How to configure credentials, data location and asstes/ domain import in control compliance suite 11 for windows data collection

Adding Credentials for windows data collection 

Two types of credentials need to add in ccs as follows.

a)   All machines in domain

Open CCS Console -> Settings -> Credentials -> Add Common Credential.

On new wizard select below option.

Platform: Windows

Configure for: All machines in domain

Authentication : Windows

After specifying credentials click on ARROW and save the credentials.

b)   Domain Cache

Open CCS Console -> Settings -> Credentials -> Add Common Credential.

On new wizard select below option.

Platform: Windows Domain Cache

Configure for: Credentials to build domain cache

Authentication : Windows

After entering credentials click arrow and save the credentials.

For more clarification on permission requirement for user account kindly refer CCS 11 planning and deployment guide.

Creating Data Locations.

Open CCS Console -> Settings -> General-> System Configuration -> Data Locations -> Add

Data location type: Directory Server

Name: *

Description:

Directory server: specify Domain controller name

Port: 389

BASE DN: Specify the distinguished name of the domain controller.

example: CN=CCSDC,OU=Domain Controllers,DC=symantec,DC=COM

Run below command on domain controller :

dsquery computer domainroot -name machine name

Or

Open ADUC (Active Directory users and Computers) select attribute editor tab from properties of OU and check path specified in distinguishedName attribute. (To view attribute editor tab enable Advance Features view of ADUC console)

Note: Data location is created with targeting to OU in active directory, if servers are located in different OU the we will need to create multiple data locations. Example: Domain controller and member servers are located in different OU in active directory, hence we have to create different data locator for both type of assets in CCS asset system.

Steps to Configure CCS Manager

Open CCS Console go to Settings tab -> Infrastructure Tasks -> Register CCS Manager

Ø     Follow below steps  on Register a New CCS Manager wizard.

1.    Select the CCS Manager to Register and click next

2.    Select the site (default site) associate with the new CCS Manager and click next

3.    Select the roles for new CCS Manager and click next (Selected Directory Server [LDAP]). First CCS Manager in enviourment has to assign all roles, if this is an additional CCS Manager then assign role as per requirement.

4.    Select the data collector assign to selected CCS manager and click next

5.    Click finish

Ø  Configuring CCS Manager.

1.    Right Click on CCS manager and select edit settings

2.    Data collection Sites -> Directory server [LDAP]

Site : Default Site (Select appropriate site if any new site is created)

Asset Type : Windows Machine

Data Locations* : Select the data location created in previous step.

3.    Symantec CCS Manager -> Basic

We can modify the CCS manager roles from this window.

After configuring CCS Manager make sure health and status is showing all green check marks on all the roles.

Creating domain and assets import Job

Domain Import.

Go to Manage -> Asset System -> Asset ->Asset Task -> Add Asset.

Location: by default domain will imported in asset systems folder we can change the location to custom folder.

Asset Type: Windows Domain, click next

Specify the Domain name in field provided. (other fields are not mandatory)

Go to Manage -> Asset System -> Asset ->Asset Task -> Import Assets.

Name: Job Name

Asset type: Windows Domain

Source : Network

Scope : Click on plus icon, which will open new windows to select domain created in previous steps.

1.    In Select asset import scope window: select windows domain in limit asset scope. By default site is selected.

Click on asset folder to select domain asset -> Add -> OK.

2.    Asset Import Options: Select Advance Options to specify additional asset import rules and click next.

3.    Add Reconciliation Roles: Click Add Rules -> select predefined rules -> add below rules to job.

a.     Add assets to the Asset System

b.    Set CIA values before adding the asset

c.     Update Assets

4.    Specify Asset Field Filters: for domain import filter is not required. Click Next

5.    Select Run now -> click Next

6.    Send Notification: select send notification on job succeed or failure. Specify the email who will receive the notification.

Note: To receive the mail notification on job, Mail notifications settings has to be configured successfully.

7.    Click Finish.

To monitor domain import job go to Monitor -> Jobs. Make sure Asset Import is selected in Job type panel on left side on console.

Asset Import

Go to Manage -> Asset System -> Asset ->Asset Task -> Import Assets.

1.    Name: Job Name

2.    Asset type: Windows Machine

3.    Source : Directory Server [LDAP]

4.    Scope: click on dropdown arrow and select the site. Click green icon to add scope, which will further open new window select data location created in earlier steps. (For importing assets other than domain controller we have to create new data collector for each active directory OU.) click ok -> Next

5.    Asset Import Options: Select Advance Options to specify additional asset import rules and click next.

6.    Add Reconciliation Roles: Click Add Rules -> select predefined rules -> add below rules to job.

Add assets to the Asset System

Set CIA values before adding the asset

Update Assets

7.    Specify Asset Field Filters: To import specific assets such only servers, DNS name, Host name we can use the filter option while assets import.

8.    Click Next

9.    Select Run now -> click Next

10.  Send Notification: select send notification on job succeed or failure. Specify the email who will receive the notification.

Note: To receive the mail notification on job, Mail notifications settings has to be configured successfully.

To monitor Asset import job go to Monitor -> Jobs. Make sure Asset Import is selected in Job type panel on left side on console.