Kl 009.10 Systems Management Eng Labs v.2.1 Unlocked

Version 2.1

Kaspersky Lab www.kaspersky.com

L9.1–1

Lab 9.1. Managing Licenses of Applications by Other Manufacturers

Lab 9.1

Managing Licenses of Applications by Other Manufacturers

Lab objective. Configure license control limitations for the Perforce application.

Scenario. You are an Anti-Virus security administrator in ABC company where Kaspersky Security Center 10 is

used for managing client computers. Perforce revision control system is also used in the company. According to

the license agreement, 20 users are allowed to use it for free. You want the Licensed applications group management

functionality of Kaspersky Security Center to control the number of Perforce client installations and send

notifications when their number exceeds 20.

Contents. In this lab we will:

1. Activate the Systems Management functionality

2. Create a group of licensed applications for Perforce

3. Generate a report and configure notifications about license violations

Preparation

Turn on the DC computer.

Security-Center

1. Boot up the computer named Security-Center

2. Log on to the abc\Administrator account,

password—Ka5per5Ky

Task 1

Activate the Systems Management functionality

As a result of a standard installation, Kaspersky Security Center cannot monitor license violation for the programs

installed across the network. To be able to use this capability, a special license is necessary. In this task, we will add

the necessary license and make sure that the corresponding interface settings are changed automatically.

L9.1–2 KASPERSKY LAB™

KL 009.10: Systems Management Kaspersky Endpoint Security and Management

Security-Center

1. Run the Administration Console

2. On the Getting started page, in

the Administration Server area, click View

information about Administration Server key

3. In the Active key area, click the Modify button

4. In the window that opens, click the Add button

L9.1–3


Security-Center

5. On the Select how to add key page, click Load

from key file and specify the location of the new

key file (ask the instructor about it)

6. Click Next

7. On the subsequent page, click Finish

8. Select the added key and click OK

9. Close the Administration Server properties

window



Security-Center

10. In the Administration Server area of

the Getting Started page, click Configure

functionality displayed in user interface

11. Note that the Display system management and

Display mobile devices management option has

been selected automatically

12. Click Cancel

13. Restart the Administration Console

●

Task 2

Create a group of licensed applications

In this task you will create a group of licensed applications for Perforce and specify its license restrictions.

Security-Center

1. Expand the Applications and vulnerabilities

container and open the Licensed applications

group management node

2. Click Add a group of licensed applications

L9.1–5


Security-Center

3. Type Perforce for the group name

4. Click Add

5. Click Select and select Perforce Visual

Components on the list of application



Security-Center

6. Click OK twice

7. Click Next

8. Click Add

9. In the Selecting a key window, click Add

L9.1–7


Security-Center

10. Type Perforce Free 20-User License for the key

name

11. Change the Maximum number value to 20

12. Click OK twice

13. Click Next

14. On the last page of the group creating wizard,

click Finish

●



Task 3

Generate a report and configure notifications

In this task you will create a new report template about the statuses of groups of licensed applications and configure

e-mail notifications about license violations.

Security-Center

1. In the Licensed applications group

management node, click View report on status

of groups of licensed applications

2. Type License Management report for the report

name and click Next

3. On the subsequent page, click Finish

L9.1–9


Security-Center

4. View the report

5. Open the Getting started page and in

the Administration Server area, click

Administration Server properties

6. Switch to the Events section

7. Select the Error event type

8. Open the properties of the The limit of

installations has been exceeded for one of

the groups of licensed applications event

9. Select the Notify by email option and click OK

10. Close the Administration Server properties

window

●



Conclusion

In this lab we studied a new functionality Kaspersky Security Center 10: Licensed applications group management.

It enables the administrator to monitor license limitations and expiration dates for any application. For this purpose,

a special group is to be created, monitored programs are included in it and license criteria specified, such as

quantitative limits and expiration date. This tool helps the administrator to take care of purchasing a new license

early before the current license expires, and also plan purchasing additional licenses.

L9.2–1

Lab 9.2. Installing Windows Updates

Lab 9.2

Installing Windows Updates

Lab objective. Find and install missing Windows updates using the Kaspersky Security Center 10 tools.


used for managing client computers. You plan to use the new capabilities of Kaspersky Security Center 10 to

regularly search for application vulnerabilities and Windows Updates and automatically install the necessary

patches. Also, you want to use the Administration Server as a local Windows update source to save traffic. You need

to configure Kaspersky Security Center 10 to solve these tasks.


