflicting software• Check if there is conflicting software installed on the computer

• If there is, check if that product is automatically detected and removed by F-Secure Sidegrade Function

• Important: Always check all your hosts for conflicting software before your start any rollout

Pre-Rollout Checks

If the XP Firewall on your host is enabled:• F-Secure Intelligent Installations requires

certain inbound traffic allowed on target host (TCP 135 and 445)

• Try to connect to the ports from your PMS

• Open the command prompt and telnet the ports

• There will be no respond, so you need to allow the above mentioned protocols on your target host

• Try to come up with a solution, without disabling the firewall!

XP Firewall Configuration

Configure XP SP2 firewall exceptions• Allow “File and Printer Sharing”

• Press “Edit”• Enable SMB only (TCP 445)

• Disable all other ports

• Create new service and allowing RPC

• Press “Add Port”

• Name: RPC, Port number: 135

• Confirm by pressing OK

Remote Installation Walk-Through

Select ”Installation” tab on the editor pane• Click “Autodiscover Windows hosts…”


Select your target host from the list • Click “Install”


Select F-Secure Anti-Virus Client Security 6.x• Click “Next”


Check that F-Secure Anti-Virus for Client Security 6.x is the only selection• Click “Next”


Include the policy from your root domain “F-Secure”• Click “Next”


Accept the default domain account• Domain administrator account will be used to access the target host

• Click “Next”


Check the installation details, correct if necessary (“Back” button)• Click “Start”


Click “Next”


Instructor will provide you with the correct keycode• After typing the keycode, click “Next”


Install Virus Protection, E-mail scanning and Internet Shield• Click ”Next”


Select the language the product will use• Click “Next”


Choose centrally managed installation• Click “Next”


Specify your Policy Manager Server’s URL• Click “Next”


No need to add a custom property at this stage• Click ”Next”


At this point you will be able to choose, whether to remove conflicting software automatically• Accept the default setting

• Click “Next”


Select “Restart after installation, in”• Change the countdown to 1 minute

• Type a reboot message

• Click “Finish”


Wait while Intelligent Installation creates the distribution package• This step might take some minutes (depending on your system)

• Do not press “Cancel”


F-Secure Setup will start and install AVCS 6.x to your computer

Wait until the Reboot message appears on your screen• Don’t reboot yet, minimize the window


The ”Installation progress” window shows you, if the installation has finished successfully• Close this window• Also close the autodiscover wizard

window• Distribute policies!• Close Policy Manager Console

On the other computer, open the reboot dialogue again and click reboot

System Status Check

After the reboot• Open F-Secure Anti-Virus Client

Security 6.x by double-clicking the F-Secure icon in the system tray

• Click “Central Management”

• Check Last connection and Policy file counter

Task 3 Completed

Congratulations! You have successfully finished the Installation hands-on

F-SecureAVCS 6 F-Secure

PMS / PMC

Root Update Server

INSTALLATION HANDS-ON

Documents

Transcript of INSTALLATION HANDS-ON