St. Bernard Software v7.01 manual Agentless Query Requirements

Page 15

St. Bernard Software, Inc. ­ Protecting Your Network Investment

Agentless Query Requirements

These requirements are the result of default installations for NT4/W2K/XP. You would have to disable these services and shares, and restrict access, to fall short of the requirements. In order to install OS updates remotely you must have the access rights to remotely access and modify the registry and system files on the target systems.

Administrator Account (Domain or Local) with administrator rights on target machines

Required Services, in addition to the baseline RPC Service (Console and Target machines):

Remote Registry

Server

Netlogon

File and Print Sharing (NIC configuration)

Share Access:

Admin$ ­ enabled and accessible by UE account

IPC$ share ­ enabled and accessible by UE account

Admin shares for other drives whose installed components may be queried.

Remote Registry Access – "Full Control" permission to target machine registry.

The account used for access must have Full Control remote access to the registry of the target system. You must be able to open the remote registry of the target system in REGEDT32 on the UpdateEXPERT Console Machine. This procedure will confirm remote registry access and access to IPC$:

1)Launch REGEDT32 on the UpdateEXPERT Console Machine. Choose "Registry­Select Computer" and enter the name of the target system. In this remote registry, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

2)With the above key highlighted, choose "Security­Permissions" from the top menu. You must be a member of the group that has Full­Control access to this key and its subkeys to successfully Query a system.

Windows XP/2003 Remote Login Access policy must be set to “Classic” mode: Go to Start >

Programs > Administrative Tools > Local Security Settings > Local Policies > Security Options and click the "Network access – Sharing and Security Model for Local Accounts" item. Change the policy to the "Classic" selection. This allows a remote login to remain themselves instead of being mapped to the guest account.

Windows XP/SP2 tightens security. Please see this XP/SP2 article which tells you how to configure the firewall to allow queries (of course, you can turn off the firewall on the client side if you wish, temporarily or permanently).

For more detail on the issues above, click here.

June 19th, 2006

UpdateEXPERT Premium v7.01 Evaluation Guide

13

Image 15
Contents UpdateEXPERT Premium V7.01 Evaluation Guide St. Bernard Software Europe, Asia, Africa Table of Contents June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Purpose UpdateEXPERT Premium OverviewInstall UpdateEXPERT Premium June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Click Install June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Launch UpdateEXPERT ... click Finish June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Identify the Web Proxy if applicable Http//ueupdates.stbernard.comEnumerate Discover Machines Download the Latest UpdateEXPERT DatabaseQuery your UpdateEXPERT Machine Agentless Query Requirements Download Patches Install Patches Named Policies Install Required command Conformance Reporting Other Reports Installing Master or Leaf­Agents Remote Local Command­Line Active Directory Agent Settings Leaf­Agent ConfigurationValidation Scheduling Queries Logging What’s Next?Validating Patches Logging Scheduling QueriesSecurityEXPERT Overview Configure SecurityEXPERT Web Proxy Download SecurityEXPERT Templates Creating a SecurityEXPERT Policy June 19th UpdateEXPERT Premium v7.01 Evaluation Guide June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Assigning the SecurityEXPERT Policy Testing SecurityEXPERT ComplianceJune 19th UpdateEXPERT Premium v7.01 Evaluation Guide Enforcing the SecurityEXPERT Policy Modifying the SecurityEXPERT PolicyJune 19th UpdateEXPERT Premium v7.01 Evaluation Guide Using Profiles with SecurityEXPERT June 19th UpdateEXPERT Premium v7.01 Evaluation Guide Thank You GlossaryServer Master­Agent and Agent­ Installer Appendix a Custom Install OptionsAppendix a Custom Install Options …