Enabling End-User Access | Trend Micro Service Central

Views:

Enable end user access to allow the users to access quarantined spam items that IMSS might have misidentified as spam. The clients use LDAP or SMTP authentication to access the IMSS EUQ service.

Note

To allow users to manage messages on the EUQ management console, add their individual and distribution list email addresses to the list of users on your LDAP server.

When using SMTP authentication, you do not need to configure LDAP settings.

Procedure

Go to Administration → End-User Quarantine.

The EUQ Management tab appears.
Click the User Quarantine Access tab.

The User Quarantine Access screen appears. The displayed screen depends on the authentication method you selected during the enabling process.
Select Enable access.
Select Enable management of distribution list EUQ to allow users to manage the EUQ of distribution lists that they belong to.
Select Allow end user to deliver quarantined mail in EUQ directly to allow end users to deliver quarantined messages directly to the recipient. The message bypasses all rules except virus scanning rules.
Select Control the "auto-add" approved sender behavior when an end user reprocesses a message and select a value from the drop-down list.
Select Enable NTLM to allow end users single sign-on access the EUQ management console using the NTLM authentication protocol.
To enable Kerberos single sign-on:
1. Select Enable Kerberos to allow end users single sign-on access to the EUQ management console using Kerberos authentication protocol.
2. Create a new user account in your domain for the host on which IMSS is installed.
3. On the Active Directory domain controller, use the following command to generate a keytab file for IMSS:
  
  C:\>ktpass.exe -out filename -princ HTTP/instance@REALM -mapuser account -ptype KRB5_NT_PRINCIPAL -pass password
  
  Where:
  
  filename is where the generated keytab file will be stored. For example, C:\test.keytab.
  
  instance is the hostname of the computer where IMSS is installed. For example, imss.test.com.
  
  REALM is the uppercase name of the realm you want to authenticate with, normally the same with the domain name on DNS server. For example, TEST.COM.
  
  account is the account created for IMSS. For example, user@test.com.
  
  password is the password of the account.
4. Click Browse… to locate the generated keytab file.
5. Click Upload to upload the keytab file to IMSS.
  
  If ktpass.exe is not found, you can install support tools using the Windows server installation CD/DVD or download the file from the Microsoft website.
  
  If Kerberos single sign-on is enabled, use the hostname for IMSS when accessing the EUQ management console.
Select the number of days to keep quarantined spam.
Select the maximum number of approved senders for each end-user.
Specify a logon notice that appears on the user's browser when he/she starts to access the quarantined messages.
Under Select LDAP groups, select the check box next to Enable all to allow all LDAP group users to access quarantined spam.
To add individual LDAP groups, clear the Enable all check box and do either of the following:
- Search for groups:
  1. From the drop-down list, select Search LDAP groups.
  2. Specify the group name.
  3. Click Search. The groups appear in the table below.
  4. Click the LDAP groups to add.
  5. Click >>. The groups appear in the Selected Groups table.
- Browse existing groups:
  1. From the drop-down list, select Browse LDAP groups. The groups appear in the table below.
  2. Click the LDAP groups to add.
  3. Click >>. The groups appear in the Selected Groups table.
Click Save.

Keywords: enable,End-User Access