1. Create update download and installation tasks using the Quick Start Wizard

2. Synchronize with Windows Update servers

3. Find vulnerabilities and application updates for the client computers

4. Install critical updates on the workstations

Preparation


Security-Center


2. Log on to the abc\Administrator account.

Password—Ka5per5Ky

Desktop

1. Boot up the computer named Desktop

2. Log on to the abc\Alex account. Password—

Ka5per5Ky

Task 1

Create update download and installation tasks

In this task you will run the Quick Start Wizard anew to configure the Vulnerability and Patch Management

functionality. It will create the necessary tasks. Also, you will need to re-configure the Network Agent policy to

make the Administration Server act as a Windows update source.



Security-Center


2. Right-click the Administration Server node

3. Select All tasks->Quick Start Wizard

4. On the welcome page of the wizard, click Next

5. Click Add key later to skip adding the license

6. On the Kaspersky Security Network page, click

Next

7. On the E-mail notification settings page, click

Next

8. On the Update management settings page,

select Find and install application updates and

Use Administration Server as WSUS server

9. Click Next

10. Wait until the tasks are created

L9.2–3


Security-Center

11. On the Proxy server settings page, click Next

12. On the next page, click Next

13. On the final page, click Finish

14. Select the Managed computers node and switch

to the Policies tab

15. Open the properties of the Policy - Kaspersky

Security Center Network Agent



Security-Center

16. Switch to the Software updates and

vulnerabilities section

17. Select the Use Administration Server as WSUS

server check box

18. Click OK and wait for the policy to be enforced

●

Task 2

Synchronize with Windows Update servers

The Quick Start Wizard creates an Administration Server task: Perform Windows Update synchronization. This task

regularly downloads data about all available updates from Windows Update servers, which enables

the Administration Server to act as a WSUS server.

L9.2–5


Security-Center

1. Open the Administration Server tasks container

2. Open the Perform Windows Update

synchronization task properties

3. Switch to the Applications section

4. Clear all checkboxes corresponding to

the Microsoft products except for Windows

products

5. Switch to the Update languages section



Security-Center

6. Select only English (United Kingdom) and

English (United States)

7. Click OK

8. Run the Perform Windows Update

synchronization task and wait for it to complete

●

L9.2–7


Task 3

Find vulnerabilities and application updates

After the synchronization task completes, the client computers will be able to use the Administration Server as

an update server to save the Internet traffic. Vulnerabilities will also be searched against the Kaspersky Lab

vulnerability database downloaded together with anti-virus database updates. In this task you will search for

application vulnerabilities and updates.

1. Expand the Managed computers node

2. Select the Workstations group and switch to

the Tasks tab

3. Run the Find vulnerabilities and application

updates – Windows Workstations task and wait

for it to finish




node

5. Open the Software updates container

6. Click the Accept button to the right of the You

need to accept license agreements for updates message

7. In the License Agreements window, click

Accept all

●

L9.2–9


Task 4

Install critical updates on the workstations

In this task we will configure the standard Install application updates and fix vulnerabilities task to install only

Critical Microsoft updates and only on the workstations.


to the Tasks tab

2. Open the properties of the Install application

updates and fix vulnerabilities task

3. Switch to the Settings section

4. Open the properties of the Microsoft updates:

critical updates, security updates and

definition updates rule



5. Switch to the Updates categories section

6. Clear all options except for Critical updates

7. Click OK

8. Switch to the Exclusions from task scope

section

9. In the Exclude computers by OS type area,

select Server OS

10. Click OK

L9.2–11


11. Run the Install application updates and fix

vulnerabilities task and wait for it to complete

12. Expand the Reports and notifications node

13. Generate the Software update report

14. Look through the report

●



Conclusion

In this lab we studied the rebuilt functionality of Kaspersky Security Center 10—Software updates and

vulnerabilities. Now the Administration Server can act as a Microsoft Update server to optimize update download

and distribution procedure. Also, the new version allows automatically installing program updates on schedule, and

using various rules.

L9.3–1

Lab 9.3. Fixing Program Vulnerabilities

Lab 9.3

Fixing Program Vulnerabilities

Lab objective. Fix vulnerabilities in the Firefox browser.


used for managing client computers. Soon after the deployment, you scanned the software installed on

the computers for vulnerabilities. Among other results, you found out that an old version of the Firefox browser is

used in the network. Your task is to fix vulnerabilities in the Firefox browser on the client computers using

the Systems Management functionality of Kaspersky Security Center 10.


