Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The following Administrative Templates (ADM) are available to configure the Windows Snare Agents either individually or via a super group policy.

  • InterSect Alliance (Super Group Policy).adm
  • InterSect Alliance (Epilog Agents Group Policy).adm
  • InterSect Alliance (MSSQL Agents Group Policy).adm
  • InterSect Alliance (Win Agents Group Policy).adm


The above administrative templates can be downloaded from the Secure Area at the Intersect Alliance website.
The settings applied through Super Group Policy (SPG), are applicable to all types of agents running on the network. The specific Agent Group Policy (AGP) settings are only applicable to all same type of agents running on the network.

The templates can be loaded as per the following:

  1. Load the Microsoft Group Policy Management tool via Start | Administrative Tools | Group Policy Management.
  2. Expand the Group Policy domain and container to load the templates, as below:

  3. Right click on the Default Domain Policy and select Edit. This will load the Group Policy Management Editor.
  4. Expand the Computer Configuration | Policies | Administrative Template: Policy definitions (ADMX) files.

  5. Right click on the Administrative Template menu option and then select add and browse to the adm templates that were downloaded. Click on the templates and then select open (note you can select multiple templates using Control left click).
  6. Once selected select Close on the item box.
  7. If you expand the Classic Administrative Templates (ADM) menu item you should see the following:

  8. To manage the settings expand the policy groups and select the individual settings then enable that settings and enter the values desired. For example to set all agents via a Super Group Policy to use the same destination IP, port and protocol change the following:

  9. After the settings have been applied they will be saved in group policy. To force the settings out in the network perform a "gpupdate /force" from an administrative command prompt.

  10. Once complete review the agent settings and they should have received the updated settings via group policy. You can now see the following highlighted settings are updated in the Snare Agent.


    • As you can see the highlighted settings are now managed via GPO (as highlighted by the SGP tags in red) and the other settings (tagged as LR) remain under local control of the agent and local registry.
    • Once the settings are enabled via Super Group Policy (SGP) or Agent Group Policy (AGP), the agent GUI interface can no longer change the settings. If someone was to change the registry it will be overridden with the group policy settings.
    • In general the Super Group Policy template is used to control settings that are common to all Windows Agents. Where individual agent type settings are required then the agent type policies can be selected and updated.
    • Where fine grain control of agent settings from within the same type of agent is required then they should be managed via the Snare Server Agent Management Console or individually.

     

  • No labels