Deploying the agent via Microsoft Endpoint Configuration Manager
This section describes the steps to deploy the agent via Microsoft Endpoint Configuration Manager, formerly known as, Microsoft System Center Configuration Manager (SCCM).
The agent deployment is tested with Microsoft Endpoint Configuration Manager version 2203.
Prerequisites
As a prerequisite,
-
Microsoft Endpoint Configuration Manager must be installed on the admin machine from which the agent will be deployed on the client machines.
-
Configuration Manager client must be installed on all the machines in which the agent needs to be deployed.
Installing the agent
Installing the agent involves the following steps:
Creating a folder for agent installation
Place the following files in a new folder (for example, SafeNetAgent), to be shared with the client machines for agent installation:
-
.agent file
-
.MSI file
-
.CMD file
Now, perform the following steps:
-
For the .agent and .MSI (SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi) files, copy the files that you have downloaded in Creating an Application in STA section, and paste in the new folder (SafeNetAgent) on your local machine.
Ensure to use the default name of the downloaded MSI file.
-
For the .CMD (Windows Command Script) file, create a new file in the above created folder, and enter the following command in the file using any text editor.
msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.MSI" /quiet AGENTMODE=1
With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).
Save the file with .CMD extension (for example, ConfigurationSetup.CMD). This file will be used to install the agent.
Creating an Application in Microsoft Endpoint Configuration Manager
-
Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.
-
On the Create Application Wizard window, under General, click Manually specify the application information radio button.
-
Click Next.
-
On the General Information window, perform the following steps:
-
In the Name field, enter the name of the application. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016
-
In the Publisher field, enter the company name. For example, Thales.
-
In the Software version field, enter the version of the agent. For example, 3.5.2.
-
Click Next.
-
-
On the Software Center window, proceed with the default settings and click Next.
-
On the Deployment Types window, click Add.
-
On the Create Deployment Type Wizard, under General, select Script Installer from the Type drop-down. Click Next.
-
Under General Information, in the Name field, enter the name for the deployment type. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016. Click Next.
-
Under Content, perform the following steps:
- In the Content location field, enter the folder path that you created in Creating a folder for the agent installation section in the UNC format. For example, \WIN-8INCV9BLBCT\Shared\SafeNetAgent.
- In the Installation program field, enter the CMD file name present in the folder that you created in Creating a folder for the agent installation section. For example, ConfigurationSetup.CMD.
- In the Uninstall program field, enter the following command:
msiexec /x {523727B0-D5D5-4392-935B-BFEAA70F29A6} /q
- Click Next.
-
Under Detection Method, click Add Clause. Then, on the Detection Rule window, perform the following steps:
- In Setting Type, select Windows Installer from the drop-down.
- In the Product code field, enter {523727B0-D5D5-4392-935B-BFEAA70F29A6}.
- Click OK.
Click Next
-
Under User Experience, perform the following steps:
- In Installation behavior, select Install for system from the drop-down.
- In Logon requirement , select Whether or not a user is logged on from the drop-down.
- In Installation program visibility, select Hidden from the drop-down.
- Click Next.
-
Under Requirements, click Next.
-
Under Dependencies, click Next.
-
On the Summary window, click Next.
-
On the Completion window, click Close.
-
-
On the Deployment Types window, click Next.
-
On the Summary window, click Next.
-
On the Completion window, click Close.
Distributing the content (Application)
-
On the Configuration Manager console, in the right pane, under Applications, right-click the application that you have created in the above step, and then click Distribute Content.
-
On the Distribute Content Wizard, under General, click Next.
-
On the Content window, ensure that your application name is listed and then click Next.
-
On the Content Destination window, click Add and then click Distribution Point.
-
On the Add Distribution Points window, under Available distribution points, select the distribution point that will host the content.
-
Click OK.
-
On the Content Destination window, click Next.
-
On the Summary window, click Next.
-
On the Completion window, click Close.
Deploying the application into client machines
-
Under Applications, right-click the application that you created in Creating an Application in Microsoft Endpoint Configuration Manager section and then click Deploy.
-
On the Deploy Software Wizard, under General, click Browse displayed against the Collection field.
Now, under Select Collection window, select Device Collections from the drop-down.
-
Under Device Collections, select the device collection where you want to deploy the agent and then click OK.
-
On the General window, click Next.
-
Under Content, ensure that the distribution point that you have selected in Distributing the content (Application) is listed and then click Next.
-
Under Deployment Settings, in Purpose, select Required from the drop-down and then click Next.
