This feature helps you synchronize the SEPS server with Active Directory groups. After you synchronize the group, the clients will get installed on all the endpoints which come under your domain network. A periodic check is carried out to find if any new endpoint is added to your network. When a new endpoint is added, the client gets automatically installed on that endpoint.
You can also exclude certain endpoints from the Active Directory group so that the client is not installed on these endpoints.
- This installation method is available only with Microsoft Windows operating system.
- To synchronize the server with Active Directory, the console should be installed on the domain machine or should be a member of the domain.
- Synchronization cannot be done with Default group.
- Groups shown in red color are already synchronized with Active Directory.
- The user should have permissions of Domain Admins to synchronize with Active Directory.
- The default synchronization time interval is GLOBAL.
Synchronizing with Active Directory
To synchronize Active Directory groups, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Clients > Client Deployment > Through Active Directory. A window appears with all the groups.
- Under EPS Console, select a group. In the right pane, Active Directory Container and Synchronization Interval of the selected group are displayed, if already synched.
- Right-click a group and select Synchronize with Active Directory. The Select a Domain screen appears.
- Select a domain and click Next. The Authentication screen appears.
- Specify the user name in the format of "domain name\username" and enter a valid password and then click Next. The Select Active Directory Container screen appears.
- Select Domain Name or Active Directory Container or Organizational Units (OU) for synchronization.
If you select a Domain Name, the whole Active Directory gets synched.
If you select any Active Directory Containers or OU then only the selected containers get synched.
You can select maximum 500 Active Directory Containers or Organizational Units at a time for synchronization. - Click Next. The Settings screen appears.
- Select the Automatically install client on newly detected computer check box.
- The Restrict Download Speed check box is selected by default. You can edit the speed if required. Enter speed limit in the range of 64 to 10,000 kbps.
- Click Next. The Synchronization screen appears.
- In Synchronization Interval, type the time interval when a periodic check is to be performed for this group and then click Finish. Time should be specified between 1 to 24 hours.
The SEPS server will be synchronized with the Active Directory as per specified interval.
Editing Synchronization
This feature gives you the flexibility to edit the time interval for carrying out periodic checks to find if a new endpoint is added to the network.
The frequency can be changed depending on how many and how often new endpoints are added.
To edit the time interval, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Clients > Client Deployment > Through Active Directory. A window appears with all the groups.
- Under EPS Console, right-click an already synched group and click Edit Synchronization. The authentication screen for Synchronization with Active Directory appears.
- Type the password and click Next. The Settings screen appears.
- Select the Automatically install client on newly detected computer check box. The Restrict Download Speed check box is selected by default. You can edit the speed if required. Enter speed limit in the range of 64 to 10,000 kbps.
- Click Next. The Synchronization screen appears.
- In the Synchronization interval text box, type the time interval. Time should be specified between 1 to 24 hours.
- To save the new setting, click Finish.
New synchronization setting is saved successfully.
Removing Synchronization
With this feature, you can remove the synchronization of a group in the following way:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Clients > Client Deployment > Through Active Directory. A window appears with all the groups.
- Under EPS Console, right-click a group that has already been synchronized and click Remove Synchronization.
The synchronization of the selected group is removed successfully.
Exclusion
You can exclude endpoints from installation of EPS client when Active Directory is synchronized. EPS client will be not installed on the excluded endpoint. You can exclude endpoints by Host Name, IP Address or by IP Range.
To exclude an endpoint, follow these steps:
- Log on to the Seqrite Endpoint Security Web console.
- Go to Clients > Client Deployment > Through Active Directory.
- On the Through Active Directory page, click the Exclusion button. A popup appears with the options about how you want to exclude an endpoint.
- On the Exclude Endpoints screen, select one of the following:
- Exclude by Host Name: If you select this option, type the Host Name and click Add. The endpoint is added to the Excluded Workstations list.
- Exclude by IP Address: If you select this option, type the IP address and click Add. The endpoint is added to the Excluded Workstations list.
- Exclude by IP Range: If you select this option, type the Start IP Address and End IP Address and click Add. The endpoints are added to the Excluded Endpoints list.
- To save your settings, click Save.
You can delete an endpoint from the exclusion list whenever you prefer.