Managing remote devices has been one of the major pain points of IT admins, especially in a growing work-from-anywhere culture. Most times, these remote devices connect to the organization's network and access common resources and sensitive information. In turn, this access to important resources necessitates measures to protect the organization's resources from unauthorized access and cyberattacks. One such tool that provides control and visibility over remote devices and their access to your organization's resources is ManageEngine Endpoint Central, a Unified Endpoint Management (UEM).
Read on to know more about ManageEngine Endpoint Central, its benefits and limitations, and how you can use it.
What is ManageEngine Endpoint Central?
ManageEngine Endpoint Central, earlier called Desktop Central, is a platform that helps IT admins remotely access all the devices that connect to the organization's networks. It enables you to access servers, desktops, laptops, and mobile devices to deploy patches, streamline user access, implement data loss prevention strategies, set up configurations, and more – all through a single console. Undoubtedly, it can save tons of time and effort for you while enhancing the productivity of your employees.
Now that you have an idea of what ManageEngine Endpoint Central is, let's jump to a detailed user guide.
Installing ManageEngine Endpoint Central
Installing ManageEngine Endpoint Central requires admin privileges. In general, the setup is easy and can be completed within a short time.
But before we get into the installation process, let's look at the system prerequisites.
System Prerequisites
For 1 to 250 computers, you need separate resources for both the server and client systems.
For the server, you need the following:
- Intel Core i3 2.0 GHz.
- RAM – 4 GB
- Hard disk space – 5 GB
For the clients, the minimum requirements are:
- Processor – Intel Pentium
- Processor Speed – 1 GHz
- RAM – 512 MB
- Hard disk space – 30 GB
You can adjust proportionately if you have more than 250 computers in your network. If you have more than 10K devices, ManageEngine recommends you use only Windows operating system and enterprise-grade hard drives or Solid State Drives (SSDs). Also, it recommends you install a Distribution Server for every 1000 devices.
On the software front, ManageEngine Endpoint Central supports Windows 7 and higher versions, and Windows Server 2008 and higher. PGSQL, MSSQL, and SQL Server versions 2005 and higher are supported.
Next, let's look at the installation process.
Installing Endpoint Central
Endpoint Central is in the EXE format, so double-click on the downloaded file and run it. Simply follow the instructions of the installation wizard. You can choose to use the default values or can change them to meet your specific requirements. The installation process will automatically install all the required components like web servers, databases, etc. No additional effort is needed from your end.
In case you want to uninstall Endpoint Central, that's easy too. ManageEngine recommends you uninstall the agent from client computers before you uninstall the product itself. The easiest way to uninstall all the agents is through the Scope of Management (SoM) console, provided all the devices are in the same LAN. Otherwise, you have to uninstall the agents separately on each device.
Once that's done, you can uninstall the product. Simply head to the Start menu and navigate to ManageEngine Endpoint Central > Uninstall.
Configuring Endpoint Central
A highlight of Endpoint Central is the ease of configuration. It groups all configuration settings into different buckets, so you know where to go and what to change to customize this tool.
Broadly speaking, all configuration settings are grouped into three main categories:
- General settings
- Feature-specific settings
- Value-added settings
As the names suggest, general settings pertain to the tool as a whole, feature-specific settings relate to the features you want to use, and value-added settings enhance the usability and functionality of Endpoint Central respectively.
Let's look at each of these categories, so you know where to find a specific setting to achieve the functionality you want.
General Settings
Here's a look at the general settings that you can configure to get a custom look and feel of your Endpoint Central.
User Roles
User roles are predefined roles that come with varying permissions for users. Note that every role has control and access permissions only to the modules mentioned alongside the role.
- Administrator Complete control over all operations.
- Auditor Only read access to reports.
- Guest Read access to all modules.
- IT Asset Manager Full control over the Inventory and MDM Control modules.
- OS Deployer Full control over OS deployment and imaging.
- Patch Manager Full control over the patch management module.
- Remote Desktop Viewer Full control over the Tools module.
- Technician Full control over configurations, software deployment, tools, and MDM Control modules.
