Performing The Policy Distribution Service Installation - Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 Installation Manual
Hide thumbs
Also See for ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5:
- Manual (26 pages) ,
- Administration manual (208 pages)
Table of Contents
Advertisement
Performing the Policy Distribution
5
Service Installation
The server hosting the ZENworks
should always be reachable by your users, whether within the network or out in the DMZ. Ensure
that the required software is installed on the server prior to installation (see
on page
10). After the server is selected, note the server name, both the NETBIOS and Fully
Qualified Domain Name (FQDN).
Deployment of the Policy Distribution Service on a Primary Domain Controller (PDC) is not
supported for both security and functionality reasons.
NOTE: It is recommended that the SSI Server be configured (hardened) so as to deactivate all
applications, services, accounts, and other options not necessary to the intended functionality of the
server. The steps involved in doing so depend upon the specifics of the local environment, and so
cannot be described in advance. Administrators are advised to consult the appropriate section of the
Microsoft Technet security webpage
Additional access control recommendations are provided in the
Management Administration
To protect access to only trusted machines, the virtual directory and IIS can be set up to have ACLs.
Reference the articles below:
Granting and Denying Access to Computers (http://www.microsoft.com/technet/prodtechnol/
windows2000serv/default.mspx)
Restrict Site Access by IP Address or Domain Name (http://support.microsoft.com/
default.aspx?scid=kb%3BEN-US%3BQ324066)
IIS FAQ: 2000 IP address and domain name restrictions (http://www.iisfaq.com/
default.aspx?View=A136&P=109)
Working With IIS Packet Filtering (http://www.15seconds.com/issue/011227.htm)
For security purposes, it is highly recommended that the following default folders be removed from
any IIS installation:
IISHelp
IISAdmin
Scripts
Printers
We also recommend using the IIS Lockdown Tool 2.1 available at
www.microsoft.com/technet/security/tools/locktool.mspx).
Version 2.1 is driven by supplied templates for the major IIS-dependent Microsoft products. Select
the template that most closely matches the role of this server. If in doubt, the Dynamic Web server
template is recommended.
®
Endpoint Security Management Policy Distribution Service
(http://www.microsoft.com/technet/security/default.mspx).
Guide.
Performing the Policy Distribution Service Installation
"System Requirements"
ZENworks Endpoint Security
microsoft.com (http://
5
25
Advertisement
Table of Contents
