Active Directory Authentication

warning

Before enabling Active Directory authentication for any account, make sure that this account is not a member of the Protected Users group. Since the Dr.Web Server is a service, an attempt to authenticate an account that is added to the Protected Users group will fail. Please visit Microsoft official website for details.

To enable Active Directory authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select Microsoft Active Directory section.

4.Set the Use Microsoft Active Directory authentication flag.

5.Click Save.

6.Restart Dr.Web Server to apply changes.

For Active Directory authentication, only enabling of using this authentication method is configured in Control Center.

You must edit Active Directory administrators' settings manually at the Active Directory server.

To edit Active Directory administrators

warning

The following operation must be carried out from a computer with Active Directory Service snap-in.

1.To enable editing of administrator parameters, do the following:

a)Modify the Active Directory scheme with the drweb-13.00.0-<build>-esuite-modify-ad-schema-<OS_version>.exe utility (it is included into Dr.Web Server distribution kit).
Modification of Active Directory scheme may take some time. Depending on the domain configuration, it may take up to 5 minutes and more to synchronize and apply the modified scheme.

info

If the Active Directory scheme has been modified earlier via this utility for the 6 version of Dr.Web Server, it is no need to perform modification repeatedly via the utility from the 13 version of Dr.Web Server.

b)Register Active Directory Schema snap-in, execute the regsvr32 schmmgmt.dll command with the administrative privileges, then run mmc and add the Active Directory Schema snap-in.

c)Using the Active Directory Schema snap-in, add the auxiliary DrWebEnterpriseUser class and the additional DrWebAdmin attribute to the User and (if necessary) Group classes.

info

If the scheme modification and application process has not finished, the DrWebEnterpriseUser class may be not found. In this case, wait for a few minutes and retry to add the class as described in c) step.

d)With the administrative privileges run the drweb-13.00.0-<build>-esuite-aduac-<OS_version>.msi file (is included in the Enterprise Security Suite 13.0 distribution kit) and wait until the installation finishes.

2.Visual editing of attributes is available from the Active Directory Users and Computers control panel → Users section → in the Administrator Properties window for editing settings of selected user → on the Dr.Web Authentication tab.

3.The following parameter is available for editing (yes, no or not set values can be set for the attribute):

User is administrator indicates that the user is full-rights administrator.

info

Algorithms of operating principles and attributes handling during authentication are described in the Appendices document, in the Appendix C1 section.