Performing A Single-Server Installation - Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 Installation Manual
Hide thumbs
Also See for ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5:
- Manual (26 pages) ,
- Administration manual (208 pages)
Table of Contents
Advertisement
Performing a Single-Server
3
Installation
®
ZENworks
Endpoint Security Management Single-Server Installation (SSI) allows both the Policy
Distribution Service and the Management Service to co-exist on the same server, which is not
possible without using this installation option. The server must be deployed inside the firewall for
security purposes, requiring users to receive policy updates only when they are inside the corporate
infrastructure or connected via a VPN.
Deployment of the Single-Server Installation on a Primary Domain Controller (PDC) is not
supported for both security and functionality reasons.
NOTE: It is recommended that the SSI Server be configured (hardened) so as to deactivate all
applications, services, accounts, and other options not necessary to the intended functionality of the
server. The steps involved in doing so depend upon the specifics of the local environment, and so
cannot be described in advance. Administrators are advised to consult the appropriate section of the
Microsoft Technet security webpage
Additional access control recommendations are provided in the
Management Administration
To protect access to only trusted machines, the virtual directory and IIS can be set up to have ACLs.
Reference the articles below:
Granting and Denying Access to Computers (http://www.microsoft.com/technet/prodtechnol/
windows2000serv/default.mspx)
Restrict Site Access by IP Address or Domain Name (http://support.microsoft.com/
default.aspx?scid=kb%3BEN-US%3BQ324066)
IIS FAQ: 2000 IP address and domain name restrictions (http://www.iisfaq.com/
default.aspx?View=A136&P=109)
Working With IIS Packet Filtering (http://www.15seconds.com/issue/011227.htm)
For security purposes, it is highly recommended that the following default folders be removed from
any IIS installation:
IISHelp
IISAdmin
Scripts
Printers
We also recommend using the IIS Lockdown Tool 2.1 available at
www.microsoft.com/technet/security/tools/locktool.mspx).
Version 2.1 is driven by supplied templates for the major IIS-dependent Microsoft products. Select
the template that most closely matches the role of this server. If in doubt, the Dynamic Web server
template is recommended.
(http://www.microsoft.com/technet/security/default.mspx).
Guide.
ZENworks Endpoint Security
microsoft.com (http://
Performing a Single-Server Installation
3
19
Advertisement
Table of Contents