1. Create a vulnerability fix task for a third-party application

2. Run the vulnerability fix task and study the results

Preparation


Security-Center




Desktop


4. Log on to the abc\Alex account, password—

Ka5per5Ky

Task 1

Create a vulnerability fix task for a third-party application

We ran the Find vulnerabilities and application updates task in the previous lab. In this task, you will look through

the list of found vulnerabilities.

Kaspersky Security Center 10 includes a database of third-party applications created by Kaspersky Lab experts.

Kaspersky Security Center can use its data to automatically fix vulnerabilities in known applications.

The administrator should only «approve» an update for a third-party application and create a special rule that will

periodically install the recommended updates.



Security-Center

1. Run Administration Console


node

3. Open the Application vulnerabilities container

4. In the Text field, type *Firefox* and press

ENTER

5. Open the properties of any Firefox vulnerability

6. Switch to the Recommended fixes section

7. Note that a fix is automatically found for

the vulnerability. The fix will upgrade

the browser to the latest version

L9.3–3


Security-Center

8. Open the Software updates container

9. In the Approved field, select Not defined

10. In the Text field, type *firefox* and press

ENTER

11. Open the properties of the Mozilla Firefox

update that has the largest version number

12. Set the Update approved by your

administrator field value to Installation

approved



Security-Center

13. Switch to the Computers section

14. Make sure that the update is applicable to

the Desktop computer

15. Switch to the Fixed vulnerabilities section

16. Make sure that the update fixes all vulnerabilities

found in Mozilla Firefox

L9.3–5


Security-Center

17. Open the Managed computers -> Workstations

node and switch to the Tasks tab

18. Click Create a task

19. Type Install 3rd party application updates for

the task name

20. Click Next



Security-Center

21. Select the Install critical updates and fix

vulnerabilities task type

22. Click Next

23. Click Add and then Rule for third-party

updates

24. Select to Install approved updates only

25. Click OK

L9.3–7


Security-Center

26. Click Next in three windows

27. Click Finish

●



Task 2

Fix the vulnerabilities

In this task we will run the vulnerability fix task, wait for its completion and interpret the results. The task is

supposed to fix vulnerabilities in the Mozilla Firefox browser.

Security-Center

1. Run the created task

2. Wait for it to complete

L9.3–9


Security-Center

3. Open the Application vulnerabilities container

4. Change the filter to Show only fixed

5. Open the properties of any Firefox vulnerability

6. Open the Vulnerability instances section

7. Note that the window is empty



Security-Center

8. Select the Show computers with fixed

vulnerability checkbox

9. Note that the vulnerability was fixed on

the Desktop computer

●

Conclusion

In this lab we learned how to fix vulnerabilities in third-party applications using Kaspersky Security Center tools.

L9.4–1

Lab 9.4. Installing Programs by Other Manufacturers

Lab 9.4

Installing Programs by Other Manufacturers

Lab objective. Install Skype using the Kaspersky Lab database of applications by other manufacturers.


used for managing client computers. You want to quickly install the Skype application on the client computers.

Your task is to create Skype installation package using the database of applications by other manufacturers available

in Kaspersky Security Center 10 and install it on the client computers.


1. Create an installation package for Skype

2. Start the remote installation task and interpret the results

Preparation


Security-Center




Desktop



Ka5per5Ky

Task 1

Create an installation package for Skype

A new method of creating installation packages has appeared in Kaspersky Security Center 10—from

the application database of Kaspersky Lab. Now the administrator does not need to go to the manufacturer’s site to

download an application, nor look for the command-line options to silently install it; all this is done automatically

based on the information available in the database.



Security-Center

1. Run Administration Console

2. Expand the Remote installation node

3. Open the Installation packages container

4. Click Create installation package

5. Click the Create installation package for

specified executable file button

L9.4–3


Security-Center

6. Type Skype for the package name

7. Click Next

8. Click the Select arrow

9. Select Application from Kaspersky Lab

database

10. In the search box, type *skype* and press ENTER

11. Select Skype for Windows 6.x



Security-Center

12. Click OK

13. In the License Agreements window, click

Accept all

14. Click Next twice

15. Wait for the package to load

16. Click Finish

●

L9.4–5


Task 2

Start the remote installation task and interpret

the results

In this task you will remotely install the created installation package, wait for the task completion and interpret its

results.

Security-Center

1. Right-click the Skype installation package

2. Click Install application

3. Click the Select computers for deployment

button



Security-Center

4. Select the Desktop computer and click Next

5. Click Next four times and wait for the task to

complete

6. Open the Managed computers \ Workstations \

Desktops group and switch to the Computers tab

L9.4–7


Security-Center

7. Open the properties of the Desktop computer

8. Switch to the Applications registry section

9. Make sure that a new application has been added

to the list, Skype 6.1

●

Conclusion

In this lab we studied a new capability of Kaspersky Security Center 10: creation of installation packages based on

the information available in Kaspersky Lab application database.



L9.5–1

Lab 9.5. Manually Prohibit Network Access to Device

Lab 9.5

Manually Prohibit Network Access to Device

Lab objective. Learn how to manually block and allow network devices.


used for managing client computers. You want to use the Network Access Control functionality of Kaspersky

Security Center 10. When you activate the network access control system, you see an unknown computer in the list

of network devices and decide to block network access until all the circumstances are clarified.


1. Install the Network Access Control components

2. Enable the Network Access Control subsystem

3. Block a computer manually

Preparation


Security-Center




Partner

1. Boot up the computer named Partner

2. Log on to the Administrator account,


Task 1

Install the Network Access Control components

After a typical installation of Kaspersky Security Center, the Network Access Control subsystem is inactive. To be

able to use this functionality, it is necessary to assign the Enforcer role to at least one computer within each

broadcast domain (subnet). Any computer where the Network Agent and a special driver are installed can act as

an Enforcer. In this task, we will assign the Enforcer role to the computer where the Administration Server is

installed.


KL 009.10: Systems Management Kaspersky Endpoint Security for Windows

Security-Center

1. Click Start, Control Panel, Uninstall

a program

2. Select Kaspersky Security Center

Administration Server and click

Uninstall/Change

3. Click Next

4. Click Modify

L9.5–3


Security-Center

5. Select the Network Access Control check box

6. Click Next

7. Click Modify

8. Wait for the installation to complete

9. Click Finish

●



Task 2

Enable the Network Access Control subsystem

After the driver is installed, the Network access management subsystem is ready, but still inactive. The activation

has two steps:

Enable Enforcer—must be done for each computer assigned the Enforcer role

Enable the Network Access Control—can be done either centrally via the agent policy, or individually for

each Enforcer

Security-Center

Partner

1. Open the Servers subgroup and switch to

the Computers tab

2. Open the properties of the Security-Center

computer


L9.5–5


Security-Center

Partner

4. Open the properties of the Kaspersky Security

Center Network Agent application

5. Switch to the Managing network access (NAC),

Settings section

6. Change the NAC agent operation mode to Main

7. Click OK twice to close the properties of

the Security-Center computer


to the Policies tab

9. Open the properties of the Policy - Kaspersky




Security-Center

Partner

10. Switch to the Managing network access (NAC) |

Settings section

11. Change the NAC operation mode to Standard

12. Close the lock to make these settings required

13. Click OK

14. Wait for the policy to be enforced

●

L9.5–7


Task 3

Block a computer manually

The administrator has found an unfamiliar computer in the Administration Console and wants to prohibit any

network activity for this device until all the circumstances are clarified.

Security-Center

Partner

1. Expand the Unassigned computers node

2. Open the Network devices container

3. Right-click the Partner computer

4. Click Block device



Security-Center

Partner

5. On the Partner computer, start Internet

Explorer

6. Go to www.google.com

7. Make sure that the page is inaccessible

8. Right-click the Partner computer

L9.5–9


Security-Center

Partner

9. Click the Block device menu item again to

uncheck it

10. On the Partner computer, restart Internet

Explorer

11. Try to open www.google.com once again

12. Make sure that network activity is not blocked

this time

●

http://www.google.com/



Conclusion

In this lab we studied the procedure of activating the Network Access Control subsystem. Any computer within

a broadcast domain (subnet) can act as an Enforcer—for this purpose, it is necessary to install the Network Agent

and a special driver on it. Driver installation can be enabled in the properties of the Network Agent installation

package.

Also, we tested the simplest example of the subsystem operation in this lab. The administrator can block network

access for any device with a single click on the list of detected network devices.

L9.6–1

Lab 9.6. Redirecting Computers to Authorization Page

Lab 9.6

Redirecting Computers to Authorization Page

Lab objective. Provide a guest computer with network access.

Scenario. You are an Anti-Virus security administrator in ABC company. The company’s business is organized so

that visitors often bring their notebooks in the office. You do not want them to uncontrolledly connect to

the corporate network, and plan to use the NAC functionality of Kaspersky Security Center 10 to block network

access for non-corporate computers. Meanwhile, the purpose of a visit may necessitate network access. To make

the visitors feel at ease, you plan to redirect guest computers to the authorization portal instead of complete blocking

so that they are able to access the network using a password. The guest username and password will be

communicated to the managers, who will give them to the visitors as necessary.


1. Add the gateway or domain controller to the white list

2. Create a rule for redirecting http requests to the authorization page

3. Test the rule

Preparation

Turn on DC computer.

Security-Center




Partner

3. Boot up the computer named Partner

4. Log on to the Administrator account,


Task 1

Add the gateway or domain controller to the white list

In this task, to avoid accidental blocking of the gateway or domain controller, add both servers to the white list.



Security-Center

1. Start the Administration Console

2. Open the Managed computers node and switch

to the Policies tab

3. Open the properties of Policy - Kaspersky



Network elements section

5. Click Add

L9.6–3


Security-Center

6. Type Gateway for the element name

7. Click Add

8. Type IP address 10.28.0.2

9. Click OK twice

10. Click Add



Security-Center

11. Type DC for the element name

12. Click Add

13. Type IP address 10.28.0.10

14. Click OK twice

15. Switch to the White list section

16. Click Add

L9.6–5


Security-Center

17. Select the Gateway element

18. Click OK

19. Similarly, add the DC element

20. Click OK

●



Task 2

Create a rule for redirecting http requests to

the authorization page

In this task you will create a rule that will redirect all http requests from the client computers that are not managed

by Kaspersky Security Center to the authorization page. First of all, you will create a category of network devices to

which the rule will be applied. It will include guest computers (computers not managed by the Administration

Server in terms of Kaspersky Security Center NAC). Additionally, you will need to set the username and password

to be specified by guests on the authorization portal.

Security-Center

1. Re-open the properties of Policy - Kaspersky


2. Switch to the Managing network access (NAC)

| Network elements section

3. Click Add

4. Type Unmanaged Computers for the element

name

L9.6–7


Security-Center

5. Click the Add drop-down arrow

6. Select By computer status

7. Clear the Computer is managed with

Kaspersky Security Center checkbox

8. Click OK

9. Switch to Authorization page | Accounts

10. Click Add



Security-Center

11. Type Guest for the account name

12. Type Qwerty!@ for the password

13. Confirm the Qwerty!@ password

14. Click OK

15. Switch to Access rules | Access restrictions

16. Click Add

17. Type Authorization page for the rule name

18. Click Add

19. Add the Unmanaged Computers element

L9.6–9


Security-Center

20. In the Restrict network access area, select

Redirect to authorization portal

21. Click OK

22. Click OK


●



Task 3

Test the rule

After the rule is created and applied, any network activity will be prohibited until the user is authorized. In this task,

we will make sure of that.

Security-Center

Partner

1. On the Partner computer, start Internet

Explorer


3. Make sure that the authorization page opens

instead of the Google search page

L9.6–11


Security-Center

Partner

4. Type Guest for the login

5. Type Qwerty!@ for the password

6. Click Submit

7. Make sure that the initially requested page opens

after the successful authorization

●



Conclusion

In this lab we studied a simple authorization portal scenario based on Kaspersky Security Center NAC. If necessary,

the administrator can replace the standard authorization page with a custom one to extend its functionality.

L9.7–1

Lab 9.7. Limiting Access Based on Computer Status

Lab 9.7

Limiting Access Based on Computer Status

Lab objective. Configure limited network access for computers whose status is not OK.


used for managing client computers. You want to use the network access control functionality to restrict access to

external networks for computers whose status is not OK. At the same time, the local network resources must be

accessible even for computers having the Critical status.


1. Create a rule allowing computers whose status is not OK to access only the local network resources

2. Test the rule

Preparation


Security-Center




Desktop



Ka5per5Ky



Task 1

Create a rule allowing access only to the local network

resources

In this task you will create a rule allowing computers whose status is not OK to access only the local network

resources. Access to the Internet will be blocked until the computer status changes to OK.

Security-Center


2. Select the Managed сomputers node and switch

to the Policies tab

3. Open the properties of Policy - Kaspersky


L9.7–3


Security-Center


Network elements section

5. Click Add

6. Type Bad Status for the element name

7. Click the Add drop-down arrow

8. Select By computer status



Security-Center

9. Select the Computer status is “Warning” and

Computer status is “Critical” check boxes

10. Click OK twice

11. Switch to the Network services addresses

section

12. Click Add

13. Type Internal addresses for the element name

14. Click Add

L9.7–5


Security-Center

15. Select Specify IP subnet using the address and

the subnet mask

16. In the Subnet address field, type 10.28.0.0

17. In the Subnet mask field, type 255.255.255.0

18. Click OK

19. Click OK

20. Switch to the Access rules, Access restrictions

section

21. Click Add

22. Type Bad Status for the rule name

23. Click Add



Security-Center

24. Add the Bad Status network element

25. In the Restrict network access area, select Allow

specified addresses only

26. Click Select

27. Add the Internal addresses network resource

28. Click OK

29. Click OK


●

L9.7–7


Task 2

Test the rule

After the rule for computers whose status is not OK is created and applied, they will be allowed to access only

the local network addresses. When the status will change to OK, any network activity will be allowed. In this task

we will make sure of that.

Security-Center

Desktop

1. Open the Desktops subgroup and switch to

the Computers tab

2. Make sure that the Desktop computer status is

OK (green)

3. Open computer properties and switch to

the Applications section



Security-Center

Desktop

4. Select Kaspersky Endpoint Security 10 for

Windows and click the Stop button

5. Wait for the application to become Inactive

6. Click OK

7. Click Refresh in the Administration Console

8. Make sure that the Desktop computer status has

changed to Critical (red)

L9.7–9


Security-Center

Desktop

9. On the Desktop computer, run Internet

Explorer


11. Make sure that the page is inaccessible

12. On the Start menu, click Run

13. Type \\dc

14. Press ENTER

15. Make sure that the local network is accessible



Security-Center

Desktop

16. In the Administration Console, switch to

the Computers tab within the Desktops

subgroup

17. Open computer properties and switch to

the Applications section

18. Select Kaspersky Endpoint Security 10 for

Windows and click the Run button

L9.7–11


Security-Center

Desktop

19. Wait for the application to become Running

20. Click OK

21. Click Refresh in the Administration Console

22. Make sure that the Desktop computer status is

OK (green) again



Security-Center

Desktop

23. On the Desktop computer, restart Internet

Explorer

24. Once again, try to go to www.google.com

25. Make sure that this time the page is successfully

displayed

26. Open the Servers subgroup and switch to

the Computers tab

27. Open the properties of the Security-Center

computer

http://www.google.com/

L9.7–13


Security-Center

Desktop


29. Open the properties of the Kaspersky Security

Center Network Agent application


Settings section

31. Change the NAC agent operation mode to

Disabled

32. Click OK twice to close the properties of

the Security-Center computer

●

Conclusion

In this lab we studied the capability to grant access only to some addresses and block the other network activity. For

example, a computer that mismatches some criteria can be prohibited from accessing external networks. In this lab,

the rule allows the managed computers whose status is not OK to access only the local network addresses and

blocks any other activities.



L9.8–1

Lab 9.8. Capturing Operating System Image

Lab 9.8

Capturing Operating System Image

Lab objective. Create an operating system image to be deployed to the client computers using Kaspersky Security

Center 10.


used for managing client computers. Microsoft Windows 7 operating system is installed on the client computers in

the company. The decision was made to deploy a new operating system, Microsoft Windows 8. You are going to use

the OS image capture and distribution functionality of Kaspersky Security Center 10. First of all, you need to

activate this functionality and create an image of a computer where Windows 8 operating system and the necessary

programs (including Network Agent) are installed already.


1. Install Windows Automated Installation Kit

2. Capture the computer image with Microsoft Windows 8 operating system and the necessary programs,

including Network Agent

Preparation


Security-Center




Task 1

Prepare Kaspersky Security Center to image capturing

After the standard installation, Kaspersky Security Center cannot capture operating system images for two reasons.

First, for the Administration Server to be able to capture images, Windows Automated Installation Kit (WAIK) must

be installed on the server. It is a free set of tools that automate Windows installation, which can be downloaded from

the Microsoft web site.

Second, the OS image capture and distribution functionality is not included in the standard distribution of Kaspersky

Security Center. These features can be enabled only with a special license, which we installed in lab 9.1.

We will install WAIK in this task.



Security-Center

1. Make sure that you are working with

the Administration Server virtual machine

2. On the VMware console menu, click VM,

Removable Devices, CD\DVD, Settings

3. In the Connection area, select Use ISO image

file

4. Click the Browse button to select

the KB3AIK_EN.ISO file (ask the instructor

where this file is located)

5. Click OK

6. In the AutoPlay window that opens, select Run

StartCD.exe

L9.8–3


Security-Center

7. On the welcome page of the Windows Automated

Installation Kit wizard, click Windows AIK

Setup

8. On the welcome page of the WAIK installation

wizard, click Next

9. On the License Terms page, select I Agree and

click Next



Security-Center

10. On the Select Installation Folder page, click

Next

11. On the Confirm Installation page, click Next

12. Wait for the installation to finish

13. On the Installation Complete page, click Close

●

L9.8–5


Task 2

Capture the operating system image

Generally, to be able to capture an operating system image, it is sufficient to know credentials of an administrative

account for this computer. However, usually, images help the administrators to save time and effort on installing not

only the operating system, but also standard applications. That is why all programs that must be installed on

the computers to be given to the users should also be installed on the computer from which the image is taken.

