Silent Windows Agent Install MST Option for Audit Only
04-03-2017 10:58 AM
We are deploying the Centrify Windows Agent via SCCM, and according to the MST file options here: https://docs.centrify.com/en/css/suite2017-html/index.html#page/Managing_Windows%2Fwin_adm_install_a...
The defaul installation using the MST file installs Access feature only.... but if you modify the file and add the INSTALLLEVEL string with the value of 2000 then both Audit and Access features are installed.
Is there a value to have the agent install only the Audit feature?
04-03-2017 12:14 PM
Welcome to the Centrify Server Suite forum.
You can use the the INSTALLLEVEL=3 option. Here's the documentation:
In addition, remember that when you are configuring for DirectAudit, you have the installation and configuration. The step you describe deals with the installation.
Configuration may entail:
- Assigning a DirectAudit Installation
- Specifying what users/groups get audited or not
- Specyifng what users/groups are allowed to control the DirectAudit service.
You have several options here
We include several Group Policies that you can leverage. The system that has the consoles has them installed.
They are under
Computer Configuration\Policies\Centrify DirectAudit Settings\Common
Computer Configuration\Policies\Centrify DirectAudit Settings\Windows Agent Settings
Alternatively, you can use PowerShell if you are familiar with the registry entries.
The example below illustrates how you can modify the Installation.
# Setting the registry path $DAregistryPath = "HKLM:\Software\Centrify\DirectAudit\Agent\" # Testing if path exists first Test-Path $DAregistryPath # To Check the current value (Get-ItemProperty -Path $DAregistryPath).CurrentInstallation # To Set a new value (E.g. NewInstallationName) $KeyName = "CurrentInstallation" $Installation = "NewInstallationName" New-ItemProperty -Path $DAregistryPath -Name $KeyName -Value $Installation -PropertyType String -Force
04-03-2017 12:33 PM
Thanks for the quick reply, so to verify, for Auditing Only, the MST string INSTALLLEVEL=3 ? Not INSTALLLEVEL=3000 ? As the other value for Auditing and Access is INSTALLLEVEL=2000.
And yes we will be following the prereq "You first prepare (pre-create) the Windows computer account in the appropriate zone.." prior to deploying the agent
04-03-2017 12:58 PM
From the online documentation:
To install the Centrify Windows agent silently: 1 Open a Command Prompt window or prepare a software distribution package for deployment on remote computers. 2 Run the installer for the Centrify Windows agent package for a 64-bit architecture with the appropriate command line options. For example, to install the Centrify Common Component on a computer with 64-bit architecture, run the following command: msiexec /i "Centrify Common Component64.msi" /qn If you want to enable only the auditing features on a 64-bit computer, you would use the command-line option INSTALLLEVEL=3 and run the following command: msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=3 If you want to enable both auditing and access control features on a computer with a 64‑bit operating system and use the values defined in the Group Policy Deployment.mst file, you would run the following command: msiexec /i "Centrify Windows Agent64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"
04-03-2017 01:52 PM
Thanks again, just lots of documentation linking and overlooking, so from what I can ascertain you can call the INSTALLLEVEL flag inside the MST by making an entry for it it, OR call it externally as below... correct?
Silent Install - Auditing and Access: msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=2000
Silent Install – Audit Only: msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=3
Silent install – Access Only (Default): msiexec /i "Centrify Common Component64.msi" /qn
04-03-2017 02:04 PM
04-04-2017 04:10 AM
I obtained the 2000 from the link in the beginning post. https://docs.centrify.com/en/css/suite2017-html/index.html#page/Managing_Windows%2Fwin_adm_install_a...
Do a search on the above page for 2000 and you will be taken to the source.
If this is no longer valid for the 2017 version please advise, as we'd need available INSTALLLEVEL options given my government customer's differing agent install requirements across the enterprise.
05-09-2017 01:40 PM
I know it's been a while but better late than never
- INSTALLLEVEL=2: only install "Access"
- INSTALLLEVEL=3: only install "Audit"
If you want both, use the ADDLOCAL option, e.g.
msiexec /qn /i "Centrify Agent for Windows64.msi" ADDLOCAL=ALL