Unassigned devices

This section provides information about how to manage devices on an enterprise network if they are not included in an administration group.

Device discovery

This section describes the types of device discovery available in Kaspersky Security Center and provides information using each type.

The Administration Server receives information about the structure of the network and devices on this network through regular polling. The information is recorded to the Administration Server database. Administration Server can use the following types of polling:

• Windows network polling. The Administration Server can perform two kinds of Windows network poll: quick and full. During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, more information is requested from each client device, such as operating system name, IP address, DNS name, and NetBIOS name. By default, both quick poll and full poll are enabled. Windows network polling may fail to discover devices, for example, if the ports UDP 137, UDP 138, TCP 139 are closed on the router or by the firewall.
• Active Directory polling. The Administration Server retrieves information about the Active Directory unit structure and about DNS names of the devices from Active Directory groups. By default, this type of polling is enabled. We recommend that you use Active Directory polling if you use Active directory; otherwise, the Administration Server does not discover any devices. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by Active Directory polling.
• IP range polling. The Administration Server polls the specified IP ranges using ICMP packets or the NBNS protocol and compiles a complete set of data on devices within those IP ranges. By default, this type of polling is disabled. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

If you set up and enabled device moving rules, the newly discovered devices are automatically included in the Managed devices group. If no moving rules have been enabled, the newly discovered devices are automatically included in the Unassigned devices group.

You can modify device discovery settings for each type. For example, you may want to modify the polling schedule or to set whether to poll the entire Active Directory forest or only a specific domain.

Windows network polling

Expand all | Collapse all

About Windows network polling

During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups. During a full poll, the following information is requested from each client device:

• Operating system name
• IP address
• DNS name
• NetBIOS name

Both quick polls and full polls require the following:

• Ports UDP 137/138, TCP 139, UDP 445, TCP 445 must be available in the network.
• The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the Administration Server.
• The Microsoft Computer Browser service must be used, and the primary browser computer must be enabled on the client devices:
  • On at least one device, if the number of networked devices does not exceed 32.
  • On at least one device for each 32 networked devices.

The full poll can run only if the quick poll has run at least once.

Viewing and modifying the settings for Windows network polling

To modify the settings for the Windows network polling:

1. In the console tree, in the Device discovery folder, select the Domains subfolder.

   You can proceed from the Unassigned devices folder to the Device discovery folder by clicking the Poll now button.

   In the workspace of the Domains subfolder, the list of the devices is displayed.

2. Click Poll now.

   The domain properties window opens. If you want, modify the settings of Windows network polling:

   • Enable Windows network polling

     This option is selected by default. If you do not want to perform Windows network poll (for example, if you think that Active Directory polling is enough), you can unselect this option.

   • Set quick polling schedule

     The default period is 15 minutes.

     During a quick poll, the Administration Server only retrieves information from the list of the NetBIOS names of devices in all network domains and workgroups.

     The data received at the next polling completely replaces the old data.

     The following polling schedule options are available:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

     • Run missed tasks

       If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

       If this option is enabled, the Administration Server starts polling immediately after it is switched on.

       If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

       By default, this option is enabled.

   • Set full polling schedule

     The default period is one hour. The data received at the next polling completely replaces the old data.

     The following polling schedule options are available:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

     • Run missed tasks

       If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

       If this option is enabled, the Administration Server starts polling immediately after it is switched on.

       If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

       By default, this option is enabled.

If you want to perform the poll immediately, click Poll now. Both types of polls will start.

On the virtual Administration Server you can view and edit the polling settings of the Windows network in the properties window of the distribution point, in the Device discovery section.

Active Directory polling

Expand all | Collapse all

Use Active Directory polling if you use Active Directory; otherwise, it is recommended to use other poll types. If you use Active Directory but some of the networked devices are not listed as members, these devices cannot be discovered by Active Directory polling.

Viewing and modifying the settings for Active Directory polling

To view and modify the settings for polling Active Directory groups:

1. In the console tree, in the Device discovery folder, select the Active Directory subfolder.

   Alternatively, you can proceed from the Unassigned devices folder to the Device discovery folder by clicking the Poll now button.

2. Click Configure polling.

   The Active Directory properties window opens. If you want, modify the settings of Active Directory group polling:

   • Enable Active Directory polling

     This option is selected by default. However, if you do not use Active Directory, the poll does not retrieve any results. In this case, you can unselect this option.

   • Set polling schedule

     The default period is one hour. The data received at the next polling completely replaces the old data.

     The following polling schedule options are available:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

     • Run missed tasks

       If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

       If this option is enabled, the Administration Server starts polling immediately after it is switched on.

       If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

       By default, this option is enabled.

   • Advanced

     You can select which Active Directory domains to poll:

     • Active Directory domain to which the Kaspersky Security Center belongs.
     • Domain forest to which the Kaspersky Security Center belongs.
     • Specified list of Active Directory domains.

       If you select this option, you can add domains to the polling scope:

       • Click the Add button.
       • In the corresponding fields, specify the address of the domain controller, the name and password of the account for accessing it.
       • Click OK to save changes.

       You can select the domain controller address on the list and click the Modify or Remove buttons to modify or remove it.

     • Click OK to save changes.

If you want to perform the poll immediately, click the Poll now button.

On the virtual Administration Server, you can view and edit the polling settings of Active Directory groups in the properties window of the distribution point, in the Device discovery section.

IP range polling

Expand all | Collapse all

The Administration Server polls the specified IP ranges using ICMP packets or the NBNS protocol and compiles a complete set of data on devices within those IP ranges. By default, this type of polling is disabled. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

Viewing and modifying the settings for IP range polling

To view and modify the settings for polling IP range groups:

1. In the console tree, in the Device discovery folder, select the IP ranges subfolder.

   You can proceed from the Unassigned devices folder to the Device discovery folder by clicking Poll now.

2. If you want, in the IP ranges subfolder click Add subnet to add an IP range for polling, and then click OK.
3. Click Configure polling.

   The IP ranges properties window opens. If you want, you can modify the settings of IP range polling:

   • Enable IP range polling

     This option is not selected by default. It is not recommended to use this type of polling if you use Windows network polling and/or Active Directory polling.

   • Set polling schedule

     The default period is 420 minutes. The data received at the next polling completely replaces the old data.

     The following polling schedule options are available:

     • Every N days

       The polling runs regularly, with the specified interval in days, starting from the specified date and time.

       By default, the polling runs every day, starting from the current system date and time.

     • Every N minutes

       The polling runs regularly, with the specified interval in minutes, starting from the specified time.

       By default, the polling runs every five minutes, starting from the current system time.

     • By days of week

       The polling runs regularly, on the specified days of week, and at the specified time.

       By default, the polling runs every Friday at 6:00:00 PM.

     • Every month on specified days of selected weeks

       The polling runs regularly, on the specified days of each month, and at the specified time.

       By default, no days of month are selected; the default start time is 6:00:00 PM.

     • Run missed tasks

       If the Administration Server is switched off or unavailable during the time for which the poll is scheduled, the Administration Server can either start the poll immediately after it is switched on, or wait for the next time for which the poll scheduled.

       If this option is enabled, the Administration Server starts polling immediately after it is switched on.

       If this option is disabled, the Administration Server waits for the next time for which the polling is scheduled.

       By default, this option is enabled.

If you want to perform the poll immediately, click Poll now. This button is only available if you selected Enable IP range polling.

On the virtual Administration Server, you can view and edit the settings for IP range polling in the distribution point properties window, in the Device discovery section. Client devices discovered during the poll of IP ranges are displayed in the Domains folder of the virtual Administration Server.

Working with Windows domains. Viewing and changing the domain settings

To modify the domain settings:

1. In the console tree, in the Device discovery folder, select the Domains subfolder.
2. Select a domain and open its properties window in one of the following ways:
   • By selecting Properties in the context menu of the domain.
   • By clicking the Show group properties link.

The Properties: <Domain name> window opens where you can configure the selected domain.

Configuring retention rules for unassigned devices

Expand all | Collapse all

After Windows network polling is complete, the found devices are placed into subgroups of the Unassigned devices administration group. This administration group can be found at Advanced → Device discovery → Domains. The Domains folder is the parent group. It contains child groups named after the corresponding domains and workgroups that have been found during the network polling. The parent group may also contain the administration group of mobile devices. You can configure the retention rules of the unassigned devices for the parent group and for each of the child groups. The retention rules do not depend on the network polling settings and work even if the network polling is disabled.

To configure retention rules for unassigned devices:

1. In the console tree, in the Device discovery folder, do one of the following:
   • To configure settings of the parent group, right-click the Domains subfolder and select Properties.

     The parent group properties window opens.

   • To configure settings of a child group, right-click its name and select Properties.

     The child group properties window opens.

2. In the Devices section, specify the following settings:
   • Remove the device from the group if it has been inactive for longer than (days)

     If this option is enabled, you can specify the time interval after which the device is automatically removed from the group. By default, this option is also distributed to the child groups. The default time interval is 7 days.

     By default, this option is enabled.

   • Inherit from parent group

     If this option is enabled, the retention period for the devices in the current group is inherited from the parent group and cannot be changed.

     This option is available only for child groups.

     By default, this option is enabled.

   • Force inheritance in child groups

     The setting values will be distributed to child groups but in the properties of the child groups these settings are locked.

     By default, this option is disabled.

Your changes are saved and applied.

Working with IP ranges

You can customize existing IP ranges and create new ones.

Creating an IP range

To create an IP range:

1. In the console tree, in the Device discovery folder, select the IP ranges subfolder.
2. In the context menu of the folder, select New → IP range.
3. In the New IP range window that opens, set up the new IP range.

The new IP range appears in the IP ranges folder.

Viewing and changing the IP range settings

To modify the IP range settings:

1. In the console tree, in the Device discovery folder select the IP ranges subfolder.
2. Select an IP range and open its properties window in one of the following ways:
   • By selecting Properties in the context menu of the IP range.
   • By clicking the Show group properties link.

The Properties: <IP range name> window opens where you can configure the properties of the selected IP range.

Working with the Active Directory groups. Viewing and modifying group settings

To modify the settings for the Active Director group:

1. In the console tree, in the Device discovery folder, select the Active Directory subfolder.
2. Select an Active Directory group and open its properties window in one of the following ways:
   • By selecting Properties in the context menu of the IP range.
   • By clicking the Show group properties link.

The Properties: <Active Directory group name> window opens where you can configure the selected Active Directory group.

Creating rules for moving devices to administration groups automatically

You can configure devices to be moved automatically to administration groups after they are discovered during a poll on an enterprise network.

To configure rules for moving devices to administration groups automatically:

1. In the console tree, select the Unassigned devices folder.
2. In the workspace of this folder, click Configure rules.

This opens the Properties: Unassigned devices window. In the Move devices section, configure the rules to move devices to administration groups automatically.

The first applicable rule in the list (from the top to the bottom of the list) will be applied to a device.

Using VDI dynamic mode on client devices

A virtual infrastructure can be deployed on a corporate network using temporary virtual machines. Kaspersky Security Center detects temporary virtual machines and adds information about them to the Administration Server database. After a user finishes using a temporary virtual machine, the machine is removed from the virtual infrastructure. However, a record about the removed virtual machine can be saved in the database of the Administration Server. Also, nonexistent virtual machines can be displayed in Administration Console.

To prevent information about nonexistent virtual machines from being saved, Kaspersky Security Center supports dynamic mode for Virtual Desktop Infrastructure (VDI). The administrator can enable support of dynamic mode for VDI in the properties of the installation package of Network Agent to be installed on the temporary virtual machine.

When a temporary virtual machine is disabled, Network Agent notifies the Administration Server that the machine has been disabled. If the virtual machine has been disabled successfully, it is removed from the list of devices connected to the Administration Server. If the virtual machine is disabled with errors and Network Agent does not send a notification about the disabled virtual machine to the Administration Server, a backup scenario is used. In this scenario, the virtual machine is removed from the list of devices connected to the Administration Server after three unsuccessful attempts to synchronize with the Administration Server.

Enabling VDI dynamic mode in the properties of an installation package for Network Agent

To enable VDI dynamic mode:

1. In the Remote installation folder of the console tree, select the Installation packages subfolder.
2. In the context menu of the Network Agent installation package, select Properties.

   The Properties: Kaspersky Security Center Network Agent window opens.

3. In the Properties: Kaspersky Security Center Network Agent window, select the Advanced section.
4. In the Advanced section, select the Enable dynamic mode for VDI option.

The device on which Network Agent is to be installed will be a part of VDI.

Searching for devices that are part of VDI

To find devices that make up part of VDI:

1. Select Search from the context menu of the Unassigned devices folder.
2. In the Find devices window, on the Virtual machines tab, in the This is a virtual machine drop-down list, select Yes.
3. Click the Find now button.

The application search for devices that make up part of Virtual Desktop Infrastructure.

Moving devices from VDI to an administration group

To move devices that are part of VDI to an administration group:

1. In the workspace of the Unassigned devices folder, click Configure rules.

   This opens the properties window of the Unassigned devices folder.

2. In the properties window of the Unassigned devices folder, in the Move devices section, click the Add button.

   The New rule window opens.

3. In the New rule window, select the Virtual machines section.
4. In the This is a virtual machine drop-down list, select Yes.

A rule will be created for device relocation to an administration group.