Endpoint Security Active Directory Authentication

When an Endpoint Security client connects to the Endpoint Security Management Server, an authentication process identifies the endpoint client and the user currently working on that computer.

The system can function in different modes:

• Unauthenticated mode - Connecting computers and users working on them are not authenticated. They are trusted "by name". This operation mode is recommended for evaluation purposes only. While in Unauthenticated mode, the SmartEndpoint will show Unauthenticated Mode in its Status bar (at the bottom of the Console window).
• Strong Authentication mode - Each connecting computer and the user working on it are authenticated with the Endpoint Security Management Server, using industry-standard Kerberos protection through the Active Directory server.

  This option is only available for endpoints that are part of Active Directory.

The authentication process:

1. The Endpoint Security client (2) requests an authentication ticket (1) from the Active Directory server (3).
2. The Active Directory server sends the ticket to the client.
3. The client sends the ticket to the Endpoint Security Management Server.
4. The Endpoint Security Management Server returns an acknowledgment of authentication.

The default behavior after Security Management Server installation is Unauthenticated mode. It is recommended that you use this mode while you are evaluating Endpoint Security, in a lab environment, and that you change to Strong Authentication just before moving to a production environment. It is not recommended to continue to work in Unauthenticated mode after moving to production in a live environment.

Important - If you use Active Directory Authentication, Full Disk Encryption and Media Encryption & Port Protection are only supported on endpoint computers that are part of Active Directory. If you have endpoint computers in your environment that are not part of Active Directory, Full Disk Encryption and Media Encryption & Port Protection will not work on them.

Configuring Authentication

When you are ready to move to production and to set up Strong Authentication follow this process. Do not set up authentication before you are ready to move to production, and do not leave your production environment without authentication.

To efficiently move to Strong Authentication:

1. Configure the Active Directory for authentication.
2. Configure the Authentication Settings.
3. Install Policies.

   The server communicates to clients that they now work in Authenticated mode.