A windows network is typically based on Windows Active Directory, Workgroup, or Novell eDirectory. When you install Patch Manager Plus in your network, it automatically discovers all the domains and workgroups available in your network. Novell eDirectory based network are discovered and managed as workgroups in Patch Manager Plus.
To view the discovered domains/ workgroups or to initiate the discovery, select Admin tab --> Scope of Management (SoM) --> Add Computers. This will discover all the available domains and workgroups and list them under Discovered Networks.
Domain can be added in two ways:
Both the above options will open the Add Domain dialog for accepting the following information:
Parameter | Description |
Type |
---|---|---|
Domain Name |
Name of the domain. This is usually the netbios or the pre-2000 name of the domain |
Mandatory |
Network Type |
Select "Active Directory" option |
Mandatory |
Domain User Name |
This should be the domain user name that has administrative privileges in all the computers of that domain. It is recommended to have a dedicated domain admin user account whose password policy is set to "Never Expire" |
Mandatory |
Password |
Password of the domain admin user |
Mandatory |
AD Domain Name |
The DNS name of the Active Directory Domain |
Mandatory |
Domain Controller Name |
The name of the domain controller. If you have multiple domain controllers, provide the name of the domain controller that is nearest to the computer where the Patch Manager Plus server is installed |
Mandatory |
LDAP SSL |
Enabling this option, ensures secure communication between Patch Manager Plus server and Active Directory. The default port used is 636 |
Optional |
For secure communication using LDAP SSL, an SSL certificate should be uploaded in your AD/Domain Controller. Though enabling this checkbox is optional, we strongly recommend you to do it to keep your data secure.
Similar to domains, Workgroups can be added in two ways:
From the auto-discovered list available in the SoM --> Add Computers page by clicking the Edit link corresponding to the workgroup.
By Manually adding the workgroup- If for some reason, one or more workgroups are not discovered, you can use the Add Domain link available in the same page to add workgroups manually.
Both the above options will open the Add Domain dialog for accepting the following information:
Parameter | Description |
Type |
---|---|---|
Domain Name |
The name of the workgroup |
Mandatory |
Network Type |
Select "Workgroup" option |
Mandatory |
Admin User Name |
A common user name which has administrative privileges in all the computers within that workgroup. It is recommended to have a dedicated user account whose password policy is set to "Never Expire" |
Mandatory |
Password |
The password of the common admin user |
Mandatory |
DNS Suffix |
This is required to uniquely identify a computer within a workgroup. For example, if you have a computer with the same name in two different workgroups, the DNS suffix is used to identify it uniquely |
Optional |
|
A remote connection is established to the managed computers to perform the various Desktop Management activities like agent installation / upgradation, patch/inventory scanning, and remote desktop sharing, which requires an admin credential. The credential provided when adding a domain/workgroup is used for this purpose. When the username/password provided while adding the domain/workgroup has changed later due to password expiry or other reasons, you need to update the correct credentials from the Admin tab --> SoM page to avoid getting "Access Denied" errors while performing any remote operations.
To update the credentials, click the Edit Credentials button available in the SoM page. Select the Domain/Workgroup from the select box, update the username/password and click Update Domain Details.
You can automate the process of adding and removing computers that are managed by configuring the SoM policy. This helps you to Synchronize computers from Active Directory. So you will find the computers that are newly added in the Active Directory, but are not managed and the computers that have been deleted from the Active Directory. This helps you to quickly add or remove computers from being managed using.
The synchronization will happen at a specified time everyday and can be configured to notify you whenever a change is detected. You can also initiate the sync option as and when required with sync only modified data and sync all option. Sync only modified data will list only the changes that has happened after the previous sync. So the computers which are added or removed after the previous sync will be listed here. Sync all option can be used to get the complete list of all the computers that has been added or removed in the active directory.
To enable synchronization follow the steps below:
Note: If you do not see all the domains, you should check and specify the credentials first from SoM --> Computers --> Edit Credential.
|
The next step is to add and install the agent in the client computers that have to be managed. The following sections will detail the steps:
Managing Computers in LAN - To add and install the agent in the client computers from the same LAN where the Patch Manager Plus server is installed
Managing Computers in WAN - To add and install the agent in the client computers from remote locations like branch offices and mobile users.