Assessment Steps

Use below steps to perform health & risk assessment of Microsoft Active Directory, Office 365, DHCP and also perform Cyber Security assessment.

Steps
IT Health Profiler does not require you to follow too many steps before you can get an actionable report. IT Health Profiler does not install any agents on the target systems. The complete process is a Read-Only operation. Follow below steps to quickly perform assessments.

If you need any support during your assessment activities or need to understand a particular piece or component of IT Health Profiler, please call at support number or send email at Support@ITRiskScan.com

Selecting Assessment Product is the first step. During the first use of IT Health Profiler, you will presented with “Select Assessment Product” screen as shown in the screenshot below:

Note that IT Health Profiler is a multi-technology assessment product. You need to select the Assessment Product for which you have purchased IT Health Profiler. Please note currently IT Health Profiler supports below assessment products:

  • Microsoft Active Directory
  • Microsoft Office 365
  • Cyber Security Assessment
  • Microsoft DHPC Server

Select one of the assessment products from above screen and then click “Select” button to proceed next.

Note: IT Profiler comes with two editions; PRO and Enterprise. If you have purchased Enterprise edition, please select “Multiple Technologies” from “Select Assessment Product” screen. The “Multiple Technologies” will let you use all technologies from single console.

Once assessment product is selected, in the next screen you are required to enter login credentials as shown in the screenshot below:

The default login credential is as below:

  • Username: admin
  • Password: admin

Note: You can change default login credentials from “Options” screen.

Next, click on “Login Now” button to proceed next.

The first step is to prepare IT Health Profiler. As part of the IT Health Profiler preparation process, we perform following steps:

  1. Checks to see if technology modules have been installed.
  2. Checks to see you are running IT Health Profiler on a supported Windows platform.
  3. Checks to see Antivirus Exclusion is made
  4. Checks to see PowerShell Execution Policy is set to Unrestricted or RemoteSigned.

To start preparing the IT Health Profiler, click on “Prepare” button located in the “Configuration” pane as shown in the screenshot below:

When you click on the “Prepare” button, the right panel will show a prepare screen as shown in the screenshot below:

In the prepare screen, you need to click on “Prepare” button. When you click on the Prepare button the process will check Operating System version, PowerShell Modules, antivirus exclusion, etc and then show the result in PASSED or FAILED.

You need to ensure IT Profiler shows PASSED for all items. If you see any errors or FAILED status for any of the component, please ensure to investigate or call us to troubleshoot the issue for you.

A few important points to note:

  1. If you are using IT Health Profiler for Active Directory assessment, make sure Active Directory PowerShell Modules have been installed on IT Health Profiler computer.
  2. On Windows 10 clients, Active Directory PowerShell modules need to be installed manually.
  3. If Antivirus Exclusion Test fails, please ensure to whitelist below directory in your Antivirus:

C:\Users\Public\DynamicPacksTechnologies

Installing PowerShell Modules

IT Profiler provides a way to install technology modules automatically from the Prepare screen. As you can see in the screenshot above, clicking on “Install Modules” button will trigger the process for installing technology PowerShell modules.

If you have purchased IT Health Profiler, you must register before registering assessment targets or creating assessment profiles. To register IT Health Profiler, click on the “Register” button located in “Configuration” pane as shown in the screenshot below:

When you click on the “Register” button, you will see registration screen as shown in the screenshot below:

Note: If you have purchased IT Health Profiler, you have obtained IT Profiler License File. The IT Profiler License File is generated by IT Risk Scan support. The license file contains information about the registration.

You need to provide following inputs in order to register IT Health Profiler:

  • Email: Enter the registered email address.
  • Code: Enter the IT Scanner PRO or Enterprise license code.
  • Number: If you don’t see anything in the Number box, you need to click on “Generate” button.
  • IT Profile License File: Next, click on “Browse” button to specify the IT Scanner License file.

Once you have specified values for all fields, click on “Register” button to register the IT Health Profiler.

The registration process will take a few seconds to complete. Once the IT Profiler is registered, you are required to restart IT Health Profiler in order to unlock all features.

IT Health Profiler requires Technology Packs Licenses to be installed before the registered version of IT Health Profiler can be used.

Note: If you are using Free version of IT Health Profiler, please skip this step as Free version allows you to add Technology Dynamic Packs without installing Technology Packs Licenses.

To install the Technology Packs Licenses, click on “Options” button located under the “Configuration Pane” as it shows in the screenshot below:

Once in the Options screen, click on “Install License” button located in the “Pane Actions” pane as shown in the screenshot below:

As you can see in the above screen, I have two licenses already installed. To start registering Technology Packs License, click on “Install License” button which, in turn, brings the following screen:

In the above screen, provide following inputs:

  • Select Technology Pack Name: You need to select Technology Pack Name here. The following technologies are available:

Note: Currently, IT Health Profiler supports Microsoft Active Directory, DHCP Server, Office 365 and Cyber Security Assessment Packs.

  • Issued License: Enter the license code for selected Technology Pack. This is the license code that you received when you purchased Technology Packs License.
  • Unique Number: Click on the “Generate” button to generate the unique number for Technology Packs License you selected.
  • Select Packs License File: You need to select Technology Packs License file that you received when you purchased the Technology Packs License. This file contains licensing data for the technology pack which you are going to install.

Once you have provided inputs, click on “Install License” button. The process will take a few seconds to complete. Once the process is complete, you must see license installed under IT Health Profiler.

The next step is to register the assessment target. An assessment target can be an Active Directory forest, Microsoft Office 365 Subscription, or DHCP Server. Here are the steps you will be following to register assessment target.

Registering Active Directory Forest

If you are planning to do assessment of an Active Directory forest, you must register AD Forest under the management of IT Health Profiler. To begin registration of AD Forest, click “Register AD Forest” button found in “Configuration” pane as it shows in the screenshot below:

When registering AD Forest, you need to provide below inputs:

  • AD Forest License: Enter the AD Forest License code.

Note: If you are using Free version, click on “Apply Test License”.

  • AD Forest FQDN: Enter the AD Forest FQDN for example ITKit.Lab. You can also get current AD Forest FQDN by clicking “Get Current Forest” button.
  • AD License File: Click on “Browse” button to apply AD Forest License file.

Note:  There is no need to provide AD Forest License file if you are using Free version of IT Health Profiler.

Once you have provided inputs to all fields, click on “Register AD Forest” found in the “Pane Actions”. The registration process will take a few seconds to complete.

Once the AD Forest is registered, you need to go to “Forest Discovery” to discover the domain controllers and AD Sites in registered AD Forest.

Registering DHCP Server

If you are planning to do assessment of DHCP Server, you will follow below steps to register DHCP Servers under the management of IT Health Profiler.

Registering Office 365 Subscription

IT Health Profiler does not require you to register Office 365 Subscriptions.

Discovering AD Forest

Note that registered AD Forest must be discovered. Click on “Forest Discovery” button. When you click on the “Forest Discovery” button you will be presented with a screen as shown in the screenshot below:

In the “AD Forest Discovery and Connectivity” screen, please on the AD Forest you want to discover and then click on “Discover” button found in the “Pane Actions”. Clicking on “Discover” button will show you below window:

In the above screen, click on “Start Discovery” button to start discovering domain controllers and AD Sites in the AD Forest.

Note: The discovery process might take some time depending on the number of domains and domain controllers in each domain. Usually, the discovery process completes withing few minutes. You will be able to see the discovery progress in the above window.

Once the discovery is completed, you will be able to see discovered AD domain controllers and AD Sites.

Checking Connectivity of AD Forest

Next, you need to perform connectivity test of all domain controllers in registered AD Forest. Note that all domain controllers must be checked for connectivity and resolve all connectivity issues.

Important: The AD Forest can be added to Assessment Profile only if the connectivity test has been performed.