If you're the admin, you can map users to any of these predefined roles, or you can even create new roles to meet your requirements.
Credential Manager
A credential manager is a central repository for storing the credentials needed to perform many endpoint management activities. The credential manager validates all the credentials related to your domain and rejects invalid credentials. Also, when someone changes these credentials, you get notifications right away. Furthermore, your life becomes easy as an admin as you'll have to update in one place only for the change to take effect across the system.
Scope of Management
A Scope of Management (SoM) policy guides the addition or removal of different devices and users within your organization. You can even configure how Endpoint Central will behave when a device is added/removed from the Active Directory. You can manage this policy through the SoM console.
Let's take a brief look at what you can do through this console.
Action | Navigation |
---|---|
Identifying domains | Go to the Agent tab and select Scope of Management > Domain. |
Add domains | Scope of Management > Domain > Add Domain |
Change the domain or workgroup | Go to Scope of Management -> Domain -> Add Domain. Choose the domain or workgroup you want to change and click the Modify button. Now, make the changes you want and click the Update Domain Details option. |
Troubleshoot | Head to Endpoint Central -> Scope of Management -> Summary and click the Troubleshoot Now option. |
Replication Policy
A replication policy helps to deploy a patch or software across your branch offices, even when the patch management server goes down. In this replication policy, you can set the following:
- Replication Interval The time it takes for a distribution server to communicate with the main server.
- Scheduler Date and time of deployment.
Mail Server Configuration
In case of any changes or updates to any configurations, you can configure the system to send notifications by email. However, you must configure the mail server before that. Broadly speaking, there are two ways to configure your mail server: Basic and OAuth.
To configure OAuth,
- Head to the Admin tab and navigate to Mail Server Settings.
- Look for the authentication type and select OAuth.
- Enter the mail server port, the sender's name and email address, and the email type. ManageEngine recommends you use the SMTP option for email type.
- Enable TLS if you need it and get the client ID, access token URL, scope, and other details from the authorization server.
- Click Save and you'll get a consent prompt. Enter your username and password, and with this, you're good to go.
The above steps, except the process of getting details from the authorized server, apply to the basic authentication option as well. Just make sure to select Basic instead of OAuth as the authentication type.
Reports
Reports are an essential part of your operations, as they provide a glimpse into the state of affairs of your organization at any time. Endpoint Central supports report creation and even comes with a bunch of templates that you can use. Each template requires specific settings such as the time period to include, frequency of report generation, etc.
You can even export reports into different formats like PDF, CSV, etc. Also, the reports can be password-protected if they are generated for a specific group.
Database Access
Endpoint Central stores all information in its database, so you must access this database to get the details you want. Though this database can be accessed remotely, only admins will have complete control over them. They can grant read-only access to anyone who might need access, but no one other than admins can have full control.
As an admin, here are the steps to grant read-only access to remote devices.
- Head to the admin tab and click on Database Settings.
- Navigate to Remote DB Access > Grant Access.
- Enter the remote computer's name to grant access to that device.
After this, restart the UEMS server for these settings to apply. Note that it's a good practice to revoke access when not required.
Thus, these are the general settings to configure. Next, let's look at some feature-specific settings.
Feature-Specific Settings
Some settings are specific to select features and modules.
Patch Management
To automatically download the patches, your Endpoint Central must connect to the Internet. You can set this up either as a direct connection or through an HTTP Proxy.
To configure the Internet connection, head to the admin tab. Look for Patch Settings > Proxy Settings. For direct connection, choose “Direct Connection to the Internet.” For a proxy connection, select “Manual Proxy Configurations”, and enter the host, username, password, and port of the HTTP proxy. You can also use scripts for this automatic configuration.
Next, you can automate the entire patch deployment process. To do this, head to patch management's web console > Patch Mgmt > Deployment > Test and Approve Settings > Patch Approval Status > Test and Approve. Here, you can choose from either Automatically Approve all Patches or Test and Approve Patches options.
Asset Management
You can automate asset discovery, so Endpoint Central automatically scans your entire network for new devices, and notifies you of the same. You can configure email alerts for certain events. To get email notifications,
- Head to the Inventory tab.
- Navigate to Actions/Settings > Configure Alerts > Notifications.
- Next select, the conditions for email alerts. You can also use the existing email templates to receive alerts.
- Specify the email addresses to which Endpoint Central must send notifications.
You can use the above process to configure the SMS server if you choose to receive SMS alerts.
Reports
Reports are another essential component of Endpoint Central, and it's easy to set up and customize the reporting process. A highlight is that you can get information about the Active Directory infrastructure components automatically and include them in your report.
To configure this connection to AD,
- Go to Admin > Report Settings > AD Report Settings > Enable AD Report Scheduler.
- Choose the AD domains for which you want to generate reports. Note that if you don't select the domains, the scheduler will be disabled.
- Choose if you want Endpoint Central to scan the changes and update the report or scan the entire domain each time. The difference is the time and resources it entails.
- Mention the interval period. It can be daily, weekly, or monthly.
After configuring, you can choose to receive the reports by email. To configure this, follow the first step mentioned above. Choose the Send Reports by Email option and enter the email addresses and the reports that must be sent. Click Save Changes for these changes to take effect.
Helpdesk Integration
You can integrate your helpdesk seamlessly with Endpoint Central, so your employees can raise requests through a single sign-on. The steps for this integration are as follows.
- Head to Admin tab > Integrations > Help Desk settings, and tick the checkbox.
- Enter the email address and the email domain to which helpdesk requests must be routed.
- Go to Attachments and standardize the image type to accept screenshots.
- Enable videos if required and make sure to specify the accepted formats.
- Save the settings.
In all, these are the broad modules for which you need configurations. Some modules like Mobile Device Management and Tools require only minimal configurations, most of which are self-explanatory.
Finally, let's look at some value-added settings that can enhance your user experience.
Value-Added Settings
Below are some of the prominent value-added settings that you can implement in Endpoint Central.
Create Custom User Roles
You can create custom user roles if your requirements don't match any of the built-in user roles of Endpoint Central. These custom user roles provide the flexibility to streamline access while having complete control and visibility over resource usage.
To create a user-defined role,
- Go to the Admin tab. Navigate to Global Settings > User Administration.
- Go to the Role tab and click the Add Role button. Give a name to the user role and a brief description for anyone to understand its purpose.
- Provide read-only, write, no access, or full control permissions for each module.
- Click the Add button, and you will have a custom role.
Enable Two-factor Authentication
To enable the two-factor authentication, log in with your credentials, and head to the Admin tab -> User Administration -> Secure Authentication. Enable the two-factor authentication and select the authentication mode. Endpoint Central supports the following authenticator apps: Zoho OneAuth, Microsoft Authenticator, Google Authenticator, and DUO Auth.
With these configurations in place, you're all set to use Endpoint Central optimally. Next, let's talk about how you can use Endpoint Central after the first login.
Initial Login
In this section, we'll talk about some modules you must set up when you log in for the first time.
Scope of Management
The first task you must do after logging in is to set the scope of management for Endpoint Central. This setup refers to the devices that will be managed through Endpoint Central and can include managed computers from directory services like Active Directory. Before jumping into the setup, take some time to decide the scope if you haven't done so already, and proceed with creating the Scope of Management (SoM) policy.
Update the Configurations
Run through the default configurations and make any required changes to them. We talked about the general configurations in the earlier section, so use it to customize Endpoint Central to meet your needs.
Set up Different Modules
As a next step, set up the modules that you plan to use for your organization. We talked about the feature-specific settings earlier, so make sure to use the settings that work best for you. Though you may not have to set up all the modules, make sure you use the configurations for patch management and inventory management, as they are critical to getting the most out of Endpoint Central.
With this, you're all set to use this platform.
To stop Endpoint Central, head to Services -> ManageEngine UEMS Server -> Stop ManageEngine UEMS Server.
Conclusion
To conclude, Endpoint Central is a comprehensive tool that helps you to better manage all the devices that connect to your organization's network. Setting up and using this platform is simple too, and we hope the above information quickens your setup time and learning curve.
For more such useful guides, browse www.ittsystems.com.