This section describes how to install Defender for the first time. Before you start, make sure that:

• The target computer is in a safe location The computer on which you plan to install the required Defender features is in a secure location to which you have physical access, has TCP/IP installed and static IP address, and meets the applicable system requirements described in the Defender Release Notes.

• The account under which you plan to install Defender has sufficient permissions The account under which you will be running the Defender Setup must be a member of the local administrators group. To install the Defender Management Portal, this account must also have the permissions to create and delete child Active Directory objects under the computer account object corresponding to the computer where the Management Portal is installed.

• You have prepared a service account This is the account under which Defender will be accessing Active Directory®. The Defender Setup extends standard Active Directory schema classes and attributes and defines new Defender-specific classes in the Active Directory schema. For more information about these classes and attributes, see “Appendix C: Defender classes and attributes in Active Directory” in the Defender Administration Guide.

  The service account must have the following permissions:

  • Create and modify Active Directory classes and attributes in the forest schema. By default, members of the Schema Admins group have these permissions.
  • Create and modify control access right objects in the forest configuration container. By default, members of the Enterprise Admins group have these permissions.
  • Create organizational units in the specified Active Directory domain. By default, members of the Domain Admins group have these permissions.

You can install Defender on physical computers or virtual machines. To install Defender for the first time, complete the following steps:

• Install required Defender components
• Configure Defender Security Server
• Create and configure objects in Active Directory
• Program and assign security tokens to users

By completing these steps, you get a base Defender configuration which you can then extend to suit your needs. For example, you can extend the base configuration to do the following:

• Authenticate users who access you company’s resources via VPN. For more information, see “Securing VPN access” in the Defender Administration Guide.
• Authenticate users when they access Web sites hosted on Microsoft Web Server (IIS). For more information, see “Securing Web sites” in the Defender Administration Guide.
• Authenticate users when they sign in to their Windows^®-based computers. For more information, see “Securing Windows-based computers” in the Defender Administration Guide.
• Authenticate users when they access a PAM-enabled service in UNIX or Linux^®. For more information, see “Securing PAM-enabled services” in the Defender Administration Guide.