A current version of the installation package for the central management of the Kaspersky Security Center, including the entire documentation, is available for download in the “Downloads & Info” section via the “Files” button. The difference between the “Full Package” and the “Lite Package” is described in the KL knowledgebase – further information.
If you don’t have full SQL server, so I recommend download and install MS SQL Server 2017 Express (ke stažení zde).
After launching the installation process, use the “Install Kaspersky Security Center 10” option.
Select the “Standard” installation mode.
Enter the number of managed computers (based on the number of selected workstations, the setup will modify some parameters which you can change in the administration interface later, if necessary)
The administration console is installed automatically with the server and starts automatically afterwards. If you want to install the administration console on another workstation and use the workstation to control the KSC administration server, use the “Install Kaspersky Security Center Administration Console” option.
Once you have launched the administration console, use the Quick Start Wizard – it will help you to create basic settings and tasks. You can change each setting later or delete it and run the Quick Start Wizard (Administration Server > Action > All tasks > Quick Start Wizard) again.
Enter the licence key you received from the vendor or choose the “Activate application later” option.
I recommend using service – Kaspersky Security Network
If you want to manage plugins manually or later in KSC. Skip check in the next step.
Set your SMTP server and the recipient address for notifications from the KSC Central Management.
Close the wizard using the “Finish” button. Before deploying the product, it’s advisable to modify the settings based on your business needs; then perform the installation on workstations and servers separately.
Settings of both the central management and all other products have been performed during the development phase to avoid any complex customization. The following chapter focuses on principles and settings that can differ in each company, based on its IT environment.
This task is automatically created during the KSC installation process using the Quick Start Wizard. The task is automatically scheduled and launches every Tuesday at 7:00 p.m. Its task is to scan every station where Kaspersky Network Agent runs for all vulnerabilities and missing updates of the OS. I recommend scheduling this task for the most suitable time, based on your needs.
Choose the start time or the manual start option > “Manually“. The “Run Missed tasks” option runs the scheduled task when the station that was turned off during the task’s scheduled time is started.
You can deactivate a lock and lock the policy settings for the Kaspersky Network Agent if you don’t want to have executables containing vulnerabilities scanned, especially if you don’t intend to use this information later.
If don’t display Security Control, follow this procedure – support.kaspersky.com/9328.
When you use the above-mentioned procedure, these options will be displayed and available in the policy.
The licence keys can be managed in Kaspersky Lab licenses.
If you check the “Automatically deployed key” option, you enable the central management to automatically deliver the licence keys to the stations where KES has been installed but the licence key has not been activated.
If the “Automatically deployed key” option is checked, you can’t use the licence key when creating the installation tasks for workstations. You can ignore the warning since the licence key will be automatically delivered to finish the installation process.
If you need to enforce changing the licence key on workstations, you can use a task to make this happen.
To change the licence key on a workstation you must disable the “Add this key as an additional key” option.
Open the policy you want to edit. Policies > KES10 > Change policy settings
Setting exceptions for applications and folders
In General Settings > Exclusions > use the “Settings” button to add exceptions, if necessary. Further information.
How to scan network disks
Use the “Settings” button in File Threat Protection > Security level > Settings. If you don’t require scanning of network drives, uncheck “All network drives”.
Enable password protection
General Settings > Interface > Password protection > Settings
Preparations before installing Kaspersky Network Agent and Kaspersky Endpoint Security 10 for Windows on workstations and servers (if you want to use an English version of KES, you can skip this step)
Download an installation package of another language version and run it. When you unpack the distribution package, go to KSC Central Management > Remote Installation > Installation packages
By checking the “Copy updates from repository to installation package” option you add current virus definitions to the installation package. This option is also available when the installation package has already been created.
Each installation package can be preset before deploying on workstations and servers
Create groups in Managed Computers, e.g., Installation, Stations, Servers. Each group can have separate Tasks and Policies in KSC. Both the NA and KES10 installation packages are the same for all Windows platforms. The installation is then performed within one group (can be divided into two groups; first the NA installation and then the second group to install KES10). Once the installation process has finished, you can move stations and servers and put them into groups in Managed Computers, if necessary.
If you want computers to be arranged in groups automatically, you can set up rules which can be used just once or permanently. The computers can be arranged based on their OS, naming convention; you can use a structure that has been created in MS Active Directory, etc…
Simplifying IT management to cut operational costs and achieve better efficiency. Kaspersky Systems Management centralizes a wide range of functions related to the system management.
The training materials for System Management are available at – KL 109.10: Systems Management
HOW TO INSTALL KASPERSKY NETWORK AGENT AND KASPERSKY ENDPOINT SECURITY 10 FOR WINDOWS ON WORKSTATIONS AND SERVERS
In every group, you can define which installation packages will be automatically installed on each station within the group. To demonstrate the procedure, we will automatically install Kaspersky Network Agent and Kaspersky Endpoint Security 10 for Windows. Once a station or a server has been moved to this group, the installation process starts automatically.
If you don’t want to utilize the automatic installation feature on all computers, cancel these automatic package installations and move the computers to a group of your choice. Once Kaspersky Network Agent has been installed, you can create a task to be run on each computer within the group. NA is already installed on the computers where the task has run, and the installation process won’t repeat.
First, install a component for communication between KSC and the station – Kaspersky Security Center Network Agent (Network Agent / NA). The component can detect both the hardware and installed software status on workstations. This way, you can uninstall clashing software before installing Kaspersky Endpoint Security. Then use the same procedure to deploy other installation packages, e.g., Kaspersky Endpoint Security 10 for Windows.
Set up the parameters to restart the station.
Set up a user account with local or domain administrator rights.
To create a fully automated installation package, e.g., for Kaspersky Endpoint Security 10 for Windows, including Kaspersky NA, use the “Create stand-alone installation package” option. The fully automated package can contain the licence key and predefined settings – further information.
It is suitable and advisable to remove incompatible applications before installing Kaspersky Endpoint Security 10 for Windows on workstations. This way, you can avoid possible problems. Kaspersky Network Agent can provide information about installed incompatible software on workstations.
Create a group task to remove incompatible software.
Select the required applications (or all of them – Select All) and, in the next step, set a user account with local or domain administrator rights to successfully remove the software
Finish and run the task.