Overview
This chapter describes how to change the configuration of the SEE Management Server.
Configuration Editor
Basics
Settings specified during the installation of the SEE Management Server can later be modified using the
Configuration Editor. The Configuration Editor should be used with great caution, since errors made during your use of this utility could result in significant damage to your deployment.
The Configuration Editor is placed on the SEE Management Server during installation. It can be found as follows C:\Program Files\Symantec\Symantec Endpoint Encryption Management Server\Services\
Symantec.Endpoint.Encryption.ConfigManager.exe
This executable can only be run on the SEE Management Server. Launch the executable to begin.
Database Configuration Tab
The Configuration Editor will launch with its first tab open. This tab allows you to modify the SEE database instance parameters.
Figure 6.1—Configuration Editor, Database Configuration Tab
The computer name of the machine currently hosting the SEE database instance will be displayed in the Database Server Name field. If the SEE database instance has been moved to a different machine, or if the machine hosting it has been renamed, edit the contents of this field.
The name of the SEE database is fixed and cannot be modified. It will be displayed in the Schema Name field.
The user name of the SQL account that the SEE Management Server is using to communicate with the SEE database will be displayed in the User Name field. This account was created during the installation of the SEE Management Server with privileges restricted to reading and writing activities only (datareader and datawriter).
Asterisks representing the password used by the SQL account that the SEE Management Server is using to communicate with the SEE database instance will be displayed in the Password and Confirm Password fields.
Directory Sync Services Configuration
Click the Directory Sync Services Configuration tab to view and/or modify your current synchronization settings.
Figure 6.2—Configuration Editor, Directory Sync Services Configuration Tab
This tab will show you whether or not synchronization is enabled or not and with which directory service(s).
If synchronization is currently enabled, the check box of the directory service in question will be selected. You can turn synchronization off by either deselecting the check box or clearing the Active Directory Forest Name or Novell Tree Name field, as appropriate.
Because these actions will both stop the synchronization from occurring and delete the directory service information from the SEE database, you will be prompted to confirm after clicking OK.
To enable synchronization services, select the appropriate check box and enter the necessary information into the fields below. All fields are mandatory.
Click OK to effect the changes that you have made in this tab.
Web Server Configuration
Click the Web Server Configuration tab to view and/or modify the protocol and/or port used for communications between the Client Computers and the SEE Management Server.
Figure 6.3—Configuration Editor, Web Server Configuration Tab
Before you can modify the information contained within the Protocol area, you must provide the credentials of a user with administrative rights to IIS on the SEE Management Server. Enter the user name in the IIS Administrator Name field and enter the password in the Password and Confirm Password fields. Type the domain of this account or the local computer name.
You can also optionally provide the friendly server name of the SEE Management Server. This value is saved in the SEE database for future use.
Once you have completed the entry of the administrative credentials, to change the protocol itself, select the relevant option button. If HTTPS is selected, an SSL Port field will be displayed.
To change or set the TCP port that is used for client communications with the SEE Management Server, enter the appropriate number in the TCP Port field. An SSL port is also required for HTTPS communications.
Directory Sync Service Status
Click the Directory Sync Service Status tab to view the status of your configuration services and adjust their operation.
Figure 6.4—Configuration Editor, Directory Sync Service Status Tab
The tab is divided into two main areas containing the options and status information related to each directory service.
The first field in each area will display the current status of synchronization with the directory service.
Below the status value, a sentence will state either that synchronization with the directory service has never occurred, or the last time and date on which the synchronization occurred.
The status information for both areas is refreshed by clicking Refresh Status.
The display of the buttons will vary as appropriate to the current status of the directory service synchronization. Click Stop to stop the synchronization service. Click Restart to restart the service. The Resync Now button is also available to effect an immediate synchronization.
Table 6.1—Synchronization Service Status Values
Value Explanation
Running The service is running.
Stopped The service has been stopped.
Start Pending A command to start the service has been issued and is in process.
Continue Pending A command to restart the service has been issued and is in process.
Pause Pending A command to stop the service has been issued and is in process.
Not Installed
The service has been manually removed. This represents an error condition as the service should only be removed during an uninstallation procedure.
Appendix A
Framework System Events List
The following table lists the individual SEE Framework–generated windows system events logged on the Client Computer. The column headings indicate the Event ID, the severity of the event (Error, Info, or Warning), and a description of the event indicating the type, source, or policy that generated the event (Internal, Program Action, Initial Setting, Settings Change, or Utility).
Table A.1—Framework System Events
Event
ID Severity Description Explanation
0 Error Internal: Cannot map event ID to string. Framework The Framework event ID cannot be mapped to the string in the Framework.
1 Info Internal: Audit functions started. Framework The Framework audit functions have started.
2 Info Internal: Audit functions ended. Framework The Framework audit functions have ended.
3 Info Program Action: Successful client logon/authentication attempted with password. Framework [user name]
An attempt to logon at Pre-Windows with a password has succeeded.
4 Warning
Program Action: Unsuccessful client logon/
authentication attempted with password. Framework [user name]
An attempt to logon at Pre-Windows with a password has failed.
7 Info Program Action: Successful logon/authentication attempted with One-Time Password. Framework
The One-Time Password process has succeeded in authenticating the user.
8 Warning Program Action: Unsuccessful logon/authentication attempted with One-Time Password. Framework
The One-Time Password process has failed to authenticate the user.
9 Info Program Action: Successful logon/authentication attempted with Authenti-Check. Framework
The Authenti-Check process has succeeded in authenticating the user.
10 Warning Program Action: Unsuccessful logon/authentication attempted with Authenti-Check. Framework
The Authenti-Check process has failed to authenticate the user.
11 Warning Program Action: Number of client logon attempts exceeded the maximum allowed. Framework
The number of Pre-Windows logon attempts allowed before a delay has been exceeded.
12 Info Program Action: User password changed successfully.
Framework [user name] The user has successfully changed their SEE password.
13 Info Program Action: User password changed unsuccessfully.
Framework
The user attempted to change their SEE password, but failed. This could be because it did not meet the password requirements.
14 Warning Program Action: User program uninstallation attempted.
Framework An attempt to uninstall SEE Framework has been made.
15 Info Program Action: User changed Authenti-Check questions and answers successfully. Framework
The user has succeeded in changing their Authenti-Check question(s) and/or answer(s).
16 Info Program Action: User has been unregistered. Framework The user has successfully been unregistered.
17 Info Program Action: User password resynchronized with Windows password. Framework
The user’s SEE password has been resynchronized with their Windows password to enable the Single Sign-On feature.
18 Warning Program Action: Computer locked due to failure to communicate with SEE server. Framework
The Client Computer has failed to communicate with the SEE Management Server within the mandatory interval and, as a result, has been locked.
19 Warning Program Action: User password expired. Framework The user’s SEE password has expired.
20 Info Program Action: User registration completed. The user has successfully completed the registration
21 Warning Program Action: Final grace logon reached. Framework The number of grace restarts is now zero and the next user to log on to Windows will be forced to register.
22 Info Program Action: User logged on after Hibernation or/
and Stand by. Framework [user name]
A hibernation or standby process was initiated and ended when the user logged on to Windows.
23 Info Program Action: Client program installation attempted.
Framework An attempt to install SEE Framework was made.
24 Info Program Action: Client program upgrade attempted.
Framework An attempt to upgrade SEE Framework was made.
25 Info Program Action: Grace logon attempted. Framework An attempt to exercise a grace restart was made.
26 Info Program Action: Authenti-Check questions and answers created. Framework
The user has set their Authenti-Check questions and answers as a part of the registration process.
27 Info Program Action: User password created. Framework [user name]
The user has set their SEE password as a part of the registration process.
29 Info
Initial Setting: One-Time Password [default|server]
method enabled; policy applied successfully. Framework Installation Settings - Authentication Assistance.
The One-Time Password recovery method has been enabled as an installation setting. The default method will be [default|server], as indicated in the audit event.
30 Error
Initial Setting: One-Time Password [default|server]
method enabled; policy failed. Framework Installation Settings - Authentication Assistance.
The installation package specified that the One-Time Password recovery method should be enabled, but this setting failed to be applied.
