Silent Windows Agent Install MST Option for Audit Only

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 4
Registered: ‎04-03-2017
#1 of 8 4,565

Silent Windows Agent Install MST Option for Audit Only

Hello,

 

We are deploying the Centrify Windows Agent via SCCM, and according to the MST file options here: https://docs.centrify.com/en/css/suite2017-html/index.html#page/Managing_Windows%2Fwin_adm_install_a...

 

 

The defaul installation using the MST file installs Access feature only.... but if you modify the file and add the INSTALLLEVEL string with the value of 2000 then both Audit and Access features are installed.

Is there a value to have the agent install only the Audit feature?

Centrify Guru I
Posts: 2,454
Registered: ‎07-26-2012
#2 of 8 4,559

Re: Silent Windows Agent Install MST Option for Audit Only

@AndrewD,

 

Welcome to the Centrify Server Suite forum.

 

You can use the the INSTALLLEVEL=3 option.  Here's the documentation:

https://docs.centrify.com/en/css/suite2017-html/index.html#page/Managing_audit_installations/Install...

 

In addition, remember that when you are configuring for DirectAudit, you have the installation and configuration.  The step you describe deals with the installation.

 

Configuration may entail:

  • Assigning a DirectAudit Installation
  • Specifying what users/groups get audited or not
  • Specyifng what users/groups are allowed to control the DirectAudit service.

 

You have several options here

Group Policy

We include several Group Policies that you can leverage.  The system that has the consoles has them installed.

DA-GPOs.png

They are under

Computer Configuration\Policies\Centrify DirectAudit Settings\Common

Computer Configuration\Policies\Centrify DirectAudit Settings\Windows Agent Settings

 

PowerShell

Alternatively, you can use PowerShell if you are familiar with the registry entries.

 

The example below illustrates how you can modify the Installation.

 

# Setting the registry path
$DAregistryPath = "HKLM:\Software\Centrify\DirectAudit\Agent\" 

# Testing if path exists first
Test-Path $DAregistryPath

# To Check the current value
(Get-ItemProperty -Path $DAregistryPath).CurrentInstallation

# To Set a new value (E.g. NewInstallationName)
$KeyName = "CurrentInstallation" 
$Installation = "NewInstallationName" 

New-ItemProperty -Path $DAregistryPath -Name $KeyName -Value $Installation -PropertyType String -Force

 

R.P

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 4
Registered: ‎04-03-2017
#3 of 8 4,555

Re: Silent Windows Agent Install MST Option for Audit Only

Thanks for the quick reply, so to verify, for Auditing Only, the MST string INSTALLLEVEL=3    ?   Not INSTALLLEVEL=3000 ?  As the other value for Auditing and Access is INSTALLLEVEL=2000.

 

And yes we will be following the prereq "You first prepare (pre-create) the Windows computer account in the appropriate zone.."  prior to deploying the agent

Centrify Guru I
Posts: 2,454
Registered: ‎07-26-2012
#4 of 8 4,552

Re: Silent Windows Agent Install MST Option for Audit Only

@AndrewD,

 

From the online documentation:

https://docs.centrify.com/en/css/suite2017-html/index.html?_ga=1.185880941.531355619.1438708064#page...

 

To install the Centrify Windows agent silently:

    1 Open a Command Prompt window or prepare a software distribution package for deployment on remote computers.

    2 Run the installer for the Centrify Windows agent package for a 64-bit architecture with the appropriate command line options. 

    For example, to install the Centrify Common Component on a computer with 64-bit architecture, run the following command:

    msiexec /i "Centrify Common Component64.msi" /qn

    If you want to enable only the auditing features on a 64-bit computer, you would use the command-line option INSTALLLEVEL=3 and run the following command:

    msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=3

    If you want to enable both auditing and access control features on a computer with a 64‑bit operating system and use the values defined in the Group Policy Deployment.mst file, you would run the following command:

    msiexec /i "Centrify Windows Agent64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 4
Registered: ‎04-03-2017
#5 of 8 4,550

Re: Silent Windows Agent Install MST Option for Audit Only

Thanks again, just lots of documentation linking and overlooking, so from what I can ascertain you can call the INSTALLLEVEL flag inside the MST by making an entry for it it,  OR call it externally as below... correct?

 

Silent Install - Auditing and Access: msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=2000

 

Silent Install – Audit Only: msiexec /i "Centrify Windows Agent64.msi" /qn INSTALLLEVEL=3

 

Silent install – Access Only (Default):  msiexec /i "Centrify Common Component64.msi" /qn

Centrify Guru I
Posts: 2,454
Registered: ‎07-26-2012
#6 of 8 4,547

Re: Silent Windows Agent Install MST Option for Audit Only

@AndrewD,

 

I am not sure where you got the 2000 (please state the source)

The documentation clearly states the levels, for DA only, it's level 3.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 4
Registered: ‎04-03-2017
#7 of 8 4,491

Re: Silent Windows Agent Install MST Option for Audit Only

I obtained the 2000 from the link in the beginning post.  https://docs.centrify.com/en/css/suite2017-html/index.html#page/Managing_Windows%2Fwin_adm_install_a...

 

Do a search on the above page for 2000 and you will be taken to the source.

 

If this is no longer valid for the 2017 version please advise, as we'd need available INSTALLLEVEL options given my government customer's differing agent install requirements across the enterprise.

Centrify Guru I
Posts: 2,454
Registered: ‎07-26-2012
#8 of 8 4,147

Re: Silent Windows Agent Install MST Option for Audit Only

[ Edited ]

@AndrewD,

 

I know it's been a while but better late than never 

 

  • INSTALLLEVEL=2: only install "Access"
  • INSTALLLEVEL=3: only install "Audit"

 

If you want both, use the ADDLOCAL option, e.g.

msiexec /qn /i "Centrify Agent for Windows64.msi" ADDLOCAL=ALL

References:  https://docs.centrify.com/en/css/suite2017/centrify-win-adminguide.pdf

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: