Setup Wizard Installation - Enzoic for Active Directory

 

Run the installer, and then reboot the domain controller when prompted. Upgrades will not generally require a reboot.

Enzoic for Active Directory needs to run on each domain controller; however, it only needs to be configured once. All configuration settings (with the exception of the optional proxy settings) are stored in Active Directory and automatically shared with all instances of that domain.

After the initial reboot, the Setup Wizard will walk you through the configuration process with the following steps. All settings can be modified through the console after initial set-up:

1. Network Settings:
Adjust the API timeout duration after which the password change will be allowed to go through without checking. The compromise status will be detected subsequently if Continuous Password Protection is enabled.

OPTIONAL: Specify any HTTP proxy server if you wish to route traffic to Enzoic’s server. This setting will need to be configured separately on each Domain Controller.

2. License:
Enter your Enzoic License Key provided for your account.

You can register to obtain a free key

3. Monitored Entities:
Specify which Active Directory accounts to protect. You can select all Active Directory users, individual users, groups, or containers/ou.

4. One Click NIST Compliance:
Choose if you’d like to accept the default settings recommended for NIST 800-63b:

  • Custom dictionary for context-sensitive words for your business
  • Common passwords found in cracking dictionaries
  • Fuzzy matching for common patterns and substitutions
  • Continuous monitoring to detect when existing password becomes vulnerable

5. Password Policies (not shown when One Click NIST Compliance is selected):
Define how Enzoic will handle compromised password screening (inclusion of cracking dictionaries, fuzzy matching, etc.) and additional password policies (passwords that include user’s information).

6. Continuous Password Protection Settings:
Choose to monitor passwords daily to detect subsequent compromise and configure the desired remediation actions. You have the option to customize email templates for alerts sent via Amazon Simple Email Services. You can also select the Delegate Server, which is the Domain Controlled that handles the continuous monitoring process.

7. Administrative. Notifications:
Include one or more email addresses to be notified for events, including: a) detection of new password compromise, b) summary of all users’ compromise status, and c) alert to any service operation errors.

8. Test Settings:
Validate a username (either NT4 style or UPN) and a test password to ensure the user account is included (or excluded) as desired, and that the application can reach the Enzoic servers.

Sample compromised password: uGetL0ckedOut!

Additional Domain Controllers

Enzoic for Active Directory needs to be installed on each domain controller. Note that Enzoic for Active Directory stores its configuration settings in Active Directory, so once it is configured on one domain controller, the configuration settings will replicate to all the domain controllers in the domain. You can use GPO push installs to easily install Enzoic for Active Directory across multiple domain controllers in your environment.

Read Installing to other Domain Controllers via GPO

Troubleshooting

You can use the following checks to verify the installation completed as expected.

  1. Check windows\system32 and confirm the presence of EnzoicFilter.dll
  2. Check the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa for presence of Enzoic in the notifications packages value
  3. Check the Event viewer system logs after reboot to confirm there are no errors about the failure to load the EnzoicFilter.dll
  4. Check the logs ..\ ProgramData\Enzoic\Enzoic (Log files should typically be retrieved from the DC configured as Delegate Server)

* If you are seeing problems reaching the Enzoic servers, please review your proxy server settings as well as the Firewall Requirements. If emails notifications aren't being received, add enzoic.com to your approved senders.