Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Easy heading
linkText4
linkText10
linkText3
linkText6
linkText5
relatedLinksLabels
linkText2
linkText1
headingTagsH1,H2,H3
sidebarMaxHeight450
linkType2Page
linkType3Page
linkType1Page
linkType10Page
sidebarTitleON THIS PAGE
linkUrl3
linkUrl4
linkUrl1
linkUrl2
linkUrl10
includedPageModeDisable_Included_Pages
linkText8
linkText7
relatedLinksOrderLabels_First
sidebarModeOpened
headingNumberingModeDisable_Numbering
linkText9
sidebarMarginRight20
relatedLinksTargetNew_Window
relatedLinksTitleRELATED LINKS
linkUrl9
linkUrl7
linkUrl8
numberedHeadingTagsH1,H2,H3
linkUrl5
linkUrl6
linkType8Page
linkType9Page
linkType6Page
headingLinkTextModeWrap
linkType7Page
linkType4Page
linkType5Page
sidebarWidth240
sidebarTop160
headingLinkExpandModeCollapse_All_By_Default
headingLinkIndent10

...

Ensure that a web browser is available and compatible for use as the admin interface by end-users of GYTPOL Validator.

Client Sensor Requirements:

Verify that servers and workstations covered by GYTPOL Validator meet the required clientSensor-side specifications.

DNS - Routing to GYTPOL Server:

...

Determine and open the specific ports on both the server and client Sensor sides as required by GYTPOL Validator to facilitate communication and functionality.

...

  • You need a physical or virtual machine running at least Windows 7 SP1.

  • It is recommended to use the latest version of either MS Chromium Edge or Google Chrome browsers for optimal compatibility.

...

Sensor Requirements

  • Ensure that Task Scheduler is enabled for both user and computer.

  • Enable Event Viewer for both user and computer.

  • RSOP (Resultant Set of Policy) should be allowed.

  • PowerShell version requirements:

    • PowerShell 2.0 or later is required, with support for detection and auto-upgrade.

    • PowerShell 5.1 and later are preferred, as they support detection, auto-upgrade, remediation, and revert.

    • It is recommended to set PowerShell scripts to "All Signed" (or any option besides "Restricted" or "Remote Signed"), preferably via Group Policy (GPO).

    • Enable the ability for users to run PowerShell scripts.

...

If you are not using Microsoft DNS and are using a different DNS service such as Infoblox or any other, please get in touch with us for further guidance and assistance regarding the setup of CNAME records and DNS configurations specific to your DNS service provider. We will provide you with tailored instructions and support to ensure proper integration with GYTPOL.

Ports

From

To

Port number

Purpose

All devices and OS

GYTPOL App Server

9093

HTTPS

9090 (Windows7 only)

HTTP

(Data is compressed and encrypted)

All Computers

(In case GYTPOL cloud service connection is desired for external devices and Remote Employees)

GYTPOL Cloud Service

EMEA & Asia:

https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod

https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com

443

HTTPS

Americas:

https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod

https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com

Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the client Sensor is generated.

GYTPOL App Server

GYTPOL DB server

(Required for deployments over 3,000 devices)

1433, 1434

SQL queries

GYTPOL App Server

DC’s

389, 9389, 636, 135, 138-139, 445, 464, 53, 3268, 3269 +

Dynamic ports (49152-65535)

GP PS queries +

GP modeling queries

GYTPOL App Server

GYTPOL Cloud Service

EMEA & Asia:

https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod

https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com

443

HTTPS

(In case GYTPOL cloud service connection is desired for external devices and Remote Employees)

Americas:

https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod

https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com

Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the client Sensor is generated.

IT Admin Computers

GYTPOL App Server

3389

9093

RDP

UI – HTTPS

Local Ports on GYTPOL server should be free and not used.

5000, 8080, 8082, 8083, 9090, 9093, 9370

Ports needed for GYTPOL to run properly.

Antivirus

Exclude the following directory for GYTPOL App server only:

...

How to Check if IPv6 is disabled (Optional)

To check if IPv6 is disabled on the GYTPOL server, you can follow these steps:

...

  • In the "Enter the object names to select" field, type "gytpoSvcgytpolSvc."

  • Click on "Check Names" and wait for the name to be validated. It should appear with an underline and with the domain name.

...

Once the name is validated, click "OK" to confirm and add the "gytpoSvcgytpolSvc" user to the Administrators group.

...

You can validate the setting by running the following PowerShell command as an administrator on the GYTPOL server:

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name disabledomaincreds -ErrorAction Stop | Select-Object -ExpandProperty disabledomaincreds

The expected output should be "0," indicating that the "Network access: Do not allow storage of passwords and credentials for network authentication" policy is not enforced or is disabled on the GYTPOL server.

...

By following these steps, you can test permissions and verify that the GYTPOLSVC user has the required access to Group Policy Objects and can perform Group Policy Modeling as needed.

Windows Features installation

To install Windows Features on the GYTPOL server, including Group Policy Management and Remote Server Administration Tools, follow these steps:

...

Once the installation is complete, the selected features, including Group Policy Management and Remote Server Administration Tools, will be installed on the GYTPOL server.

Automatic pre-checker tool

To use the Automatic Pre-checker tool for GYTPOL, follow these steps:

...

  • The results may include:

    • Red X sign (error): Indicates an error that needs to be fixed before installation. Hover over the question mark (?) for details on what needs to be done.

    • Yellow Exclamation mark (warning): Indicates a non-critical issue that can be addressed, but it's not required for installation.

    • Defender icon: Indicates that the check has passed.

...