Kaspersky Administration Kit 6.0

 
 
 

What is an Administration group?

Back to "Operating principles"
2012 Jan 23 ID: 969
 
 
 
 

Concerning to Kaspersky Administration Kit 6.0 MP1

Administration group is a number of client computers of Administration server with a special name. All clients computers of the group can: 

    • define and use the policy of antivirus protection for each application installed in the group; 
    • define and execute group tasks (application functions) with the determined set of parameters: create and install a unified installation package, update anti-virus databases and program modules, execute on-demand computer scan and real-time protection.

Administrator can make the hierarchy of groups of any depth of attachment to make the control over the products easier. Groups, Administration Servers and clients computers can be assigned to the group. 

NOTE!!! A client computer as well as a slave Administration Server can be assigned to one group only. 

After an administration group has been created its name can be changed, the group can be assigned to another group or it can be deleted: 

  • Group can be deleted from a logical network if no child/nested groups and client computers are assigned to it. 

To delete a group, run the Delete command from its context menu. 

  • Group can be relocated with all child/nested groups, client computers, slave Servers, group policies and tasks. Settings that correspond to its new position in the hierarchy of the logical network will be applied to it. 

To relocate the group, use the Cut/Paste commands from its context menu or drag it by the mouse. 

When relocating the group pay attention that group names are unique within the hierarchy of one level. To avoid the conflict of names, change name of one group before relocation. If the name is not unique, then _1, _2, etc is added to the name of the group. 

  • Group name can be changed on the General tab of the group properties (the Properties command of the group context menu). 

You cannot change name of the Groups group as it is embedded element of the Administration Console. 


The group parameters are distributed in the following tabs: 

General 

Computers 

Computer status 

Security 

Update Agent 

The following information can be viewed on:

 

The General tab

  • Name of parent group (for groups of the upper hierarchy the filed contains the Groups value) 
  • Statistics about the group contents – number of nested groups and general number of client computers with client computers of nested groups including. 
  • Date of the group creation
  • Date when either the group name or its attributes were modified (the filed has the Unknown value, if the group name and its attributes have not been modified)
  • Clicking the Reset virus counter button, the counter of detected viruses for all client computers of the group is reset

 

Back to the tabs list

On the Computers tab: 

  • In the New client computers in the group section you can select installation packages to install applications onto new client computers included into the group. I.e. if the installation package is checked, then this application is automatically installed on any computer included into the group. 

Once the flag is installed a task named Automatic installation -<installation package name> is created in the Group tasks subfolder. This task will be performed for all computers added to the group. To delete the task, clear the corresponding checkbox in the group properties. This task cannot be relocated/ copied. 

NOTE!!! For Kaspersky Lab's applications to be automatically installed on new computers working under MS Windows 98/ME OS, Administration Agent should be preliminary installed on them. 

In the Network group properties the New computers in the network section has only the Include computer into the structure of the group checkbox. If the checkbox is checked all computers detected within the Windows network are automatically included into the group of logical network whose name is given in the field below. 

  • In the Client computer activity in the network section you can define reaction of the Administration Server for computer being inactive within the Windows network for the set time interval: 
    • Notify the administrator if the computer is not active fro longer than, days; 
    • Delete the computer from the group if it is not active for longer than, days. 

Once the computer is deleted form the administration group it is located into the Network container. 

  • To automatically move computers of the Active Directory group, domain or IP-subnetwork to a specified administration group use the Automatically move computers from the Active Directory group, domain or from the IP subnetwork parameter. I.e. when new computers are found in the defined domain, Active Directory group or IP-subnetwork they will be automatically relocated to this administration group. Depending on the network parameters computer can be moved to an administration group at different time (60 minutes maximum). 

Remember, to specify the Unit with the computers included into it. Computes from the subgroups of the specified Unit will not be moved! You should also know after computers have been moved to an administration group they cannot be moved to another group until the Automatically move computers from the Active Directory group, domain or from the IP subnetwork parameter is unchecked. 

Back to the tabs list



The Computer status tab 

Each computer added to one of administration groups has its status in the logical network - OK/ Warning / Critical. Depending on the computer status the color of the icon next to the computer name changes. Except color the icon of a client computer can change its brightness

The color of a computer icon may be the following; 

    •  - the OK status. 
    •  - the Warning status. 
    •  - the Critical status. 

On the Computer status tab conditions are defined on which the computer is granted the Warning or Critical status. 

The Inherit parameter is checked by default for nested groups. It means the conditions to grant statuses are inherited from a parent group. But the administrator can regulate the conditions by checking /uncheking checkboxes and values of some parameters at which these conditions are executed. 

To configure or change the parameters, uncheck the Inherit box, highlight the necessary condition and from its context menu run the Change command. In the open window you can change the value of the parameter under which it will be executed. 

Let's view the possible conditions for the Warning and Critical statuses. Some of them are configured by default: 

The Critical status: 

    • Anti-virus application is not installed (enabled by default). 

 

    • Too many viruses detected – number of viruses detected on the client's device, when this number is exceeded then the computer status changes to Critical. The entered value may vary from 0 to 32767. The viruses are counted based on the events that get on the Administration Server. The setting to save the events in the Server database can be configured in the policy of the anti-virus application on the Events tab. 

 

    • Real-time protection level differs from that set by the administrator – this condition “works” if the real-time protection level set on the computer differs from running. 

NOTE! This condition should be used to grant the computer either Critical or Warning status only if the user has the right to change real-time protection settings. I.e. real-time protection settings are not locked and can be modified. 

Pay attention for different versions of Kaspersky Anti-Virus for Windows Workstations/ File Servers real-time protection statuses are different. That is why when choosing the Real-time protection level differs from that set by the administrator parameter take into consideration the list of statuses which real-time protection can take. 

Example 1: a computer with Kaspersky Anti-Virus 5.0 for Windows Workstations is added to the group. Administrator sets the Recommended level in the policy for all real-time protection components and it is necessary that the computer status should change to Critical if the user changes real-time protection settings. 

To configure the task, right-click the group to which the necessary computer is assigned > Properties > on the Computer status tab check Real-time protection level differs from that set by the administrator and change its value to Running (recommended) 

Example 2: a computer with Kaspersky Anti-Virus 6.0 for Windows Workstations installed is assigned to the group. Administrator wants the computer status would change to Critical, if the user pauses/stops all real-time protection components. 

To configure the task, right-click the group to which the necessary computer is assigned > Properties > on the Computer status tab check Real-time protection level differs from that set by the administrator and change its value to Running

    • Your computer has not been scanned for a very long time (enabled by default with the 14 days value) – the entered value is specified in days and might range from 1 to 32767. 

PAY ATTENTION, for the scan to be “full”, the My Computer object must be included in the list of objects for scan! Even if you select all discs to be scanned, but do not check the My Computer checkbox, such scan is not considered full. 

In version 6.0 applications full computer scan includes system memory, startup objects, system restore, mailboxes, hard and removable drives. 

    • Antivirus database is outdated (enabled by default with the 14 days value) – the entered value is set in days, and can be from 1 to 32767. 

 

    • Host has not connected to Administration Server for a very long time (enabled by default with the 14 days value) – entered value is set in days and can vary from 1 to 32767. 

 

    • Host is out of control (enabled by default) – a client computer fails to connect to the Administration Agent, but the computer answers ping command. This message may mean the Administration agent was deleted on the remote computer. 

 

    • Real-time protection is not active (enabled by default) – all real-time protection components are stopped. 

 

    • Anti-virus application is not running (enabled by default). 

 

The Warning status: 

    • Anti-virus application is not installed (enabled by default). 
    • Too many viruses detected (see above). 
    • Real-time protection level differs from that set by the administrator (see above). 
    • Full computer scan has not been performed for a very long time, days (enabled by default with the 7 days value). 
    • Antivirus database is outdated (enabled by default with the 7 days value
    • Host has not connected to Administration Server for a very long (enabled by default with the 7 days value

Remember, the color of the icon will change only after 3 synchronization periods (by default 15 minutes) with the interval not less than 3 minutes. To change the status quicker produce force synchronization of the Client and the Server – run the Synchronize command from the context menu of the client computer and click F5 to refresh the result in the Console. 

Parameters for the Critical and Warning statuses are configured separately from each other. But the conditions of the Critical status have a higher priority. I.e. if for a client computer conditions of both levels are executed, then the Critical status will be granted to the computer. Also there is no need for the same conditions for the Warning status give more time then for the Critical status. 

For example, if for the Critical status the value parameter Antivirus database has not been updated for a very long time, days number 1 is granted, and for the Warning status the same condition is with the default parameter – 7, then after the computer is given the Critical status, even if antivirus database is not updated during the next 5 days, computer will never get the Warning status. 

Brightness of the computer icon shows if the computer connects with the Administration Server or not. If the icon is not bright, then the Agent did not connect to the Server during the set time period. The default period is 60 minutes. This parameter can be changed in Server > Properties >the Settings tab > the Host visibility timeout, min field. 

NOTE! As soon as the computer is switched off the icon color becomes not bright irrespective of the parameter defined in the Host visibility timeout, min field. 

Back to the tabs list

The Security tab 

On this tab you can grant permission to users of the corporate network to manage the group. 

The Inherit parameter is configured by default for nested groups: i.e. permission rights are inherited from parent group. But with the parameter unchecked the administrator can change the rights – add/delete accounts, change rights for any account. 

NOTE! Rights of the KLAdmins (local, domain) group cannot be changed. 

Back to the tabs list

On the Update Agent tab

Update Agent is a computer of the administration group which stores and spreads database update and installation packages within its group: i.e. it is an intermediate storage of databases and packages. 

Warning These data are delivered on client computers of the group only if Network Agent is installed on these computers! 

 

Update Agents get: 

  • databases of known threats – as soon as they are delivered on the Administration Server (automatically). Only the data required by the group are copied.

 

  • installation packages – once the product deployment task of the package is started. The Update Agent gets the package only if the task is set at least one computer of its group. 

 

The data received from the Administration Server are stored in the setup folder of the Network Agent (subfolder $FTTmp). 

Warning The location of the folder with updates and installation packages cannot be either changed or restricted in size. 

 

The databases are delivered on client computers when the databases update task, in whose settings Administration Server is defined as an update resource, is run. If the Use multicast option is enabled, installation packages are delivered on client computers automatically. 

InformationIf a client computer does not find new databases or an installation package in the Update Agent’s storage, it will go to the Administration Server storage directly to get the same data. 

To form the list of the Update Agents, right-click Administration group > Properties > the Update Agent tab; on the tab create the Update Agents list. Once the Agent is added, its connection parameters with other client computers of the group can be set: 

  • Configure the ports by which client computers will connect to the Update Agent. By default ports 14000 and 13000 are set (for secure connection). 

InformationIf the Administration Server- computer is set as an Update Agent, then by default the ports 14001 and 13001 are used for interaction of the Update Agent and the Clients. 

  • Enable multicast to automatically spread installation packages and databases on client computers within the group. For it check Use multicast and fill in its parameters (multicast IP and IP-MULTICAST port number). By default the option is disabled. 

If multicast is enabled all computers even those for which installation is not defined will get the installation package. If you uncheck Use multicast then before installing the application the installed Network Agent will go to the Update Agent storage to get the installation package. 

New installation packages are multicast once within a group. If when multicasting the client computer was disconnected from the enterprise logical network then the Network Agent automatically downloads the necessary installation package from the Update Agent when the installation task is launched. 

Back to the tabs list

 
 
 
 
Did the provided info help you?
Yes No