Enzoic for Active Directory 3.2
Please ensure you've reviewed the information on the Installation Prerequisites page prior to proceeding.
Download the Installer
The installer is available as both an MSI and an EXE. The EXE version will install the necessary version of the .NET Framework if it is not already available on your server, while the MSI will not. If in doubt, you should use the EXE installer.
Links to download the most current version (Domain Controllers must all run the same version):
https://cdn.enzoic.com/files/EnzoicForAD.exe (MD5: 63682dfc142e805f2b7809e1e876a270)
https://cdn.enzoic.com/files/EnzoicForAD.msi (MD5: 1ddfeac5fbe8c555b3f37471ce9edecb)
https://cdn.enzoic.com/files/EnzoicForADClient.msi (MD5: 87ce3d02e39b82cc716937e2c04c3df7)
Read the current release notes.
Multiple Domain Controllers
Enzoic for Active Directory needs to be installed on every writable domain controller in the target domain - it is not necessary to install it on read only domain controllers. Note that Enzoic for Active Directory stores its configuration settings in Active Directory, so once it is configured on one domain controller, the configuration settings will replicate to all the domain controllers in the domain.
Setup Wizard Installation
Run the installer, and then reboot the domain controller when prompted. Future upgrades will not generally require a reboot, but the initial install does.
Enzoic for Active Directory needs to run on each domain controller; however, it only needs to be configured once. All configuration settings (with the exception of the optional proxy server settings) are stored in Active Directory and automatically shared with all instances of that domain.
After the initial reboot, the Setup Wizard will walk you through the configuration process with the following steps. All settings can be modified through the console after initial set-up:
After you have finished the Setup Wizard, you will be placed on the Enzoic Console Dashboard. You will receive a prompt asking if you'd like to run an initial scan of your domain for users with compromised passwords. If you are familiar with the Enzoic AD Lite product, this is essentially the same scan.
Proceeding will scan all user passwords in your Active Directory domain to see if the exact password is present in Enzoic's database of bad passwords (note this scan can take some time for very large domains). At the end of the scan, you will see a dialog with a report showing which users had weak or compromised passwords. From the report, you can select users to perform remediations such as disabling their account or forcing a password change on next login. You may also export the results to a CSV for reference.
Completing the setup process above will get you started with a single default monitoring policy and some initial settings. You can always tweak the settings from the Console Settings or Monitoring Policies area.