31 Info
Initial Setting: One-Time Password not enabled; policy applied successfully. Framework Installation Settings - Authentication Assistance.
The One-Time Password recovery method is not enabled for this workstation, as per the installation setting.
32 Error
Initial Setting: One-Time Password not enabled; policy failed. Framework Installation Settings - Authentication Assistance.
The installation package specified that the One-Time Password recovery method should not be enabled, but this setting failed to be applied.
33 Info
Initial Setting: Authenti-Check enabled; policy applied successfully. Framework Installation Settings - Authentication Assistance.
The Authenti-Check recovery method has been enabled as an installation setting.
34 Error
Initial Setting: Authenti-Check enabled; policy failed.
Framework Installation Settings - Authentication Assistance.
The installation package specified that the Authenti-Check recovery method should be enabled, but this setting failed to be applied.
35 Info
Initial Setting: Authenti-Check not enabled; policy applied successfully. Framework Installation Settings - Authentication Assistance.
The Authenti-Check recovery method is not enabled for this workstation, as per the installation setting.
36 Error
Initial Setting: Authenti-Check not enabled; policy failed. Framework Installation Settings - Authentication Assistance.
The installation package specified that the Authenti-Check recovery method should not be enabled, but this setting failed to be applied.
37 Info
Initial Setting: Authentication Assistance message;
policy applied successfully. Framework Installation Settings - Authentication Assistance.
The authentication assistance message specified in the installation package was set successfully.
38 Error
Initial Setting: Authentication Assistance message;
policy failed. Framework Installation Settings - Authentication Assistance.
The authentication assistance message specified in the installation package failed to be set.
39 Info
Initial Setting: Client Administrator [account name]
account created with [low|medium|high] privileges;
policy applied successfully. Framework Installation Settings - Client Administrators.
The Client Administrator account specified in the installation package and described in the audit log description was created successfully.
40 Error
Initial Setting: Client Administrator [account name]
account created with [low|medium|high] privileges;
policy failed. Framework Installation Settings - Client Administrators.
The Client Administrator account specified in the installation package and described in the audit log description failed to be created.
Table A.1—Framework System Events (Continued)
Event
ID Severity Description Explanation
41 Info
Initial Setting: the SEE Management Server communication interval was set successfully.
Framework Installation Settings - Communication.
The SEE Management Server communication interval specified in the installation package was set successfully.
42 Error
Initial Setting: the SEE Management Server communication interval failed to be set. Framework Installation Settings - Communication.
The SEE Management Server communication interval specified in the installation package failed to be set.
43 Info
Initial Setting: the user name of the SEE Management Server client account was set successfully. Framework Installation Settings - Communication.
The user name of the SEE Management Server client IIS account specified in the installation package was set successfully.
44 Error
Initial Setting: the user name of the SEE Management Server client account failed to be set. Framework Installation Settings - Communication.
The user name of the SEE Management Server client IIS account specified in the installation package failed to be set.
45 Info
Initial Setting: the SEE Management Server client account password was set successfully. Framework Installation Settings - Communication.
The SEE Management Server client IIS account password specified in the installation package was set successfully.
46 Error
Initial Setting: the SEE Management Server client account password failed to be set. Framework Installation Settings - Communication.
The SEE Management Server client IIS account password specified in the installation package failed to be set.
47 Info
Initial Setting: Limit password attempts enabled; policy applied successfully. Framework Installation Settings - Password Authentication.
The limitation on the number of password authentication attempts specified in the installation package has been set successfully.
48 Error
Initial Setting: Limit password attempts enabled; policy failed. Framework Installation Settings - Password Authentication.
The limitation on the number of password authentication attempts specified in the installation package failed to be set.
49 Info
Initial Setting: Limit password attempts not enabled;
policy applied successfully. Framework Installation Settings - Password Authentication.
No limitation to the number of password authentication attempts, as specified in the installation package, has been set successfully.
50 Error
Initial Setting: Limit password attempts not enabled;
policy failed. Framework Installation Settings - Password Authentication.
No limitation to the number of password authentication attempts, as specified in the installation package, failed to be set.
55 Info
Initial Setting: Maximum password age enabled; policy applied successfully. Framework Installation Settings - Password Authentication.
The user’s passwords will expire at the interval designated in the installation package; this was set successfully.
56 Error
Initial Setting: Maximum password age enabled; policy failed. Framework Installation Settings - Password Authentication.
The user’s passwords will not expire at the interval designated in the installation package; this failed to be set.
57 Info
Initial Setting: Maximum password age not enabled;
policy applied successfully. Framework Installation Settings - Password Authentication.
The user’s passwords will not expire. This was set successfully, as specified in the installation package.
58 Error
Initial Setting: Maximum password age not enabled;
policy failed. Framework Installation Settings - Password Authentication.
Although the installation package specified that the user’s passwords would not expire, this failed to be set.
59 Info
Initial Setting: Password history (any previous password can be reused) enabled; policy applied successfully.
Framework Installation Settings - Password Authentication.
The user will be able to reuse previous passwords, this installation setting was applied successfully.
60 Error
Initial Setting: Password history (any previous password can be reused) enabled; policy failed. Framework Installation Settings - Password Authentication.
The installation package specified that the user should be able to reuse previous passwords, but this setting failed to be applied.
Initial Setting: Password history (limit password reuse
and days between changes) enabled; policy applied The user will not be able to use previous passwords, the
Table A.1—Framework System Events (Continued)
Event
ID Severity Description Explanation
62 Error
Initial Setting: Password history (limit password reuse and days between changes) enabled; policy failed.
Framework Installation Settings - Password Authentication.
Even though the installation package specified certain limitations on the ability of users to use previous passwords, these settings failed to be applied.
63 Info
Initial Setting: Password complexity requirements for minimum password length met; policy applied successfully. Framework Installation Settings - Password Authentication.
The installation package specified that users must set their passwords to be of a minimum length. This was set successfully.
64 Error
Initial Setting: Password complexity requirements for minimum password length met; policy failed.
Framework Installation Settings - Password Authentication.
The installation package specified that users must set their passwords to be of a minimum length. This setting failed to be applied.
65 Info
Initial Setting: Non-alphanumeric characters allowed in password setting; policy applied successfully.
Framework Installation Settings - Password Authentication.
The installation package specified that users will be able to use non-alphanumeric characters in their passwords.
This was set successfully.
66 Error
Initial Setting: Non-alphanumeric characters allowed in password setting; policy failed. Framework Installation Settings - Password Authentication.
The installation package specified that users should be able to use non-alphanumeric characters in their passwords. This setting failed to be applied.
67 Info
Initial Setting: Password complexity requirements for minimum number of non-alphanumeric characters met;
policy applied successfully. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of non-alphanumeric characters must be present in the user’s passwords. This was set successfully.
68 Error
Initial Setting: Password complexity requirements for minimum number of non-alphanumeric characters not met; policy failed. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of non-alphanumeric characters must be present in the user’s passwords. This setting failed to be applied.
69 Info
Initial Setting: Password complexity requirements for minimum number of uppercase characters met; policy applied successfully. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of uppercase characters must be present in the user’s passwords. This was set successfully.
70 Error
Initial Setting: Password complexity requirements for minimum number of uppercase characters not met;
policy failed. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of uppercase characters must be present in the user’s passwords. This setting failed to be applied.
71 Info
Initial Setting: Password complexity requirements for minimum number of lowercase characters met; policy applied successfully. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of lowercase characters must be present in the user’s passwords. This was set successfully.
72 Error
Initial Setting: Password complexity requirements for minimum number of lowercase characters not met;
policy failed. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of lowercase characters must be present in the user’s passwords. This setting failed to be applied.
73 Info
Initial Setting: Password complexity requirements for minimum number of digits met; policy applied successfully. Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of digits must be present in the user’s passwords. This was set successfully.
74 Error
Initial Setting: Password complexity requirements for minimum number of digits not met; policy failed.
Framework Installation Settings - Password Authentication.
The installation package specified that a minimum number of digits must be present in the user’s passwords. This setting failed to be applied.
The installation package specified that a minimum number of digits must be present in the user’s passwords. This setting failed to be applied.