5. How to install and configure SAT
Because there is not possibility to upgrade form previous versions of SAT, please deinstall any
previous version of SAT before installing this BETA version! The old Access data files can be used
with Beta 1.01a of SAT.
A wizard then guides you through the
whole installation process. (When you install SAT the first time on a test computer, we
recommend installing all components and experiment with them.)
- Self installing zipped file:
If your SAT version consists of a single file SAT10BETA.EXE, just start this program
and follow the given instructions.
(This variant will be standard if you receive SAT via email
or download SAT as a single file via WWW.)
- Already unzipped package:
If your have an unpacked version of SAT, which consists of several files including the program SETUP.EXE, simply start SETUP.EXE to install the application.
(If you receive SAT on two disks, the program SETUP.EXE is on the first disk)
The "Service Config" application installs and configures the services of the
application. This makes the application ready for the first use (see the next chapter).
You can use the "Service Plus" application for controlling the service security. The
security of the Master service decides, who is allowed to initiate a scan. So you can use this tool
to control the permissions of the distributed scanner.
SAT needs a central ODBC database of type "System DSN".
So create a new Access database by using the ODBC manager on the computer running the Master-Service.
For more information see the following sample scenario.
6. Sample scenario
We assume a small domain containing 4 computers (one domain controller with name
DC0, two workstations with names WS1, WS2 and a member server SERV3).
All computers should be analysed by SAT.
Besides this, SERV3 is the computer of the administrator and is dedicated to store the SAT database
and runs the "Master Service".
Because the administrator wants work with SAT from his computer, the "Controller" (to start a scan) and the "Viewer" (for SAT reports) must be installed on this computer too.
These considerations lead to to following installation sequence:
Check that the user SAT_User has administrative rights and the right "Logon as a service" on every computer, which is to be analysed. Additionally, these rights must be given to SAT_User also on the computer holding the "Master Service".
If any problems arise, please check the event logs to see if security is the reason for the malfunction.
- Create a new user (e.g. with name SAT_User) as global user on the domain controller DC0.
- Make the account SAT_User a member of the global group DomainAdmins.
(Therefore SAT_User has administrative rights on all computers of the domain,
because the global group DomainAdmins is a member of the local group Administrators on every
computer of the domain as a standard. If this is not true for your configuration, please ensure
that user SAT_User has administrative rights on every computer running a SAT-service.)
- The three computers DC0, WS1 and WS2 are treated the same way, so we only describe the installation
- Install SAT using the "Slave only" setup type.
- Use the program "Service Config", which is automatically installed, to set up and
configure the "Slave Service". Supply the user previously created (SAT_User) together
with the password.
- The slave component is configured properly on this computer now.
- Install SAT using the "Full Installation" mode on computer SERV3.
Configure the "Master Service" and "Slave Service" by using the program
"Service Config" in the same manner as before.
- Create a new Access database of type System DSN by using the ODBC manager.
- Start the "Controller" component of SAT and bind SAT to the newly created database.
Configure, which computers and which drives should be analysed. After that you are ready to start
the scan process.
- After the scan process is finished (this may take some time), you can view the results
using the "Rights Viewer". The "Controller" shows the current state
of the scan process to you. (Don't forget to press the refresh-button to obtain
This scenario is by no way complete. Please feel free to create your own global and local groups
and group relationships to support the services and programs of SAT with the correct security settings.
The program "Service Plus" me be used for these purposes too.
Just consider the possibility to allow another user (without administrative rights) to start
the "Master Service" using an command-line tool. See chapter 8
for more information about this.
Because the user SAT_User has administrative rights on all computers of the domain, use a secure
password and treat this account the same way as every other administrative and confidential account!!