Question

How do I configure FTK Central to use Active Directory authentication?

Notes:

  • Active Directory authentication can only be tied to one domain.  If your users are spread over multiple domains, you should not use Active Directory authentication.
  • Application-level, non-domain users will not be able to log in to FTK Central if Active Directory authentication is enabled.
  • Your FTK Central base URL may need to be added to your Local Intranet Zone in order to pass authentication.

 

Answer

  1.  Log in to FTK Central and click the wrench in the upper-right to go to Administration
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875436/original/2021-07-28_14_35_46-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b18587a295d1541cb50f23a3a0b4514681d294e8c57fa65e7d2e65bffc571fe4
  2. Click System Management in the upper-right
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875437/original/2021-07-28_14_38_27-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=30b445605cb88cfcfd3c94f27a925f085793dd13b475b6320d7571ed78c759d4
  3. Click Active Directory on the left
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875438/original/2021-07-28_14_40_31-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f518d67a7185d14aa3d1ad0e385e97f6a02bf5fe5e14822bef6465e9f0dc81ea
  4. Complete the values as defined below:
    Server: Name or IP of the Domain Controller
    Port: LDAP port
    Global Catalog: Whether or not to use Global Catalog
    Base DN: Distinguished Name of the base OU
    User DN: Username of a user with Domain Read Object privileges
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875439/original/2021-07-28_14_47_15-Greenshot_image_editor.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=d73b490390b60c5331653479c7ec395a40674120efe6c20c9ce2708ba320bd1a
  5. Check the box under Active Directory Authentication
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875440/original/2021-07-28_14_48_03-Greenshot_image_editor.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=fd39ea4ed9720bb725993eb536f93ecaf575351c0ef5267762d6219c3ab0ad9e
  6. Click Test Configuration and make sure it returns Valid
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875441/original/2021-07-28_14_50_44-Greenshot_image_editor.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=04b5f33a09e99bd940db98273fd949c3b3335023e14fe6e09166a7ce3be22ad6
  7. Click Save and Next in the lower-right
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875442/original/2021-07-28_14_52_13-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b42776f1cc58a398b63750e75cce7b7e757156db50e743844bbf4fc59b26ce49
  8. Complete at least the fields as shown below, the click Save and Next
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875443/original/2021-07-28_14_53_11-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=1b30d5e215f3ba2e885ad38168a5d075b7c4691efa3e81ece3a08ff05f289d2a
  9. Click User Management in the upper-right
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875444/original/blah.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=dc4e3d3c0d2a4fbf8642b66f00b9f647bed6c9d65877934cd73e4a48079dc7e5
  10. On the Users page, click Import fromAD
    https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875445/original/2021-07-28_14_56_53-mRemoteNG_-_confCons.xml_-_ftkc-app.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163722Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b01078a81b820f59dd1e3db7697a5a8f76bfcf16b633fe914473efbfa45b6a8b
  11. Import at least one User from Active Directory, and associate them to either the Application Administrator Role or Group
    Note: Any existing non-domain users will not be able to log in to Quin-C beyond this point
  12. On the FTK Central server, navigate to the Forensic Tools bin folder (typically "C:\Program Files\AccessData\Forensic Tools\\bin")
  13. Open ADG.WeblabSelfHost.exe.config in a text editor
  14. Under the appSettings section, find and edit the value of the UseAD key as defined below:
    
    1: Integrated Windows Authentication (User-based authentication)
    2: Integrated Windows Authentication (Group-based authentication, see this)
    3: AD + Forms (User-based authentication)
  15. Save your changes, and restart the AccessData Exterro Self Host Service service