Home » Help »

Configuring Active Directory

A windows network is typically based on Windows Active Directory or Workgroup.

Adding Domains

Domain can be added in Browser Security Plus in two ways:

  1. From the auto-discovered list available in the SoM --> Add Computers page by clicking the Edit link corresponding to the domain.
  2. By Manually adding the domain - If for some reason, one or more domains are not discovered, you can use the Add Domain link available in the same page to add domains manually.

Both the above options will open the Add Domain dialog for accepting the following information:

Parameter Description Type
Domain Name Name of the domain. This is usually the netbios or the pre-2000 name of the domain Mandatory
Network Type Select "Active Directory" option Mandatory
Domain User Name This should be the domain user name that has administrative privileges in all the computers of that domain. It is recommended to have a dedicated domain admin user account for Browser Security Plus whose password policy is set to "Never Expire" Mandatory
Password Password of the domain admin user Mandatory
AD Domain Name The DNS name of the Active Directory Domain Mandatory
Domain Controller Name The name of the domain controller. If you have multiple domain controllers, provide the name of the domain controller that is nearest to the computer where Browser Security Plus Server is installed Mandatory

Adding Workgroups

Similar to domains, Workgroups can be added in Browser Security Plus in two ways:

  1. From the auto-discovered list available in the SoM Add Computers page by clicking the Edit link corresponding to the workgroup.
  2. By Manually adding the workgroup- If for some reason, one or more workgroups are not discovered, you can use the Add Domain link available in the same page to add workgroups manually.

Both the above options will open the Add Domain dialog for accepting the following information:

Parameter Description Type
Domain Name The name of the workgroup Mandatory
Network Type Select "Workgroup" option Mandatory
Admin User Name A common user name which has administrative privileges in all the computers within that workgroup. It is recommended to have a dedicated user account for Browser Security Plus whose password policy is set to "Never Expire" Mandatory
Password The password of the common admin user Mandatory
DNS Suffix This is required to uniquely identify a computer within a workgroup. For example, if you have a computer with the same name in two different workgroups, the DNS suffix is used to identify it uniquely Optional

Computers in Novel eDirectory based network are managed as Workgroups in Browser Security Plus.

 

Changing the Domain or Workgroup Credentials

Browser Security Plus establishes a remote connection to the managed computers to perform the various Desktop Management activities like agent installation / upgradation and patch/inventory scanning, which requires an admin credential. The credential provided when adding a domain/workgroup is used for this purpose. When the username/password provided while adding the domain/workgroup has changed later due to password expiry or other reasons, you need to update the correct credentials from the Admin tab --> SoM page to avoid getting "Access Denied" errors while performing any remote operations.

To update the credentials, click the Edit Credentials button available in the SoM page. Select the Domain/Workgroup from the select box, update the username/password and click Update Domain Details.

SoM Policy - How to add/remove computers from Browser Security Plus

You can automate the process of adding and removing computers that are managed by Browser Security Plus by configuring the SoM policy. This helps you to Synchronize computers from Active Directory. So you will find the computers that are newly added in the Active Directory, but are not managed in Browser Security Plus and the computers that have been deleted from the Active Directory. This helps you to quickly add or remove computers from being managed using Browser Security Plus.

The synchronization will happen at a specified time everyday and can be configured to notify you whenever a change is detected. You can also initiate the sync option as and when required with sync only modified data and sync all option. Sync only modified data will list only the changes that has happened after the previous sync. So the computers which are added or removed after the previous sync will be listed here. Sync all option can be used to get the complete list of all the computers that has been added or removed in the active directory.

To enable synchronization follow the steps below:

  1. Select SoM --> SoM Policy tab.
  2. Enable the checkbox to Detect and Add New Computers.
  3. Specify the action that needs to be performed when a new computer is added to the Active Directory; Whether to notify me and install an agent automatically or just notify me.
  4. Enable the checkbox to Delete Inactive Computers.
  5. Specify the action that needs to be performed when a new computer is removed from the Active Directory or it has been inactive for a long time; Whether to remove the computer from the SoM automatically and notify me or to just notify me.
  6. Specify the number of days allowed for the computers to be inactive and the action to be performed.
  7. Specify the notification mail message that needs to be displayed while a computer is inactive for a long time.
  8. Specify the time at which the sync should happen. The time should be specified in 24 hour format and the sync will happen at the same time everyday.
  9. Click Choose Domains/OUs to select the domains and OUs that you would like to sync. This will only list the domains and OUs for which the credentials have been specified.

    Note: If you do not see all the domains, you should check and specify the credentials first from SoM --> Computers --> Edit Credential. If you wish to be notified on any change, select "Enable Email Notification" and specify the "To Address", subject and message.

  10. Click Save

You can choose to exclude computers for management purpose, within Browser Security Plus. Excluding here, refers to removing the computers, which need not be managed by Browser Security Plus. You can select them, click on "Exclude Computers", button by navigating here : Browser Security Plus web console -> SoM ->, SoM Policy -> Exclude Computers. You can view all the excluded computers, and choose to install agents anytime in the future.