Kaspersky Security Center 10BEST PRACTICESAPPLICATION VERSION: 10 SERVICE PACK 1
Dear User,Thank you for choosing our product. We hope that this document will help you in your work and will provide answersregarding this software product.Warning! This document is the property of Kaspersky Lab: All rights to this document are protected by the copyright lawsof the Russian Federation and by international treaties. Illegal reproduction or distribution of this document or partshereof will result in civil, administrative, or criminal liability under applicable law.Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permissionof Kaspersky Lab.This document, and graphic images related to it, may only be used for informational, non-commercial, and personalpurposes.This document may be amended without additional notification. The latest version of this document can be found on theKaspersky Lab website, at http://www.kaspersky.com/docs.Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used herein the rightsto which are owned by third parties, or for any potential damages associated with the use of such documents.Document revision date: 9/14/2015 2015 AO Kaspersky Lab. All Rights spersky.com2
TABLE OF CONTENTSABOUT THIS DOCUMENT .6In this document . 6Document conventions .7PLANNING KASPERSKY SECURITY CENTER DEPLOYMENT .8How to select a DBMS for the Administration Server . 9Providing Internet access to the Administration Server . 9Internet access: Administration Server on a local network . 10Internet access: Administration Server in DMZ . 10Internet access: Network Agent in gateway mode in a DMZ . 10Standard configurations of Kaspersky Security Center . 11Standard configuration: Single office . 11Standard configuration: A few large-scale offices run by their own administrators . 12Standard configuration: Multiple small remote offices . 12About Update Agents . 12Administration Server hierarchy. 13Virtual Administration Servers . 13Installing images of operating systems . 14Mobile Device Management . 14Exchange ActiveSync Mobile Device Server . 14How to deploy an Exchange ActiveSync Mobile Device Server . 15Rights required for deployment of an Exchange ActiveSync Mobile Device Server . 15Account for Exchange ActiveSync service . 15iOS MDM Mobile Device Server . 16Standard configuration: Kaspersky Mobile Device Management in DMZ . 17Standard configuration: iOS MDM Mobile Device Server on the local network of an enterprise . 18Managing mobile devices with Kaspersky Endpoint Security for Android . 18About Network Access Control (NAC) . 18DEPLOYMENT AND INITIAL SETUP . 19Installing Administration Server . 20Creating accounts for services of Administration Server . 20Selecting a DBMS . 20Defining a shared folder . 21Remote installation with Administration Server tools through Active Directory group policies . 21Remote installation through delivery of the UNC path to a stand-alone package . 21Updating from the Administration Server shared folder . 21Installing images of operating systems. 21Specifying the address of the Administration Server . 22Defining the Administration Server certificate . 22Initial setup . 23Manual setup of Kaspersky Endpoint Security policy . 23Configuring the policy in the Anti-Virus protection section. 24Configuring the policy in the Advanced Settings section . 24Configuring the policy in the Events section . 25Manual setup of the group update task for Kaspersky Endpoint Security . 26Manual setup of the group task for scanning a computer with Kaspersky Endpoint Security . 26Manual setup of the schedule of the vulnerability scan task . 26Manual setup of the group task for updates installation and vulnerabilities fix . 26Building a structure of administration groups and assigning Update Agents . 27Standard configuration: Single office . 27Standard configuration: Multiple small isolated offices . 28Hierarchy of policies, using policy profiles. 28Hierarchy of policies . 283
BESTPRACTICESPolicy profiles . 29Tasks . 30Computer moving rules . 30Software categorization . 31Backup and restoration of Administration Server settings . 31A computer with Administration Server is inoperable . 32The settings of Administration Server or the database are corrupted . 33Deploying Network Agent and an anti-virus application . 34Initial deployment . 34Configuring installers . 35Installation packages . 35MSI properties and transform files. 36Deployment with third-party tools for remote installation of applications . 36General information about the remote installation tasks in Kaspersky Security Center . 36Deployment by capturing and copying the hard drive of a computer . 37Deployment using group policies of Microsoft Windows . 38Forced deployment through the remote installation task of Kaspersky Security Center . 39Running stand-alone packages created by Kaspersky Security Center . 40Options for manual installation of applications . 41Remote installation of applications on computers with Network Agent installed . 41Managing restarts of target computers in the remote installation task . 42Suitability of databases updating in an installation package of an anti-virus application . 42Selecting a method for uninstalling incompatible applications when installing a Kaspersky Lab Anti-Virusapplication . 42Using tools for remote installation of applications in Kaspersky Security Center for running relevantexecutable files on managed computers . 43Monitoring the deployment . 44Configuring installers . 44General information . 44Installation in silent mode (with a response file) . 45Installation in silent mode (without a response file) . 45Installation in silent mode (without a response file) . 45Administration Server installation settings . 46Network Agent installation settings. 47Virtual infrastructure . 48Tips on reducing the load on virtual machines .
Kaspersky Security Center 10 ("Kaspersky Security Center") Administrator's Guide is intended for professionals who install and administer Kaspersky Security Center, as