Lab 6: User Management

Goals:

• Add super user to root admin domain and verify user account.
• Edit default administrator user account.
• Add user account with limited permissions and verify user account.
• Create custom role.
• Configure LDAP authentication.
• Assign LDAP authentication to user account.
• Configure logon banner.
• Customize GUI access.
• Customize login controls.

Estimated Duration:

• 25 minutes
COPYRIGHT

McAfee and the McAfee logo, McAfee® Network Security Platform, are trademarks of McAfee or its
subsidiaries in the U.S and/or other countries. Other marks and brands may be claimed as the property of
others.

Copyright © 2020 McAfee. McAfee Confidential. McAfee restricts the re-distribution of this training
material to unauthorized audiences.
Lab 6.1: Add Super User to Root Admin Domain
Objective:
Add Super User to Root Admin Domain.

Lab Information:
Use the information in the table as a guideline for the lab.

Virtual Systems NSPMGR

Files None

Login Credentials Machine IP Address Username Password

PDC 10.10.10.200 MCAFEE\jsmith mcafee123!

NSPMGR 10.10.10.207 MCAFEE\jsmith mcafee123!

Scenario A default Administrator account exists. However, you want John Smith
(root domain admin) to have a unique account, rather than use the default
Administrator account. His account data is below:
• Login ID: jsmith
• Password: mcafee123!
• Name: John Smith
• E-mail: [email protected]
• Role: Super User
Refer to the steps below to complete the lab.

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

1 Add Super User to Root Admin Domain

1 1 Make sure you are logged into the NSM as the default administrator
(admin/admin123).

1 2 From NSM, click the Manager icon on the menu bar to open the Manager page.

1 3 In the left pane, expand the Users and Roles group and then click Users. The Users
page opens in the right pane. The page lists the currently configured users.

1 4
Click (plus icon). The Add a User page opens.

1 5 In User Credentials section of the page, enter the following information:

• Login ID: jsmith
• Password: mcafee123!
• Confirm Password: mcafee123!

1 6 In User Details section of the page, enter the following information:

• First and Last Name: John Smith

© 2020 McAfee Lab 6.1 - 1 McAfee Confidential

Lab 6.1: Add Super User to Root Admin Domain

Task: Step: Instructions:

• E-mail: [email protected]

1 7 In the Role Assignment section, from the Role drop-down list, select Super User.
Note: A Super User role has all the privileges possible in the current domain, as well
as any child admin domains.

1 8 Click Save at the bottom right of the page. You are returned to the Users page.

1 9 Remain on this page for the next lab.

End of Task

© 2020 McAfee Lab 6.1 - 2 McAfee Confidential

Lab 6.2: Verify the Super User

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

2 Verify the Super User

Scenario: You have previously added a user account for John Smith. Now, verify that the account works
as intended. Log out of the NSM and then log in again as John Smith to verify the NSM is accessible.
After verifying his credentials work, log out and then log in again as the default administrator
(admin/admin123).
Refer to the steps below to complete the lab.

2 1 From your NSPMGR virtual machine:

Click the Log Out icon located above the menu bar in the top right corner. The
Login dialog displays.

2 2 Log in to the NSM using John Smith’s credentials (jsmith/mcafee123!).

2 3 The Dashboard display indicates a successful login.

2 4 After verifying the account, stay logged in as jsmith and proceed to the next lab.

2 5 Remain on this page for the next lab.

End of Task

© 2020 McAfee Lab 6.2 - 1 McAfee Confidential

Lab 6.3: Edit Default Administrator User Account

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

3 Edit Default Administrator User Account

Scenario: The default root administrator account (Administrator) was created during the software
installation. However, you need to edit the Administrator account to add the following e-mail address:
[email protected].
Refer to the steps below to complete the lab.

3 1 From your NSPMGR virtual machine, make sure you are logged in to the NSM as the
jsmith (jsmith/mcafee123!).

3 2 From NSM, navigate to Manager > Users and Roles > Users. The Users page opens
in the right pane. The page lists the currently configured users.

3 4 Click the radio button of the Administrator account and click the (pencil icon).
The Edit a User page opens.

3 5 From the User Details section of the page, in the E-mail field, type
[email protected].

3 7 Scroll to the bottom of the page and click Save.

3 8 If prompted, log in to the NSM again (admin/admin123).

3 9 Click the Manager icon on the menu bar to return to the Manager page

3 10 In the left pane within the Users and Roles group, click Users to return to the Users
page.

3 11 Verify the updated e-mail address appears in the E-mail column for the
Administrator.

3 12
Click Log Out icon, located above the menu bar in the top right corner. The
Login dialog displays.

3 13 Log in to the NSM using the default administrator’s credentials (admin/admin123).

3 14 Remain on this page for the next lab.

End of Task

© 2020 McAfee Lab 6.3 - 1 McAfee Confidential

Lab 6.4: Add User Account with Limited Permissions

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

4 Add User Account with Limited Permissions

Scenario: Bob Jones requires access to the NSM. However, you want to limit privileges to generating
reports. He will not have permissions to manage NSP resources or users. For example, he cannot add,
edit, or delete devices or other user’s accounts.
His account details are below:
• Login ID: bjones
• Password: mcafee123
• Name: Bob Jones
• E-mail: [email protected]
• Role: Report Generator
After creating the account, log in with Bob Jones credentials. Verify his account only allows the ability
to run reports and manage his own user details. After verifying the account, log out from the Bob
Jones account and then log in again as the default administrator (admin/admin123).
Refer to the steps below to complete the lab.

4 1 Make sure you are logged into NSM as the default administrator (admin/admin123).

4 2 From NSM, navigate to Manager > Users and Roles > Users. The Users page opens
in the right pane. The page lists the currently configured users.

4 3
Click (plus icon). The Add a User page opens.

4 4 In User Credentials section of the page, enter the following information:

• Login ID: bjones
• Password: mcafee123
• Confirm Password: mcafee123

4 5 In User Details section of the page, enter the following information:

• First and Last Name: Bob Jones
• E-mail: [email protected]

4 6 In the Role Assignment section, from the Role drop-down list, select Report
Generator.
Note: A Report Generator role has limit privileges to generating reports. He will not
have permissions to manage NSP resources or users. For example, he cannot add,
edit, or delete devices or other user’s accounts.

4 7 Click Save at the bottom of the page. You are returned to the Users page.

4 8 Verify Bob Jone’s account displays in the list of users.

End of Task

© 2020 McAfee Lab 6.4 - 1 McAfee Confidential

Lab 6.5: Verify User Account

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

5 Verify User Account

Scenario: You previously added a user account for Bob Jones. Now, verify that the account works as
intended. Log out from the NSM and then log in again as Bob Jones to verify the NSM is accessible.
After verifying his credentials work, log out and then log in again as the default administrator
(admin/admin123).

Refer to the steps below to complete the lab.

5 1 Make sure you are logged into NSM as the default administrator (admin/admin123)
using Mozilla Firefox browser.

5 2
From your NSPMGR desktop, double click Network Security Manager
Short-cut Icon.

5 3 At the Network Security Manager Login window, log in with the Bob Jones
credentials.
• Login ID: bjones
• Password ID: mcafee123

5 4 Verify the privileges with a Report Generator role, the NSM menu bar should only
contain Analysis and Manager icons.

5 5 Click the Manager icon on the menu bar to access the Manager page.

5 6 Expand the Users and Roles group in the left tree, Users and Roles privileges are
limited to My Account. This means the user can change the user’s own Password and
User Details but cannot add, edit, or delete other users.
The only other privileges for this page are use of the Reporting options.

5 7 Expand the Reporting group and note the differences to the permissions for the
default admin account.

5 8 After verifying the NSM access and privileges, close the Mozilla Firefox browser to
completely close and log you out as bjones.

End of Task

© 2020 McAfee Lab 6.5 - 1 McAfee Confidential

Lab 6.6: Create a Custom Role

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

6 Create a Custom Role

Scenario: You want a custom role that allows Analysis and Dashboard privileges only. The role is for
future use.
• Name: Analyst Role
• Assigned Privileges: Analysis and Dashboard - Edit
Refer to the steps below to complete the lab.

6 1 From NSPMGR virtual machine, make sure you are logged into the NSM as the
default administrator (admin/admin123).

6 2 From NSM, navigate to Manager > Users and Roles > Roles. The Roles page opens.

6 4
Scroll to the bottom of the page and click (plus icon). The Add a Custom Role
page opens.

6 5 In the Role Name and Description boxes, type Analyst Role.

6 6 In the Privileges section, select (highlight) Dashboard and Analysis - Edit and use
the right arrow to move it from the Available box to the Assigned box.

6 7 Click Save. You are returned to the Roles page. A message confirms the Custom role
successfully added.

6 8 Scroll to the bottom of the page and verify the new role (Analyst Role) displays in
the list of available roles.

End of Task

© 2020 McAfee Lab 6.6 - 1 McAfee Confidential

Lab 6.7: Configure LDAP Authentication

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

7 Configure LDAP Authentication

Scenario: You want to enable external authentication using your LDAP server. The server’s IP address is
10.10.10.200. SSL is not required. Therefore, keep the default port 389.
Important: Make sure the PDC virtual machine is running (password: mcafee123!).

Refer to the steps below to complete the lab.

7 1 Make sure the PDC virtual machine is running (password mcafee123!).

7 2 Switch to the NSPMGR virtual machine.

7 3 Make sure you are logged into the NSM as the default administrator
(admin/admin123).

7 4 From NSM, navigate to Manager > Setup > GUI Access > LDAP Authentication.
The LDAP page opens in the right pane.

7 6
Click (plus icon). The Add an LDAP Server page opens in the right pane.

7 7 Enter the following information:

• Enable LDAP Authentication?: Yes
• Enable SSL?: <Leave blank -No check/tick>
• LDAP Server Name or IP Address: 10.10.10.200
• Server Port: <Keep default -389>

7 8 Click Save.

7 9 After the configuration is successfully saved, click the Test Connection button. An
LDAP Connection Successful message should display.

7 10 Click Save again. When alerted “you are about to save this order of consideration”,
click OK.
Note: you can configure up to 4 servers.

7 11 Remain on the Manager page for the next lab.

End of Task

© 2020 McAfee Lab 6.7 - 1 McAfee Confidential

Lab 6.8: Assign LDAP Authentication to User Account

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

8 Assign LDAP Authentication to User Account

Scenario: John Smith’s user account is configured for Local authentication. You want his account
authenticated using LDAP external authentication instead. John Smith’s LDAP DN is
[email protected]. His password remains the same.
To verify the authentication, log out as admin and log in again using his LDAP DN, then log back in
again as the default admin (admin/admin123).

Refer to the steps below to complete the lab.

8 1 Make sure you are logged into the NSM as the default administrator
(admin/admin123).

8 2 From NSM, navigate to Manager > Users and Roles > Users. The Users page opens
in the right pane. The page lists the currently configured users.

8 4 Click the radio button of the John Smith’s account, then click the (pencil icon).
The Edit a User page opens in the right pane.

8 5 Within the User Credentials section on the Authentication Type drop-down list,
select LDAP. The LDAP User DN field is now visible.

8 6 In the LDAP User DN field, type [email protected].

8 7 Click Save. You are returned to the Users page.

8 8 In the Authentication Type column for John Smith, confirm that LDAP is now
listed.

8 9 Log out from the default administrator NSM and then log in as John Smith’s
credentials (jsmith/mcafee123!) to verify the NSM is accessible.

8 10 Log out of the John Smith’s NSM. The Login dialog appears.

8 11 Log in to the NSM again as the default administrator (admin/admin123).

End of Task

© 2020 McAfee Lab 6.8 - 1 McAfee Confidential

Lab 6.9: Configure Logon Banner

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

9 Configure Logon Banner

Scenario: In this lab, you will enable the Logon Banner feature and change the default banner text to
suitable text to your organization.
After configuring the Logon Banner feature, log out from the NSM. Review the changes to the Network
Security Manager Login dialog, then log in again as the default administrator (admin/admin123).

Refer to the steps below to complete the lab.

9 1 Make sure you are login to the NSM as the default administrator (admin/admin123).

9 2 From NSM, navigate to Manager > Setup > GUI Access > Logon Banner. The Logon
Banner page displays in the right pane.

9 3 Click radio button Yes to Enable.

9 4 In the Banner Text box, type anything meaningful to you in the box. This is for
demonstration purposes.

9 5 Click Save. A “Successfully set logon Banner Details” message should display.

9 6
In the top right corner of the page, click the Log Out icon. The Login dialog
should now display your custom banner message.

9 7 Log in to the NSM again as the default administrator (admin/admin123).

End of Task

© 2020 McAfee Lab 6.9 - 1 McAfee Confidential

Lab 6.10: Customize GUI Access

Refer to the task and step table for detailed instructions to complete the lab.

Task: Step: Instructions:

10 Customize GUI Access

Scenario: You want to customize GUI access to limit the number of concurrent sessions a user can
open to 5 maximum.
Refer to the steps below to complete the lab.

10 1 Make sure you are login to the NSM as the default administrator (admin/admin123).

10 2 From NSM, navigate to Manager > Setup > GUI Access > Session Control. The
Session Control window opens in the right pane.

10 3 Select the Check box for Limit the Number of Concurrent Sessions a User Can
Open and then in the box on the right type 5. This changes the maximum number of
concurrent sessions to 5.

10 4 Click Save.

10 5 If prompted by Final Steps prompt window (If the Threat Analyzer or Custom
Attack Editor is running, it must be restarted for the changes to take effect). click
OK.

End of Task

End of Lab

© 2020 McAfee Lab 6.10 - 1 McAfee Confidential