Home » Symantec Manuals » Computer Software » Symantec 14541094 » Manual Viewer

Symantec 14541094 Administration Guide - Page 93

Leveraging centralized authentication in pcAnywhere, Using two-factor authentication

UPC - 037648640480

Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

Managing security in Symantec pcAnywhere 93 Controlling access to pcAnywhere hosts 4 Repeat steps 2 and 3 for each computer name or IP address from which you want to allow connections. 5 Click OK. Leveraging centralized authentication in pcAnywhere Symantec pcAnywhere requires you to create a caller logon account for each remote user or user group who connects to the host computer and to select an authentication method for verifying the user's identity. This information is required for all host sessions to prevent unauthorized access. Symantec pcAnywhere supports a number of centralized authentication types, including Active Directory, Novell Directory Services, Novell Bindery, NT, and RSA SecurID, giving you the flexibility of using the authentication measures already in place on your network. Using two-factor authentication Symantec pcAnywhere supports RSA SecurID two-factor authentication. SecurID validates users against a security code which is generated by an authenticator, and a user-provided PIN. You must have the RSA ACE/Server and Agents properly installed and configured on your network. For more information, visit the RSA Web site at the following URL: www.rsa.com To implement SecurID in pcAnywhere, you must do the following: ■ Install and configure the RSA ACE/Agent on the host computer. For more information, see the documentation provided by RSA. ■ On the host computer, open pcAnywhere and configure a host connection item to use SecurID authentication. For more information, see the Symantec pcAnywhere User's Guide. When a remote user attempts to connect to a host computer that uses SecurID authentication, the user is prompted for authentication credentials which include a PIN number, logon name, and passcode. The host computer handles the data requests between the remote computer and the RSA ACE/Agent, which is installed on the host computer. The RSA ACE/Agent handles the data requests between the host computer and the RSA ACE/Server. If the tokencode that is provided by the remote user is out of sync with the server clock or appears to be compromised, the user is prompted for another tokencode.

Section	Page
Symantec pcAnywhere™ Administrator's Guide	1
Technical Support	3
Contents	7
1. Planning a migration and upgrade strategy	11
About migrations and upgrades	11
Migrating from pcAnywhere 11.x in Windows NT/2000/2003 Server/XP	13
Migrating from pcAnywhere 10.x in Windows NT/2000/ 2003 Server/XP	13
Migrating from pcAnywhere 10.x in Windows 98/Me	13
Upgrading from pcAnywhere 9.2.x in Windows NT/2000/XP	14
Upgrading from pcAnywhere 9.2.x in Windows 98/Me	14
Using Symantec Packager to streamline migrations and upgrades	14
2. Creating custom installation packages	17
About Symantec Packager	17
What you can do with Symantec Packager	18
How Symantec Packager works	18
Importing a product module	20
Customizing product settings	21
Selecting product features	22
Including configuration files	24
Integrity stamping a product configuration	26
Serializing a pcAnywhere installation	27
Managing configuration settings globally	30
Setting product installation options	32
Creating a custom command	38
Creating installation packages	39
Adding products and commands to a package definition	40
Building product installations and packages	40
Building a product configuration file	41
Building a package	41
Testing packages	42
3. Deploying Symantec pcAnywhere custom installations	43
About deployment	43
About package installation file locations	44
Deploying installation packages using Web-based deployment	45
About Web-based deployment requirements	45
Setting up the installation Web server	46
Customizing the deployment files	49
Testing the installation on the Web server	53
Notifying users of the download location	53
Deploying pcAnywhere using SMS 2.0	54
Minimum requirements for SMS deployment	55
Deploying with SMS	55
Using Windows NT/2000/2003 Server/XP logon scripts	58
Setting up the Windows server	58
Writing the Windows logon script	58
Testing the Windows logon script	60
Using NetWare logon scripts	60
Setting up the Novell NetWare server	60
Writing the NetWare logon script	61
Testing the NetWare logon script	62
4. Performing centralized management	63
About centralized management	63
Managing pcAnywhere hosts remotely	63
Installing the pcAnywhere Host Administrator tool	64
Adding the Host Administrator snap-in to MMC	65
Creating a configuration group	65
Adding computers to a configuration group	66
Configuring administrator host and remote connection items	66
Configuring a host item in pcAnywhere Host Administrator	69
Distributing pcAnywhere configuration files	69
Managing hosts in a configuration group	70
Integrating with Microsoft Systems Management Server	71
Importing the package definition file into SMS	71
About the Microsoft Distributed Component Object Model (DCOM)	71
Implementing DCOM in Windows NT/2000/2003 Server/XP	72
Implementing DCOM in Windows 98/Me	72
Modifying DCOM settings	72
About AwShim	73
About centralized logging	74
Monitoring performance using SNMP traps	74
About the pcAnywhere MIB file	75
5. Integrating pcAnywhere with directory services	77
About directory services	77
Using directory services with pcAnywhere	77
Configuring the directory servers	78
Configuring the LDAP server	78
Configuring Netscape Directory Server 3.1	78
Configuring Netscape Directory Server 4.0	79
Configuring Novell v5.0 server	80
Configuring Windows Active Directory	84
Configuring pcAnywhere to use directory services	88
Setting up directory services in pcAnywhere	88
Setting up the host computer to use directory services	89
Setting up the remote computer to use directory services	90
6. Managing security in Symantec pcAnywhere	91
Controlling access to pcAnywhere hosts	91
Limiting connections to specific computer names or IP addresses	92
Leveraging centralized authentication in pcAnywhere	93
Protecting session security	97
Maintaining audit trails	99
Implementing policy-based administration	99
Implementing Group Policy in Windows 2000/2003 Server/XP	99
Implementing system policy in Windows 98/Me/NT4	100
Importing the pcAnywhere administrative template	100
Managing user policies	101

Match case Limit results 1 per page

Repeat steps

and

for each computer name or IP address from which you

want to allow connections.

Click

Leveraging centralized authentication in pcAnywhere

Symantec pcAnywhere requires you to create a caller logon account for each

remote user or user group who connects to the host computer and to select an

authentication method for verifying the user's identity. This information is

required for all host sessions to prevent unauthorized access.

Symantec pcAnywhere supports a number of centralized authentication types,

including Active Directory, Novell Directory Services, Novell Bindery, NT, and

RSA SecurID, giving you the flexibility of using the authentication measures

already in place on your network.

Using two-factor authentication

Symantec pcAnywhere supports RSA SecurID two-factor authentication. SecurID

validates users against a security code which is generated by an authenticator,

and a user-provided PIN.

You must have the RSA ACE/Server and Agents properly installed and configured

on your network.

For more information, visit the RSA Web site at the following URL:

www.rsa.com

To implement SecurID in pcAnywhere, you must do the following:

■

Install and configure the RSA ACE/Agent on the host computer.

For more information, see the documentation provided by RSA.

■

On the host computer, open pcAnywhere and configure a host connection item

to use SecurID authentication.

For more information, see the

Symantec pcAnywhere User's Guide

When a remote user attempts to connect to a host computer that uses SecurID

authentication, the user is prompted for authentication credentials which include

a PIN number, logon name, and passcode.

The host computer handles the data requests between the remote computer and

the RSA ACE/Agent, which is installed on the host computer. The RSA ACE/Agent

handles the data requests between the host computer and the RSA ACE/Server.

If the tokencode that is provided by the remote user is out of sync with the server

clock or appears to be compromised, the user is prompted for another tokencode.

Managing security in Symantec pcAnywhere

Controlling access to pcAnywhere hosts