These applications may include Microsoft Office or some special software packages. Also, since Kaspersky Security

Center is used in the organization, Network Agent must be installed on this computer. Then, after the image is

deployed on a computer, it will immediately connect to the Administration Server.

Therefore, we will use a computer with pre-installed Network Agent in this task. Preparatory actions are not

necessary before capturing the image. After the image is deployed to a new computer, Network Agent will

automatically detect that the equipment has changed and will generate a new identifier for the Administration

Server. This identifier will tell the Administration Server that it is a new computer.

Security-Center

Reference

1. Boot up the computer named Reference


3. Open the Remote installation container,

Installation packages node

4. Click Create installation package



Security-Center

Reference

5. On the Select installation package type page,

click Create installation package based on OS

image of reference computer

6. On the subsequent page, click Next

7. Type Capture Windows 8 Image for the task

name and click Next

8. On the Settings page, in the Installation

package name field, type Windows 8

Enterprise English for the package name

9. Click the Browse button next to the Computer of

which the OS image will be taken field and

select the Reference computer in the Managed

computers\Reference group

10. Clear the Create backup copy of the computer

state check box

11. Click the Browse button next to the Shared

folder for storing images field and select

the shared folder where the image will be saved:

\\Security-Center\Pub

L9.8–7


Security-Center

Reference

12. Specify the account that has the Write permission

on the selected shared folder: username

ABC\Administrator, password Ka5per5Ky, and

click Next

13. On the Selecting account to start the task page,

click Next

14. On the following page, click Next



Security-Center

Reference

15. Click Finish

16. On the Reference computer, log on to

the ABC\dummy account, password Ka5per5Ky

17. Double-click the Desktop widget in the lower-left

corner of the window

18. Wait for the restart message

L9.8–9


Security-Center

Reference

19. Click Restart

20. Wait for the computer to start to a Command

Prompt and run the image capturing script

21. Wait for the Capturing of image was started

status of the Capture Windows 8 Image task

22. Click View results and look through the current

task execution results



Security-Center

Reference

23. The task will complete in 1 or 2 hours

●

Conclusion

In this lab we captured an operating system image to be deployed across the network. The Network Agent is not

actually required to be installed on the computer; the only requirement is knowing an administrator’s credentials.

However, since the computer should have all the necessary programs installed, we may say that Network Agent is

also a pre-requisite.

The administrator need not prepare the computer for image capturing anyhow. All actions are performed

automatically.

If software is regularly updated on the standard computer and the image should also be updated, the image capture

task can be scheduled to automatically start weekly or monthly.

L9.9–1

Lab 9.9. Deploying Operating System

Lab 9.9

Deploying Operating System

Lab objective. Deploy an operating system from the created image using Kaspersky Security Center 10.

Scenario. You are an Anti-Virus security administrator in ABC company, where Kaspersky Security Center 10 is

used for managing client computers. The company migrates to Windows 8 and your task is to deploy the new

operating system both on old and new computers. You already created an image of Windows 8 with installed

programs, and now you need to deploy the image to the computers using Kaspersky Security Center 10.


1. Install the Windows 8 image to the managed computers

2. Install the Windows 8 image to bare metal computers—computers without an operating system

Preparation

Turn on DC computer.

Security-Center




Desktop


4. Log on to the abc\Alex account, password—

Ka5per5Ky

Task 1

Deploy the image to the managed computers

In this task you will deploy the Microsoft Windows 8 image to the managed computers. The image contains

an installed Network Agent with configured Administration Server connection settings, and the computer will be

manageable right after the installation.



Security-Center

Desktop

1. Run Kaspersky Security Center Administration

Console

2. Expand the Remote installation container and

open the Installation packages node

3. On the shortcut menu of the Windows 8

Enterprise English installation package, select

Install application

4. On the Selecting computers for installation

page, click Select computers for deployment

L9.9–3


Security-Center

Desktop

5. Select the Desktop computer in

the Workstations\Desktops group and click

Next


7. On the page where the action in case of restart is

to be selected, leave the default choice and click

Next



Security-Center

Desktop

8. On the Selecting account to access

the computer page, click Next


10. On the Starting installation page, also click

Next

L9.9–5


Security-Center

Desktop

11. Make sure that the task is running

12. On the Desktop computer, wait for the restart

message

13. Click Restart

14. Wait for automatic start of the script that installs

the system from an image



Security-Center

Desktop

15. After this process finishes, Windows 8 operating

system will boot (this may take more than

5 minutes). Wait for the license agreement to

appear

16. Select the I accept the license terms for using

Windows checkbox and click Accept

L9.9–7


Security-Center

Desktop

17. Type Desktop for the computer name

18. Click Next



Security-Center

Desktop

19. Click Use express settings

L9.9–9


Security-Center

Desktop

20. Click Sign in with a Microsoft account at

the bottom



Security-Center

Desktop

21. Click Local account

L9.9–11


Security-Center

Desktop

22. On the account setup page, type:

User name: Alex

Password: Ka5per5Ky

Reenter password: Ka5per5Ky

Password hint: Eugene

(or whatever you prefer, as Eugene is blatantly

a non-secure hint)

23. Click Finish



Security-Center

Desktop

24. On the Security-Center computer, make sure

that the task is completed

25. Open the Workstations\Desktops group and

switch to the Computers tab

26. Note that the Desktop computer is disconnected

from the network

L9.9–13


Security-Center

Desktop

27. Open the properties of the Desktop computer

28. Note the warning that there are other computers

having the same name in the network

29. Click View in the warning area

30. Right-click the computer in the table and select

All tasks, Move to group on the shortcut menu

31. In the Select group window, select the Desktops

group and click OK

32. Click the Close button to close the table

33. Close the Properties: Desktop window



Security-Center

Desktop

34. On the Computers page, click Refresh

35. Make sure that there are two computers named

Desktop in the group now—one disconnected

from the server running Windows 7 operating

system, and another one connected to the server

running Windows 8 operating system

36. Delete the Desktop computer with Windows 7

operating system

●

L9.9–15


Task 2

Deploy the image to a new machine without an operating

system

In this task you will install the Microsoft Windows 8 operating system from the created image to bare metal using

Kaspersky Security Center. The main condition of a bare metal installation is the availability of a PXE server that

starts client computers at a command prompt over the network, and a DHCP server that informs the computer about

the network parameters, which is a must for loading the image from the Administration Server.

Security-Center

Bare_Metal

1. Boot up the computer named Bare_Metal

2. Make sure that an operating system is not

installed there

3. Write down or remember the MAC address of

the computer, which is written on its screen

(CLIENT MAC ADDR)



Security-Center

Bare_Metal

4. On the Administration Server, expand

the Remote installation container and open

the Deploying computer images node

5. Click Manage the list of PXE servers in

the network

L9.9–17


Security-Center

Bare_Metal

6. Click Add and select the Security-Center

computer from the Servers group

7. Click OK

8. In the PXE server properties window, click OK

too

9. Make sure that Security-Center has appeared in

the list of PXE servers and click OK

10. Click Add MAC address of target computer

11. Type the MAC address of the Bare_Metal

computer (the address elements should be

separated by colons or hyphens)

12. Click OK



Security-Center

Bare_Metal

13. Right-click the added computer and select Assign

OS image installation package on its shortcut

menu

14. Select the Windows 8 Enterprise English

installation package and click OK

L9.9–19


Security-Center

Bare_Metal

15. Restart the Bare_Metal computer

16. Wait for the computer to boot at a command

prompt over the network and for the image

deployment script to start

17. When Windows 8 starts, repeat steps 15-23 of

Task 1, name the computer Desktop2 and specify

the John username with Ka5per5Ky password

18. Right-click the Administration Server node and

select Search on its shortcut menu

19. In the Search window, type Desktop2 in

the Computer Name field and click Find now

20. On the shortcut menu of the found computer,

select All tasks, Move to group



Security-Center

Bare_Metal

21. In the Select group window, specify

the Workstations, Desktops group

22. Click OK and close the Search window

23. Open the Desktops group

24. Make sure that both computers Desktop and

Desktop2, which are installed from the same

image, are simultaneously connected to

the Administration Server

●

Conclusion

In this lab we remotely installed operating system from a previously created image. This mechanism can be used

both for upgrading the operating system on managed computers and for deploying software to new computers.

The key elements for image deployment are a DHCP server, which sends network parameters to the computers

started at a command prompt, and a PXE server, which allows starting the computers without an operating system

over the network.

V 2.1

Kl 009.10 Systems Management Eng Labs v.2.1 Unlocked

Documents

management securitycenter

manufacturers securitycenter

kaspersky lab

administration server

key page

display system management

manufacturers lab objective

necessary license