[HOWTO] Silently Install Centrify Agent for Windows using msiexec

[HOWTO] Silently Install Centrify Agent for Windows using msiexec

By Centrify on ‎12-29-2017 09:30 AM - last edited ‎10-11-2018 03:38 PM

Background
This technical blog post will cover the various scenarios when silently installing the Centrify agent for Windows. 
Intended Objective

 

This technical blog post is intended to highlight one (of many) deployment methods

 

One can silently install one of three ways:

  1. Install via msiexec
  2. Install using Group Policy
  3. Install using 3rd Party tool such as SCCM. 

 

Considerations / Pre-requisites

 
 

This post is assuming you are using Suite 2017.2 or greater. In addition, the following have been completed:

 

  • Downloaded and installed Orca.exe
  • Downloaded a copy of Suite 2017.2
  • Pre-create Computer object in Zone if enabling Centrify Privilege Elevation Service
Before installing the Windows agent, verify the computer on which you plan to install meets the following requirements:
  • The computer is running a supported Windows operating system version.
  • The computer is joined to Active Directory.
  • The computer has sufficient processing power, memory, and disk space for the agent to use.
  • The computer has the .NET Framework, version 4.5.2 or later.
  • The computer has Windows Installer version 3.1, or later.

 

Use Case:

 

  1. Install Centrify Agent for Windows with only "Centrify Identity Service Platform" service enabled. 
  2. Install Centrify Agent for Windows with only "Centrify Auditing and Monitoring" 
  3. Install Centrify Agent for Windows with "Centrify Privilege Elevation Service"

 

Instructions 

 

  1. Open Orca.
  2. File > Open and open the Centrify Agent for Windows64.msi file located in the Agent folder in the Centrify download location. 
  3. Select Transform > Apply Transform 
  4. Navigate to the Agent folder in the Centrify download location and open Group Policy Deployment.mst.

 

Option 1: Only "Centrify Identity Service Platform service" enabled (Windows MFA)

 

image.png

 

5. Select the Property table on the left hand side and add the following:                                               

  • (Required) Property: REG_ZONELESS_MFA_TENANT Value: Tenant URL (Ex: aaa1234.my.centrify.com)
  • (Optional) Property: REG_ZONELESS_MFA_ENABLED Value: true or false. Default Value = false
  • (Optional) Property: REG_EFFECTIVE_ZONELESS_MFA_USERS Value:  Comma-Seperated user or group names. Default Value = * (All AD users) Note: This only applies if  REG_ZONELESS_MFA_ENABLED is set. 

 

Option 2: Only "Centrify Auditing and Monitoring service" enabled 

 

screenshot-1.png

 

5. Select the Property table on the left hand side and add the following:                                               

  • (Required) Property: REG_CURRENT_INSTALLATION Value: Direct Audit Installation Name (Ex: <DefaultInstallation>)
  • (Optional) Property: REG_MAX_FORMAT Value:  0, 1, 2, 3, or 4 . Default = 1 (1 for a low resolution with an 8-bit color depth)
  • (Optional) Property: REG_DISK_CHECK_THRESHOLD Value: Positive Numeric. Default = 10 (10 % disk remaining)

 

 Option 3: "Centrify Privilege Elevation Service" enabled 

 

screenshot-1.png

 

5. Ensure the Computer has been pre-created for the zone. 

  • In order for the computer to join a zone during installation, the Group Policy Deployment.mst file must specify the GPDeployment property with a value of 1.

 

 

  1. After you have made all necessary modifications, select Transform > Generate Transform to save your modifications. Be sure to save the MST file in a different directory as the original. 
  2. Close Orca
  3. Move / overwrite the orignial MST file with the newly created one. 
  4. Run: msiexec /i "Centrify Agent for Windows64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"

Note: Ensure the newly generated MST file is in the same directory as the MSI file. 

 

 

 

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel