Promisec's Watchful Eye

Promisec Spectator Professional gives an added layer of security, providing administrators visibility and control over what users are doing on their PCs, workstations, laptops and services within a domain. More specifically, Spectator's scanning produces information on processes, applications, startup commands and tool bars that are being used. The tool also can identify services and applications that are not permissible or fall outside registered software licenses. In addition, Spectator can identify missing services and unapplied service packs.

Spectator arrives with some network change management capabilities such as hardening registry values by controlling and reverting registry entries if unauthorized changes are made. If a malicious program tries to change registry values, Spectator will automatically change all the registry settings back. Spectator also supports Microsoft Windows Vista.

The tool complements also enterprise monitoring offerings. For instance, Spectator 3.1 integrates with Check Point's VPN-1 Pro and IBM Tivoli Monitoring.

Step 1: Installation

When downloading a Promisec evaluation, make sure to get a license key. The company does not have a standard time-based license for Spectator Professional on its Web site. The software works on Windows NT and above, so Channel Test Center engineers installed it on a Windows 2003 server. If .NET is not already installed the product installation will install .Net framework 2.0.

To gain remote access to endpoints, port 445 must be open for administrators. Remote Registry and file and print sharing must be active on all end points. RPC access also needs to be enabled.

Once installed, the software is simple to use if Active Directory is running on a domain. Spectator 3.1, however, does not support access to end points when running a Windows server in stand alone mode, unless the Spectator server and all end points have the same authentication credentials.

Engineers decided to use the agentless version of Spectator. However, engineers were running a stand-alone Windows 2003 server and were not able to scan any machines. Engineers received "access denied" messages even after matching authentication credentials. Engineers experimented with levels of access to remote shares but were not successful. Even with administrative privileges, engineers could not complete the scan. Apparently, authentication needed to be identical between server and end point.

While a full product user guide and installation guide are provided on the Web site and via a help menu, engineers could not find any information on how to connect and use credentials from an end point. This is completely missing from the documentation. Promisec states that most customers use Active Directory in the United States and stand-alone servers are rarely used.

However, Promisec agrees that many small customers do not use Active Directory, so it is making a new version available that is able to work with stand-alone servers. Engineers ended up downloading Spectator 3.2 Beta. Version 3.2 is able to use different authentication credentials. With the help of Promisec, engineers were able to quickly setup new usernames to log onto end points.

The new Spectator arrives with a Credentials Management feature that uses host credentials without having to access Active Directory.

The credentials have to be created in a group rather than individually, unless there's a single authentication credential being used on a network. The pane is a little confusing because administrators are given both options without a clear cut way of differentiating between adding single users and using credentials in a group. For some unexplained reason, engineers couldn't add one user at a time, instead using the group credential window to store the accounts.

NEXT: Prepping for the scan