Most computer networks are based on either Windows Active Directory or Workgroups. System administrators can configure the actions to be performed by Vulnerability Manager Plus when a computer is added or removed from the Active Directory. This is possible by configuring the SoM Policy. From there on, onboarding these computers onto Vulnerability Manager Plus is just a click away!
This document aids in providing all that you need to know to configure Scope of Management in Vulnerability Manager Plus.
To view the discovered domains/ workgroups or to initiate the discovery, select Agent tab -> Scope of Management -> Domain. This will list all the domains belonging in Vulnerability Manager Plus. Click on Discover Domains button.
AD Domains are usually automatically detected but for some reason if you have to add a domain manually:
Parameter | Description | Type |
---|---|---|
Domain Name |
Name of the domain. This is usually the NetBios or the pre-2000 name of the domain |
Mandatory |
Network Type |
Select "Active Directory" option |
Mandatory |
Domain User Name |
This should be the domain user name that has administrative privileges in all the computers of that domain. It is recommended to have a dedicated domain admin user account whose password policy is set to "Never Expire" |
Mandatory |
Password |
Password of the domain admin user |
Mandatory |
AD Domain Name |
The DNS name of the Active Directory Domain |
Mandatory |
Domain Controller Name |
The name of the domain controller. If you have multiple domain controllers, provide the name of the domain controller that is nearest to the computer where Vulnerability Manager Plus Server is installed |
Mandatory |
Enable the checkbox to use LDAP SSL |
By enabling this checkbox, the communication between Vulnerability Manager Plus server and Active Directory will be secured. The default port used is 636. |
Optional |
Follow these steps to add a workgroup:
Parameter | Description | Type |
---|---|---|
Domain Name |
The name of the workgroup |
Mandatory |
Network Type |
Select "Workgroup" option |
Mandatory |
Admin User Name |
A common user name which has administrative privileges in all the computers within that workgroup. It is recommended to have a dedicated user account for Desktop whose password policy is set to "Never Expire" |
Mandatory |
Password |
The password of the common admin user |
Mandatory |
DNS Suffix |
This is required to uniquely identify a computer within a workgroup. For example, if you have a computer with the same name in two different workgroups, the DNS suffix is used to identify it uniquely |
Optional |
Computers in Novell eDirectory based network are managed as Workgroups in Vulnerability Manager Plus.
Vulnerability Manager Plus requires user credentials to perform tasks such as AD sync and remote agent installation. The credential provided when adding a domain/workgroup is used for this purpose. When the username/password provided while adding the domain/workgroup has changed later due to password expiry or other reasons, you need to update the correct credentials from Agent -> Scope of Management -> Domain -> to avoid getting "Access Denied" errors while performing any remote operations.
To update the credentials, choose to Modify against the corresponding domain/workgroup under Actions column. Edit the credentials and click Update Domain Details.
IT administrators can automate the provisioning and de-provisioning of computers on Vulnerability Manager Plus by configuring SoM policy. You will find all the computers that exist in the Active Directory domain but are not managed in Vulnerability Manager Plus. This helps you to quickly add or remove computers for management.
The active directory synchronization will happen at a specified time every day. It can be configured to notify you whenever a change is detected. You may also initiate the sync option as and when required with sync-only modified data and sync all option:
To enable synchronization follow the steps below:
To Detect and Add New Computers
Delete Inactive Computers
Schedule Sync
Select Target
You can choose to exclude computers for management purpose. Excluding here, refers to removing the computers, which need not be managed by Vulnerability Manager Plus. However, those computers will not be removed from your domain. You can select them, click on "Exclude Computers" button by navigating here : Web console -> SoM ->, SoM Policy -> Exclude Computers. You can view all the excluded computers, and choose to install agents anytime in the future.
Note: This feature is available only when SoM -> SoM Policy ->AD Sync Settings -> Detect and Add New Computers > Notify me option is enabled.
You can troubleshoot agent installation for computers in which agent installation has failed. This can be done by: