adinteg

Active Directory Integration

Integrate OfficeScan with your Microsoft™ Active Directory™ structure to manage OfficeScan clients more efficiently, assign web console permissions using Active Directory accounts, and determine which endpoints do not have security software installed. All users in the network domain can have secure access to the OfficeScan console. You can also configure limited access to specific users, even those in another domain. The authentication process and the encryption key provide validation of credentials for users.

Active Directory integration allows you to take full advantage of the following features:

• Role-based administration: Assign specific administrative responsibilities to users by granting them access to the product console using their Active Directory accounts. For details, see Role-based Administration.

• Custom client groups: Use Active Directory or IP addresses to manually group clients and map them to domains in the OfficeScan client tree. For details, see Automatic Client Grouping.

• Outside server management: Ensure that computers in the network that are not managed by the OfficeScan server comply with your company’s security guidelines. For details, see Security Compliance for Unmanaged Endpoints.

Manually or periodically synchronize the Active Directory structure with the OfficeScan server to ensure data consistency. For details, see Synchronizing Data with Active Directory Domains.

To integrate Active Directory with OfficeScan:

• administration > Active directory > Active directory Integration

1. Under Active Directory Domains, specify the Active Directory domain name.

2. Specify credentials that the OfficeScan server will use when synchronizing data with the specified Active Directory domain. The credentials are required if the server is not part of the domain. Otherwise, the credentials are optional. Be sure that these credentials do not expire or the server will not be able to synchronize data.

1. Click Enter domain credentials.

2. In the popup window that opens, type the username and password. The username can be specified using any of the following formats:

• domain\username

• username@domain

3. Click Save.

3. Click the button to add more domains. If necessary, specify domain credentials for any of the added domains.

4. Click the button to delete domains.

5. Specify encryption settings if you specified domain credentials. As a security measure, OfficeScan encrypts the domain credentials you specified before saving them to the database. When OfficeScan synchronizes data with any of the specified domains, it will use an encryption key to decrypt the domain credentials.

1. Go to the Encryption Settings for Domain Credentials section.

2. Type an encryption key that does not exceed 128 characters.

3. Specify a file to which to save the encryption key. You can choose a popular file format, such as .txt. Type the file's full path and name, such as C:\AD_Encryption\EncryptionKey.txt.

• If the file is removed or the file path changes, OfficeScan will not be able to synchronize data with all of the specified domains.

6. Click one of the following:

• Save: Save the settings only. Because synchronizing data may strain network resources, you can choose to save the settings only and synchronize at a later time, such as during non-critical business hours.

• Save and Synchronize: Save the settings and synchronize data with the Active Directory domains.

7. Schedule periodic synchronizations. For details, see Synchronizing Data with Active Directory Domains.

See also:

• Synchronizing Data with Active Directory Domains

• Security Compliance for Unmanaged Endpoints