outside_server_management
Ensure security compliance for computers within the network domains, but not managed by the OfficeScan server. Use Active Directory and IP addresses to query and determine non-compliant computers.
After querying Active Directory or IP addresses, the Web console displays the security status of computers. The security status can be any of the following:
Status |
Description |
Managed by another OfficeScan server |
The OfficeScan clients installed on the computers are managed by another OfficeScan server. Clients are online and run either this OfficeScan version or an earlier version. |
No OfficeScan client installed |
The OfficeScan client is not installed on the computer. |
Unreachable |
The OfficeScan server cannot connect to the computer and determine the status of the client. |
Unresolved Active Directory Assessment |
The computer is a part of the Active Directory domain but OfficeScan is unable to determine the status.
|
To use Outside Server Management, ensure that the OfficeScan server computer is part of the network to query Active Directory domains and IP addresses.
To enforce security compliance, perform the following tasks:
Check unprotected computers from the Query Result.
Install the OfficeScan client. Refer to Installing with Security Compliance.
Configure Scheduled Query.
When using Outside Server Management for the first time, define the Active Directory/IP address scope, which includes Active Directory objects and IP addresses that the OfficeScan server will query on demand or periodically. After defining the scope, start the query process.
To configure the scope and start the query process: >>>
Security Compliance > Outside server Management
On the Active Directory/IP Address Scope section, click Define.
In the screen that opens, use Active Directory and/or IP address to query:
From Active Directory Scope, select the objects to query.
If querying for the first time, select an object with less than 1000 accounts and then record how much time it took to complete the query. Use this data as your performance benchmark.
Optionally enable on-demand assessment to perform real-time queries for more accurate results. If you disable on-demand assessment, OfficeScan queries the database instead of each client. This option might be quicker but produces less accurate results.
From IP Address Scope, specify a range of IP addresses to query.
Click the plus () or minus () button to add or delete IP address ranges.
Under Advanced Setting, specify ports used by OfficeScan servers to communicate with clients. Setup randomly generates the port number during OfficeScan server installation.
To view the communication port used by the OfficeScan server, go to Networked Computers > Client Management and select a domain. The port displays next to the IP address column. Trend Micro recommends keeping a record of port numbers for your reference.
Click Specify ports.
Type the port number and click Add. Repeat this step until you have all the port numbers you want to add.
Click Save.
Choose whether to check a computer’s connectivity using a particular port number. When connection is not established, OfficeScan immediately treats the computer as unreachable. The default port number is 135.
Enabling this setting speeds up the query. When connection to a computer cannot be established, the OfficeScan server no longer needs to perform all the other connection verification tasks before treating a computer as unreachable.
To save the scope and start the query, click Save and re-assess. To save the settings only, click Save only.
The Outside Server Management screen displays the result of the query.
The query may take a long time to complete, especially if the query scope is broad. Do not perform another query until the Outside Server Management screen displays the result. Otherwise, the current query session terminates and the query process restarts.
The Security Status section classifies computers as:
Managed by another OfficeScan server
No OfficeScan client installed
Unreachable
Unresolved Active Directory assessment
Refer to Computer protection status.
Recommended tasks: >>>
On the Security Status section, click a number link to display all affected computers.
Use the search and advanced search functions to search and display only the computers that meet the search criteria.
If you use the advanced search function, specify the following items:
IP address
Computer name
OfficeScan server name
Active Directory tree
Security status
OfficeScan will not return a result if the name is incomplete. Use the wildcard character (*) if unsure of the complete name.
To save the list of computers to a file, click Export.
For clients managed by another OfficeScan server, use the Client Mover tool to have these clients managed by the current OfficeScan server. For more information about this tool, see Client Mover.
Configure Outside Server Management to periodically query the Active Directory and IP addresses to ensure that security guidelines are implemented.
To configure scheduled assessments for outside server management: >>>
Security Compliance > Outside Server Management > Settings
Enable scheduled query.
Specify the schedule.
Click Save.
See also: