Home » Symantec Manuals » Computer Software » Symantec 14541094 » Manual Viewer

Symantec 14541094 Administration Guide - Page 99

Maintaining audit trails, Implementing policy-based administration

UPC - 037648640480

Add to My Manuals
Save this manual to your list of manuals

Page 99 highlights

Managing security in Symantec pcAnywhere 99 Maintaining audit trails Maintaining audit trails Event logging helps you monitor session activities and track information for auditing purposes. You can track who connected to a host and session duration, as well as important security information such as authentication or logon failures. Depending on your environment, you can send information about events that occurred during a session to a pcAnywhere generated log file, the Windows Event Log, or a Simple Network Management Protocol (SNMP) console. Symantec pcAnywhere supports centralized logging, so you can archive the logs on a secure, central server. Although logging can be a useful tool, be aware that tracking some types of events can degrade performance. You should also remember to periodically archive log files. For more information, see the Symantec pcAnywhere User's Guide. Implementing policy-based administration Administrators can securely customize the look and behavior of pcAnywhere through centralized policy-based administration. Symantec pcAnywhere supports Group Policy in Windows 2000/2003 Server/XP and operating system policy integration in Windows 98/Me/NT4. Administrator rights are required to modify policy settings in Windows NT4/2000/2003 Server/XP. Implementing Group Policy in Windows 2000/2003 Server/XP You must use the Microsoft Management Console (MMC) Group Policy snap-in to administer group policy in Windows 2000/2003 Server/XP. To manage policy for a site, domain, or organizational unit, you should open Group Policy from Active Directory, and then link the Group Policy object to the appropriate Active Directory container. The operating system provides a software wizard to guide you through this process. For more information about adding the Group Policy snap-in to MMC, see the online documentation for your operating system. Symantec pcAnywhere defines policy settings in an administrative template. After you add the Group Policy snap-in to MMC, you must import the pcAnywhere.adm file into MMC. See "Importing the pcAnywhere administrative template" on page 100.

Section	Page
Symantec pcAnywhere™ Administrator's Guide	1
Technical Support	3
Contents	7
1. Planning a migration and upgrade strategy	11
About migrations and upgrades	11
Migrating from pcAnywhere 11.x in Windows NT/2000/2003 Server/XP	13
Migrating from pcAnywhere 10.x in Windows NT/2000/ 2003 Server/XP	13
Migrating from pcAnywhere 10.x in Windows 98/Me	13
Upgrading from pcAnywhere 9.2.x in Windows NT/2000/XP	14
Upgrading from pcAnywhere 9.2.x in Windows 98/Me	14
Using Symantec Packager to streamline migrations and upgrades	14
2. Creating custom installation packages	17
About Symantec Packager	17
What you can do with Symantec Packager	18
How Symantec Packager works	18
Importing a product module	20
Customizing product settings	21
Selecting product features	22
Including configuration files	24
Integrity stamping a product configuration	26
Serializing a pcAnywhere installation	27
Managing configuration settings globally	30
Setting product installation options	32
Creating a custom command	38
Creating installation packages	39
Adding products and commands to a package definition	40
Building product installations and packages	40
Building a product configuration file	41
Building a package	41
Testing packages	42
3. Deploying Symantec pcAnywhere custom installations	43
About deployment	43
About package installation file locations	44
Deploying installation packages using Web-based deployment	45
About Web-based deployment requirements	45
Setting up the installation Web server	46
Customizing the deployment files	49
Testing the installation on the Web server	53
Notifying users of the download location	53
Deploying pcAnywhere using SMS 2.0	54
Minimum requirements for SMS deployment	55
Deploying with SMS	55
Using Windows NT/2000/2003 Server/XP logon scripts	58
Setting up the Windows server	58
Writing the Windows logon script	58
Testing the Windows logon script	60
Using NetWare logon scripts	60
Setting up the Novell NetWare server	60
Writing the NetWare logon script	61
Testing the NetWare logon script	62
4. Performing centralized management	63
About centralized management	63
Managing pcAnywhere hosts remotely	63
Installing the pcAnywhere Host Administrator tool	64
Adding the Host Administrator snap-in to MMC	65
Creating a configuration group	65
Adding computers to a configuration group	66
Configuring administrator host and remote connection items	66
Configuring a host item in pcAnywhere Host Administrator	69
Distributing pcAnywhere configuration files	69
Managing hosts in a configuration group	70
Integrating with Microsoft Systems Management Server	71
Importing the package definition file into SMS	71
About the Microsoft Distributed Component Object Model (DCOM)	71
Implementing DCOM in Windows NT/2000/2003 Server/XP	72
Implementing DCOM in Windows 98/Me	72
Modifying DCOM settings	72
About AwShim	73
About centralized logging	74
Monitoring performance using SNMP traps	74
About the pcAnywhere MIB file	75
5. Integrating pcAnywhere with directory services	77
About directory services	77
Using directory services with pcAnywhere	77
Configuring the directory servers	78
Configuring the LDAP server	78
Configuring Netscape Directory Server 3.1	78
Configuring Netscape Directory Server 4.0	79
Configuring Novell v5.0 server	80
Configuring Windows Active Directory	84
Configuring pcAnywhere to use directory services	88
Setting up directory services in pcAnywhere	88
Setting up the host computer to use directory services	89
Setting up the remote computer to use directory services	90
6. Managing security in Symantec pcAnywhere	91
Controlling access to pcAnywhere hosts	91
Limiting connections to specific computer names or IP addresses	92
Leveraging centralized authentication in pcAnywhere	93
Protecting session security	97
Maintaining audit trails	99
Implementing policy-based administration	99
Implementing Group Policy in Windows 2000/2003 Server/XP	99
Implementing system policy in Windows 98/Me/NT4	100
Importing the pcAnywhere administrative template	100
Managing user policies	101

Match case Limit results 1 per page

Maintaining audit trails

Event logging helps you monitor session activities and track information for

auditing purposes. You can track who connected to a host and session duration,

as well as important security information such as authentication or logon failures.

Depending on your environment, you can send information about events that

occurred during a session to a pcAnywhere generated log file, the Windows Event

Log, or a Simple Network Management Protocol (SNMP) console. Symantec

pcAnywhere supports centralized logging, so you can archive the logs on a secure,

central server.

Although logging can be a useful tool, be aware that tracking some types of events

can degrade performance. You should also remember to periodically archive log

files.

For more information, see the

Symantec pcAnywhere User's Guide

Implementing policy-based administration

Administrators can securely customize the look and behavior of pcAnywhere

through centralized policy-based administration. Symantec pcAnywhere supports

Group Policy in Windows 2000/2003 Server/XP and operating system policy

integration in Windows 98/Me/NT4.

Administrator rights are required to modify policy settings in Windows

NT4/2000/2003 Server/XP.

Implementing Group Policy in Windows 2000/2003 Server/XP

You must use the Microsoft Management Console (MMC) Group Policy snap-in to

administer group policy in Windows 2000/2003 Server/XP. To manage policy for

a site, domain, or organizational unit, you should open Group Policy from Active

Directory, and then link the Group Policy object to the appropriate Active Directory

container. The operating system provides a software wizard to guide you through

this process.

For more information about adding the Group Policy snap-in to MMC, see the

online documentation for your operating system.

Symantec pcAnywhere defines policy settings in an administrative template. After

you add the Group Policy snap-in to MMC, you must import the pcAnywhere.adm

file into MMC.

See

“Importing the pcAnywhere administrative template”

on page 100.

Managing security in Symantec pcAnywhere

Maintaining audit trails