Centrify Agent for Windows DirectAuthorize and DirectAudit installation command-line options
11-02-2018 01:37 PM
Quick question for my own sanity:
In the past, interactive installations of the Centrify Agent for Windows would prompt if you wanted to install DirectAuthorize with DirectAudit.
Silent or command-line based installs, you could also control this with the ADDLOCAL=ALL MSI property or the INSTALLLEVEL=3 property. etc.
This is also detailed in this older thread, ( https://community.centrify.com/t5/Centrify-Infrastructure-Services/Silent-Windows-Agent-Install-MST-... ) where the was some confusion with INSTALLLEVEL=2000 being in the official documentation.
My question is around the newer agents which don't seem to support these MSI properties anymore. It appears that the Direct Audit service is installed regardless of the INSTALLLEVEL used, and it is set to automatic.
I'm assuming, and someone please correct me here if I am wrong, that the newer agents now use some type of SCP discovery not only to detect valid instances of Centrify Zone Infrastructures for Privilege Elevation, Cloud Connectors for Identity Platform, but also a discovery of Direct Audit instances in the environment.
Would it be correct to state that the newer agent installs all features in an "unconfigured state", and if an SCP for the feature is determined, it's made available for configuration?
11-03-2018 05:15 PM
The installer has changed since the spring of last year.
Just do a manual or automated installation of the client, and as long as you have pushed the installation settings (over GPO or other method) it will just work.
For others reading this response.
- Privilege elevation will require a zone join manually or automatically.
- Identity Platform (for MFA or self-service) can also be done manually or automatically.
- Both require an authorization to be activated.
DA will just work if it can detect a single install or you pushed the installation over GPO.