You are on page 1of 12

Managed Workplace 2009 R1

Domain Configuration
Table of Contents
About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
LPI Global Partner Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Domain Configuration ...................................... 5


Configuring the Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Configuring Windows Services for Domain Members . . . . . . . . . . . . . . . . . . . . 7
Configuring Microsoft Updates for Domain Members . . . . . . . . . . . . . . . . . . . . 8
Logon Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Configuring DCOM for Domain Members ........................................ 9

i
About this Guide

This guide provides you with a reference to assist you in configuring a


Windows Domain environment so that all member devices can be
monitored and patched by Onsite Manager.
All procedures listed in this guide assume that the user has sufficient
security privileges to perform the operations.

1
1
Document Conventions
Managed Workplace 2009 R1 Hosted Service Center 3.0 documentation
uses the following icons to define the type of information being provided.

Notes

Note: A note is used to emphasize points or remind you about


specific information that may apply only in special cases.

Tips

Tip: A tip suggests alternative methods for performing a step


or entire procedure.

Cautions

Caution: A caution advises that failure to take or avoid a


specified action could result in loss of data, or may cause
Managed Workplace to operate abnormally.

Best practices

Best practice: A best practices icon advises users of the


preferred method to perform tasks.

Other documentation

Other documentation: This icon indicates that there is other


documentation that will provide more information on the
subject.

22
Contact Information

Documentation
We are committed to making your experience with our product the best it
can be. If you find any errors or omissions in our documentation, or have
suggestions for improving it, we invite you to write to us at:
documentation@levelplatforms.com

Technical Support
Our Technical Support Help Desk is committed to delivering the highest
quality service to our partners.
Our goal is to provide best-in-class support for our partners. To achieve
this goal, we constantly work to improve our service offerings.

To contact a Technical Support Representative by phone:


• Toll Free, within Canada & the US: 1-800-418-0881, Extension 5
• Toll Free, within the UK: 0-800-047-0993, Extension 5
• Toll Free, within Australia: 1-800-335-283, Extension 5
• Toll Free, within New Zealand: 0-800-449-775, Extension 5
• Toll Free, within Ireland: 1-800-550-734, Extension 5
• Rest of World: +1 613 232-1000, Extension 5

To contact a Technical Support Representative by e-mail:


support@levelplatforms.com

Support hours
Telephone and e-mail support is available from 6:00 AM to 10 PM EST from
Monday to Friday.

33
LPI Global Partner Community
To access the Level Platforms Partner website, click the link below or copy
the URL into your browser window and then log in with your Username
and Password.
http://levelplatforms.com/Portal/Login/login.aspx

Technical information
To see all of the technical information that is available, such as product
downloads, frequently asked questions (FAQ), knowledge base articles, log
into the Level Platforms Partner website and select the Technical menu.
Under the Technical menu, you will find libraries of policy modules, pre-
defined reports and scripts.

Training information
For information about live or ‘on demand’ training, log into the Level
Platforms Partner website and select the Training menu. You will see a list
of courses, their descriptions, and a course calendar.

Discussion Forums
To view or participate in discussions about Managed Workplace, log into the
Level Platforms Partner website and select the Discussion Forums menu.

44
Domain Configuration

Onsite Manager sees all on your customer networks, but in order to do so,
certain configurations may need to be performed. These changes must be
made to both the Domain and Standard profiles. The Domain Profile is used
when the machine is connected or logged into the Domain, and the
Standard Profile when it is not.
Once the changes have been made, the Group Policy must be updated on
each device for the changes to take effect. The policy will be updated the
next time a user logs into the Domain from the device, or may be updated
manually by running the gpupdate /force command on each device.

5
5
Configuring the Windows Firewall
The Windows Firewall needs to be configured to allow Onsite Manager to
discover and monitor Domain Member devices. Following this procedure
will automatically make the changes for all Domain Members.
Using the Group Policy Editor, configure the following for:
• Computer Configuration > Administrative Templates >
Network > Network Connections > Windows Firewall > Domain
Profile
• Computer Configuration > Administrative Templates >
Network > Network Connections > Windows Firewall >
Standard Profile

Windows Firewall: Allow ICMP exceptions


Select Enabled
Select Allow inbound echo request

Windows Firewall: Allow file and printer sharing exception


Select Enabled
Select Allow unsolicited incoming messages from localsubnet

Windows Firewall: Allow remote administration exception


Select Enabled
Select Allow unsolicited incoming messages from localsubnet

Windows Firewall: Allow Remote Desktop exception


Select Enabled
Select Allow unsolicited incoming messages from localsubnet

66
Configuring Windows Services for Domain
Members
The Policy being updated will not start the Windows services because a
policy update may be received while the device is up and logged into the
Domain. The services will not be started until either manually started by a
user or during the boot process.
These changes will only affect the startup for services when the device is
joined to the Domain.
Configure the Window Services for Domain members using the Group
Policy Management Tool on the Domain Controller:
1. From the Start menu, click Administrative Tools and then click
Group Policy Management.
2. Right-click the Domain OU and click Properties.
3. Click the Group Policy tab.
4. Click Edit on the Default Domain Policy GPO link.

Note: This is the default policy for the whole domain. If


the settings only apply to a specific group of domain
members, then do not change the settings at the GPO
level.

5. In the Group Policy Object Editor window, navigate to:


Computer Configuration > Windows Settings > Security
Settings > System Services
6. Configure the following:
• Windows Management Instrumentation (WMI)
Select Startup Type: Automatic
• Remote Registry
Select Startup Type: Automatic
• Remote Procedure Call (RPC)
Select Startup Type: Automatic
• Background Intelligent Transfer Service (BITS)
Select Startup Type: Manual
BITS is only required by Managed Workplace if the Site uses
Patch Management.

77
Configuring Microsoft Updates for Domain
Members
Managed Workplace does not use GPO settings to define the update server
to managed clients, so any WSUS policies that are in place on the Domain
will interfere with normal operations of Patch Management.
Disabling all WSUS policies will allow Managed Workplace to operate
normally. The policies are collected in this location:
• Computer Configuration > Administrative Templates >
WindowsComponents > Windows Update

88
Logon Script
Some required configurations can only be performed by adding code to the
logon script for the computer in the domain.

Configuring DCOM for Domain Members


Microsoft's Distributed Component Object Model must be running on the
monitored devices. Add the following visual basic code as a logon script for
a computer to make sure that DCOM is available for use with Managed
Workplace:
Set WSHShell = WScript.CreateObject("WScript.Shell")
'To Enable Remote DCOM in the computer
WshShell.RegWrite
"HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM","Y","REG_SZ"
'To Set Authentication Level to Connect
WshShell.RegWrite
"HKLM\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel",2
,"REG_DWORD"
'To Set Impersonation level to Impersonate
WshShell.RegWrite
"HKLM\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel",3,
"REG_DWORD"

99
Trademark
© 2009 LPI Level Platforms Inc. All rights reserved. No part of this
publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, without the prior written
permission of LPI Level Platforms Inc. While every precaution has been
taken in the preparation of this document, LPI Level Platforms assumes
no responsibility for errors or omissions. Neither is any liability
assumed for damages resulting from the use of the information
contained herein.
Managed Workplace is a registered trademark of LPI Level Platforms
Inc.
Adobe and Acrobat are registered trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Microsoft, Windows, and Windows Server are trademarks or registered
trademarks of Microsoft Corporation in the United States and/or other
countries.
All other brands, product names, company names, trademarks, and
service marks are the properties of their respective owners.

This guide was updated on: January 20, 2009

10
10