To start checking connectivity of AD Forest, expand “Domain Controllers Connectivity” panel and then click on “Test Connectivity” button as shown in the screenshot below:

Once the connectivity is finished checking all domain controllers, check connectivity result under “Connectivity Result” panel. If you see any connectivity issues for any of the domain controllers before you proceed next.

Note: It is recommended to resolve connectivity issues with domain controllers. If there are too many domain controllers have connectivity issues, the Dynamic Packs might take longer time to complete.

Once you registered your assessment target, it’s time to create Assessment Profile. The Assessment Profile is a management unit. The Assessment Profile contains assessment target and Dynamic Packs (sometimes referred to as health checks). You can create unlimited Assessment Profiles in IT Health Profiler. There are several advantages of creating multiple Assessment Profiles as explained in below scenarios:

  • Scenario 1: In this scenario you will create two Assessment Profiles. One Assessment Profile contains Dynamic Packs for Active Directory and another Assessment Profile contains Dynamic Packs for Office 365. This scenario is possible if you have purchased Enterprise Edition of IT Health Profiler.

For example:

  • Assessment Profile: Profile1
  • Assessment Target: ABC.Com (AD Forest)
  • Dynamic Packs: All Active Directory Dynamic Packs
  • Assessment Profile: Profile2
  • Assessment Target: Office 365 Subscription
  • Dynamic Packs: All Office 365 Dynamic Packs
  • Scenario 2: In this scenario you will create two Assessment Profiles. One Assessment Profile contains Active Directory DNS Dynamic Packs and another Assessment Profile contains Group Policy Dynamic Packs.
  • For example:
  • Assessment Profile: Profile1
  • Assessment Target: ABC.Com (AD Forest)
  • Dynamic Packs: All DNS Dynamic Packs
  • Assessment Profile: Profile2
  • Assessment Target: ABC.Com (AD Forest)
  • Dynamic Packs: All Group Policy Dynamic Packs
  •  
  • Scenario 3: In this scenario you will create two Assessment Profiles. One Assessment Profile contains ABC.Com as assessment target and another Assessment Profile contains XYZ.Com as assessment target.
  • For example:
  • Assessment Profile: Profile1
  • Assessment Target: ABC.Com (AD Forest)
  • Dynamic Packs: All Active Directory Dynamic Packs
  • Assessment Profile: Profile2
  • Assessment Target: XYZ.Com (AD Forest)
  • Dynamic Packs: All Active Directory Dynamic Packs

To start creating assessment profile, click on “Manage Profiles” button located in the Configuration pane as shown in the screenshot below:

Once in Manage Profiles window, provide below inputs to create a new Assessment Profile:

  • Profile Name: Enter profile name. Profile name must be unique and it cannot contain special characters and cannot contain spaces.
  • Profile Instance: Provide profile instance here. The Profile Instance can be an Active Directory Forest which is already registered under the management of IT Health Profiler OR one of the following instances as shown in the screenshot below:

  • Adding Dynamic Packs: Next, add Dynamic Packs to be included in the Assessment Profile. To add Dynamic Packs, click on “Add Dynamic Packs” button, which, in turn, brings the following screen:

Here you need to click on a Technology Label to see the available Dynamic Packs for that technology. As you can see I clicked on “Microsoft Active Directory” technology label and I could see all Dynamic Packs available for Microsoft Active Directory. Here you can add all categories, which, in turn, adds all Dynamic Packs for technology or click on “Add Checked” button to check only selected Dynamic Packs from a category.

Once Dynamic Packs have been added to Assessment Profile, the resulting screen should look like as shown in the screenshot below:

As you can see in the screenshot above, we have added all Microsoft Active Directory Dynamic Packs.

Next, click on “Create New Profile” button to create Assessment Profile. Once the Assessment Profile has been added to the system, the Assessment Profile will appear in “Available Profiles” pane.

Once Assessment Profile has been created, now you need to open Assessment Profile and execute it. To open Assessment Profile, click on “Open Profile” button located in “Configuration” pane as shown in the screenshot below:

In the “Open Profile” window, select the Assessment Profile which you created and then click on “Open Selected Profile” button. When you click on “Open Selected Profile” button IT Profiler will open “Execution Window” as shown in the screenshot below:

The “Execution Window” allows you to execute Dynamic Packs in Assessment Profile. The following actions are available in “Execution Window”:

  • Group Execution: Select this option execute all Dynamic Packs in a group. This action must be clicked only if currently opened Assessment Profile contains Dynamic Packs for Office 365 or Azure.
  • Execute Packs: Select this option if your Assessment Profile contains Active Directory Dynamic Packs.

IMPORTANT: If your Active Directory forest contains more than 10 domain controllers, it is advisable to execute all Active Directory Dynamic Packs that do not require connectivity to all domain controllers and then execute Domain Controller Dynamic Packs. To achieve this, under the “Execution Filter”, in “Assessment Target” dropdown, select “All Active Directory Dynamic Packs” and then in the “Select Choice”, select “Execute All Active Directory Packs but Skip Active Directory Domain Controller Packs” choice as shown in the screenshot below.

Next, click on “Apply Filter” to apply the filter. The process will check all Dynamic Packs according to the filter criteria. Once the Dynamic Packs have been selected, click on “Execute Packs” available in “Pane Actions”.

When you click on “Execute Packs”, IT Profiler will show you a execution window as shown in the screenshot below:

Click on “Start Now” button to start executing Dynamic Packs that have been checked. As you can see in the screenshot above, we have selected 57 Dynamic Packs. IT Profiler will show you progress of all Dynamic Packs being executed as shown in the screenshot below:

You might want to check completion status of Dynamic Packs by checking the Execution Status window.

Once IT Profiler has finished executing all Dynamic Packs, it is time to generate a summary. The summary would contain the issues that have been found and overall health status of the technology.

Summary Window allows you to issues that have been reported as part of Assessment Profile execution. To lunch Summary Window, click on “Summary Window” button found in “Configuration” pane as shown in the screenshot below:

As you can see there are 3 critical, 16 high, and 1 low issues have been reported. The Summary Window also shows the overall status of your technology. You can click on any of the issues to see its details.

When you click on an issue, it will show you the “Issue Detail”, “Impact”, and “Recommendations” to fix the issue as shown in the screenshot below:

You can filter issues by clicking on the issues label. The Issue Labels are located on top of the Issues Grid as shown in the screenshot below:

You can also filter issues by their category by selecting a category in “Filter Category” dropdown.

Basically, the Summary Window allows you to review the issues that have been reported and analyse the data.

Note: If you need to analyse the data offsite, you can export Assessment Profile and then import in IT Profiler running on your laptop.

Finally, you can generate a report that contains issue details and recommendations to fix the issues. To start generating the report, click on “Generate Report” button located in the configuration pane.

When you click on “Generate Report” button you will be presented with the following screen:

Note a few things before you can generate a report:

  • Microsoft Word and Excel need to be installed on the IT Health Profiler machine.
  • You must select a report template in “Requirements and Templates” screen.
  • You can select your own reporting template if you have designed one, but you need to be maintaining the reporting fields which are used by IT Health Profiler.

Requirements and Templates:

In this screen, select the reporting template. We provide four reporting templates for four technologies and these reporting templates can be found under C:\Users\Public\DynamicPacksTechnologies\ADHealthProfiler\DPConfig\ReportingTemplates folder. This is also shown in the screenshot below:

 Check Profile Dynamic Packs

Here you can check the Dynamic Packs which will be included in the report. In the current version of IT Health Profiler, there is no option to exclude Dynamic Packs from reporting. All Dynamic Packs will be included in the report.

Edit Reporting Fields

Here you can provide customer and other details such as reporting title, assessment technology, project effective date and other fields as appropriate.

Once you have provided all the inputs, click on either “Generate Word Report” or “Generate Excel Report” from the “Pane Actions” as shown in the screenshot below:

The report files are located under C:\Users\Public\DynamicPacksTechnologies\ADHealthProfiler\Data\WordReports folder. The reporting screen shows the location of both Microsoft Word and Excel reports as shown in the screenshot below: