Easy heading | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Ensure that a web browser is available and compatible for use as the admin interface by end-users of GYTPOL Validator.
Verify that servers and workstations covered by GYTPOL Validator meet the required clientSensor-side specifications.
DNS - Routing to GYTPOL Server:
...
Determine and open the specific ports on both the server and client Sensor sides as required by GYTPOL Validator to facilitate communication and functionality.
...
You need a physical or virtual machine running at least Windows 7 SP1.
It is recommended to use the latest version of either MS Chromium Edge or Google Chrome browsers for optimal compatibility.
...
Sensor Requirements
Ensure that Task Scheduler is enabled for both user and computer.
Enable Event Viewer for both user and computer.
RSOP (Resultant Set of Policy) should be allowed.
PowerShell version requirements:
PowerShell 2.0 or later is required, with support for detection and auto-upgrade.
PowerShell 5.1 and later are preferred, as they support detection, auto-upgrade, remediation, and revert.
It is recommended to set PowerShell scripts to "All Signed" (or any option besides "Restricted" or "Remote Signed"), preferably via Group Policy (GPO).
Enable the ability for users to run PowerShell scripts.
...
If you are not using Microsoft DNS and are using a different DNS service such as Infoblox or any other, please get in touch with us for further guidance and assistance regarding the setup of CNAME records and DNS configurations specific to your DNS service provider. We will provide you with tailored instructions and support to ensure proper integration with GYTPOL.
Ports
From | To | Port number | Purpose |
All devices and OS | GYTPOL App Server | 9093 | HTTPS |
9090 (Windows7 only) | HTTP (Data is compressed and encrypted) | ||
All Computers (In case GYTPOL cloud service connection is desired for external devices and Remote Employees) | GYTPOL Cloud Service EMEA & Asia: https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com | 443 | HTTPS |
Americas: https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com | |||
Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the client Sensor is generated. | |||
GYTPOL App Server | GYTPOL DB server (Required for deployments over 3,000 devices) | 1433, 1434 | SQL queries |
GYTPOL App Server | DC’s | 389, 9389, 636, 135, 138-139, 445, 464, 53, 3268, 3269 + Dynamic ports (49152-65535) | GP PS queries + GP modeling queries |
GYTPOL App Server | GYTPOL Cloud Service EMEA & Asia: https://<customer-tenant>.execute-api.eu-central-1.amazonaws.com/prod https://gytpol-re-<customer-tenant>-tasks.s3. eu-central-1.amazonaws.com | 443 | HTTPS (In case GYTPOL cloud service connection is desired for external devices and Remote Employees) |
Americas: https://<customer-tenant>.execute-api.us-east-2.amazonaws.com/prod https://gytpol-re-<customer-tenant>-tasks.s3. us-east-2.amazonaws.com | |||
Specific customer tenant URL that requires whitelisting is specified in the appsettings.json file, which will be provided after the client Sensor is generated. | |||
IT Admin Computers | GYTPOL App Server | 3389 9093 | RDP UI – HTTPS |
Local Ports on GYTPOL server should be free and not used. | 5000, 8080, 8082, 8083, 9090, 9093, 9370 | Ports needed for GYTPOL to run properly. |
Antivirus
Exclude the following directory for GYTPOL App server only:
...
How to Check if IPv6 is disabled (Optional)
To check if IPv6 is disabled on the GYTPOL server, you can follow these steps:
...
In the "Enter the object names to select" field, type "gytpoSvcgytpolSvc."
Click on "Check Names" and wait for the name to be validated. It should appear with an underline and with the domain name.
...
Once the name is validated, click "OK" to confirm and add the "gytpoSvcgytpolSvc" user to the Administrators group.
...
You can validate the setting by running the following PowerShell command as an administrator on the GYTPOL server:
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name disabledomaincreds -ErrorAction Stop | Select-Object -ExpandProperty disabledomaincreds
The expected output should be "0," indicating that the "Network access: Do not allow storage of passwords and credentials for network authentication" policy is not enforced or is disabled on the GYTPOL server.
...
By following these steps, you can test permissions and verify that the GYTPOLSVC user has the required access to Group Policy Objects and can perform Group Policy Modeling as needed.
Windows Features installation
To install Windows Features on the GYTPOL server, including Group Policy Management and Remote Server Administration Tools, follow these steps:
...
Once the installation is complete, the selected features, including Group Policy Management and Remote Server Administration Tools, will be installed on the GYTPOL server.
Automatic pre-checker tool
To use the Automatic Pre-checker tool for GYTPOL, follow these steps:
...
The results may include:
Red X sign (error): Indicates an error that needs to be fixed before installation. Hover over the question mark (?) for details on what needs to be done.
Yellow Exclamation mark (warning): Indicates a non-critical issue that can be addressed, but it's not required for installation.
Defender icon: Indicates that the check has passed.
...