Managing software installed on endpoint systems is one of the most important and time-consuming tasks in corporate network management. As a rule, every new machine is mounted with a disk image containing the entire “standard set” of necessary software and drivers, which speeds up the deployment of the new workplace, making things much easier. But after a while these machines can become time bombs: standard set software becomes obsolete, criminals discover more and more vulnerabilities, and more man hours are required to update all the installed software on each company PC.
That’s when a need for a dedicated solution emerges. This solution must be able to:
Take an inventory of all software
- Information on all installed applications for every PC within a network must be available to a system administrator at any time.
Batch software installation and removal
- If an organization adopts new software, it may take a lot of IT’s precious time to install it on all computers. It’s the same story with removal too: license expiration may give many headaches to network administrators, which means that the process must be automated, especially if every administrator accounts for dozens or even hundreds of devices within a corporate network.
- Software known to be bugged must be located easily and in a timely fashion.
- It’s impossible to get rid of vulnerabilities without installing a patch, thus centralized software updates are one of the most important security features. It is also the most complex one, since every application requires a unique approach following their development specifics.
Kaspersky Endpoint Security for Business and Kaspersky Total Security for Business include Kaspersky Security Center, a management console that allows users to easily fulfill these tasks with the help of a software technology set conventionally known as Software Assistant. Every task can be accomplished for specific PCs or groups of machines. In order to accomplish these tasks, a special network agent must be installed first. This is done remotely by the batch installation tools within Kaspersky Security Center.
Kaspersky Security Center covers almost the entire range of actions system administrators need to perform in order to manage software within a corporate network.
The ideology behind Kaspersky Security Center has all required tools accessible in a single administration console, leaving everything within reach. At any given time, the administrator can see the full picture like what products are installed and where, what software is up to date and what requires patching.
KSC’s interface makes the administrator’s job very easy. All operations can be completed in a click or two. Let’s take a look at the primary management tasks.
Taking inventory takes just two steps: listing the installed software by scanning Windows register, then listing the files of the installed applications – this requires scanning hard drives.
To take an inventory on a PC or a group of PCs the following parameters should be specified:
– Managed PCs or PC groups, which software should be inventoried.
– A user account with administrator’s rights on the specified PCs (domain or local). Local user account created during installation of the network agent is used by default, but this can be altered in the task options.
– File search area. These areas are set optionally, by default files are searched in the root folder, in Program Files and Program Files (x86)
– Task scheduling settings. By default the task is launched manually.
Batch installation and removal
In order to batch-install software every application requires an installation package, that also contains all of the installation keys. As a rule, silent mode installations don’t require any action or attention from the endpoint workstation user – the installation goes unnoticed.
By default, KSC has installation packages for Kaspersky Endpoint Security and Network Agent (administration agent) and mobile devices control services.
The administrator can also compile an installation package him/herself for any software that needs to be installed on PCs within the network.
He/she must enter the name of the installations package, set the path to it and specify the keys (launch parameters). Also there is an option to compile an installation package for an application from the list of the supported software. In this case there is no need to pre-upload a package.
After all parameters are set, a new installation package appears in the list.
To complete the installation task you need to specify:
– Which installations package to use.
– On what PCs or PC groups this package should be installed.
– Additional installation parameters
– OS Reboot mode
User (administrator) account on the specified PCs (domain or local). Local user account created during installation of the network agent is used by default, this can be changed in the task options.
To be continued…