How to configure credentials, data location and asstes/ domain import in control compliance suite 11 for windows data collection
Adding Credentials for windows data collection
Two types of credentials need to add in ccs as follows.
a) All machines in domain
Open CCS Console -> Settings -> Credentials -> Add Common Credential.
On new wizard select below option.
Platform: Windows
Configure for: All machines in domain
Authentication : Windows
After specifying credentials click on ARROW and save the credentials.
b) Domain Cache
Open CCS Console -> Settings -> Credentials -> Add Common Credential.
On new wizard select below option.
Platform: Windows Domain Cache
Configure for: Credentials to build domain cache
Authentication : Windows
After entering credentials click arrow and save the credentials.
For more clarification on permission requirement for user account kindly refer CCS 11 planning and deployment guide.
Creating Data Locations.
Open CCS Console -> Settings -> General-> System Configuration -> Data Locations -> Add
Data location type: Directory Server
Name: *
Description:
Directory server: specify Domain controller name
Port: 389
BASE DN: Specify the distinguished name of the domain controller.
example: CN=CCSDC,OU=Domain Controllers,DC=symantec,DC=COM
Run below command on domain controller :
dsquery computer domainroot -name machine name
Or
Open ADUC (Active Directory users and Computers) select attribute editor tab from properties of OU and check path specified in distinguishedName attribute. (To view attribute editor tab enable Advance Features view of ADUC console)
Note: Data location is created with targeting to OU in active directory, if servers are located in different OU the we will need to create multiple data locations. Example: Domain controller and member servers are located in different OU in active directory, hence we have to create different data locator for both type of assets in CCS asset system.
Steps to Configure CCS Manager
Open CCS Console go to Settings tab -> Infrastructure Tasks -> Register CCS Manager
Ø Follow below steps on Register a New CCS Manager wizard.
1. Select the CCS Manager to Register and click next
2. Select the site (default site) associate with the new CCS Manager and click next
3. Select the roles for new CCS Manager and click next (Selected Directory Server [LDAP]). First CCS Manager in enviourment has to assign all roles, if this is an additional CCS Manager then assign role as per requirement.
4. Select the data collector assign to selected CCS manager and click next
5. Click finish
Ø Configuring CCS Manager.
1. Right Click on CCS manager and select edit settings
2. Data collection Sites -> Directory server [LDAP]
Site : Default Site (Select appropriate site if any new site is created)
Asset Type : Windows Machine
Data Locations* : Select the data location created in previous step.
3. Symantec CCS Manager -> Basic
We can modify the CCS manager roles from this window.
After configuring CCS Manager make sure health and status is showing all green check marks on all the roles.
Creating domain and assets import Job
Domain Import.
Go to Manage -> Asset System -> Asset ->Asset Task -> Add Asset.
Location: by default domain will imported in asset systems folder we can change the location to custom folder.
Asset Type: Windows Domain, click next
Specify the Domain name in field provided. (other fields are not mandatory)
Go to Manage -> Asset System -> Asset ->Asset Task -> Import Assets.
Name: Job Name
Asset type: Windows Domain
Source : Network
Scope : Click on plus icon, which will open new windows to select domain created in previous steps.
1. In Select asset import scope window: select windows domain in limit asset scope. By default site is selected.
Click on asset folder to select domain asset -> Add -> OK.
2. Asset Import Options: Select Advance Options to specify additional asset import rules and click next.
3. Add Reconciliation Roles: Click Add Rules -> select predefined rules -> add below rules to job.
a. Add assets to the Asset System
b. Set CIA values before adding the asset
c. Update Assets
4. Specify Asset Field Filters: for domain import filter is not required. Click Next
5. Select Run now -> click Next
6. Send Notification: select send notification on job succeed or failure. Specify the email who will receive the notification.
Note: To receive the mail notification on job, Mail notifications settings has to be configured successfully.
7. Click Finish.
To monitor domain import job go to Monitor -> Jobs. Make sure Asset Import is selected in Job type panel on left side on console.
Asset Import
Go to Manage -> Asset System -> Asset ->Asset Task -> Import Assets.
1. Name: Job Name
2. Asset type: Windows Machine
3. Source : Directory Server [LDAP]
4. Scope: click on dropdown arrow and select the site. Click green icon to add scope, which will further open new window select data location created in earlier steps. (For importing assets other than domain controller we have to create new data collector for each active directory OU.) click ok -> Next
5. Asset Import Options: Select Advance Options to specify additional asset import rules and click next.
6. Add Reconciliation Roles: Click Add Rules -> select predefined rules -> add below rules to job.
Add assets to the Asset System
Set CIA values before adding the asset
Update Assets
7. Specify Asset Field Filters: To import specific assets such only servers, DNS name, Host name we can use the filter option while assets import.
8. Click Next
9. Select Run now -> click Next
10. Send Notification: select send notification on job succeed or failure. Specify the email who will receive the notification.
Note: To receive the mail notification on job, Mail notifications settings has to be configured successfully.
To monitor Asset import job go to Monitor -> Jobs. Make sure Asset Import is selected in Job type panel on left side on console.