-
Under Scheduling, proceed with the default settings and click Next.
-
Under User Experience, proceed with the default settings and click Next.
-
Under Alerts, proceed with the default settings and click Next.
-
-
On the Summary window, click Next.
-
On the Completion window, click Close.
Pushing computer policy to the client machines
-
In the left pane, click Assets and Compliance > Device Collections.
-
Under Device Collections, in the right pane, right-click on the device collection that you have selected in Step 3 of Deploying the application into client machines section. Click Client Notification and then click Download Computer Policy.
-
On the Configuration Manager pop-up, click OK.
After following the above steps, the agent will be successfully deployed on the client machine.
Restart might be required after the installation.
Configuring the Registry Settings
This section involves the steps to configure the registry key values as per your requirement. After the configuration, the updated registry key values will be pushed to the client machines.
Perform the following steps to configure the registry settings:
Download the SCCM-Deployment folder
-
Click here to download the SCCM-Deployment folder.
-
Unzip the folder with the same name, that is, SCCM-Deployment. This folder contains the following two files:
-
ConfigurationSetup.cmd
-
RegistryConfiguration.reg
These files will be used later.
If you rename the registry file named RegistryConfiguration, then update the same in ConfigurationSetup.cmd file.
-
-
To update the registry file,
-
Open the RegistryConfiguration.reg file in any text editor.
-
Uncomment the specific registry entry that you want to change by removing semi-colon (;).
-
Change the registry key’s value as per your requirement. For example, change the LogLevel key value from 3 to 4.
For more details about the Registry Settings, click here.
-
-
Save the RegistryConfiguration.reg file after making the required changes.
It is recommended that you take a backup of the updated RegistryConfiguration.reg file for contigencies.
Creating an Application in Microsoft Endpoint Configuration Manager
To push the updated registry settings into the client machines, you need to create an application and deploy it.
-
Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.
-
On the Create Application Wizard, under General, select Manually specify the application information radio button and then click Next.
-
Under General > General Information, perform the following steps:
-
In the Name field, enter the name of the application. For example, WLARegistrySettings.
-
In the Publisher field, enter the company name. For example, Thales.
-
In the Software version field, enter the version of the agent for these registry settings. For example, 3.5.2.
-
Click Next.
-
-
Under General > Software Center, proceed with the default settings and click Next.
-
Under General > Deployment Types, click Add.
-
On the Create Deployment Type Wizard, under General, select Script Installer from the Type drop-down and then click Next.
-
Under General > General Information, in the Name field, enter a name for the deployment type. For example, WLARegistrySettings and then click Next.
-
Under General > Content,
-
In the Content location field, enter the SCCM-Deployment folder path in the UNC format that you downloaded in Download the SCCM-Deployment folder section.
For example, \WIN-8INCV9BLBCT\Shared\SCCM-Deployment
-
In the Installation program field, enter the CMD file name present in SCCM-Deployment folder. For example, ConfigurationSetup.CMD.
-
Click Next.
-
-
Under General > Detection Method, click Add Clause.
-
On the Detection Rule window, perform the following steps:
- In the Setting Type field, ensure that File System is selected.
- In the Type field, ensure that File is selected.
- In the Path field, enter C:\Windows\Temp\WLASCCM.
The above path is mentioned in ConfigurationSetup.CMD file, which is present in the SCCM-Deployment folder.
- In the File or folder name field, enter the registry file name (for example, RegistryConfiguration.reg) that is present in the SCCM-Deployment folder.
- Un-check This file or folder is associated with a 32-bit application on 64-bit systems checkbox.
- Click OK.
-
-
Under General > Detection Method, click Next.
-
Under General > User Experience, perform the following steps:
-
In Installation behavior, select Install for system from the drop-down.
-
In Logon requirement, select Whether or not a user is logged on from the drop-down.
-
In Installation program visibility, select Hidden from the drop-down.
-
Click Next.
-
-
Under General > Requirements, click Next.
-
Under General > Dependencies, click Add.
-
On the Add Dependency window, in the Dependency group name field, enter the dependency group name. For example, SafeNet Agent and then click Add.
-
On the Specify Required Application window, perform following steps:
- Under Available applications, click the application name that you created in Creating an Application in Microsoft Endpoint Configuration Manager section. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016.
- Under Deployment types for selected application, select the MSI checkbox.
- Click OK.
-
On the Add Dependency window, uncheck the checkbox under the Auto Install column (displayed against the application that you selected in previous step) and then click OK.
-
Click Next.
-
-
On the Summary window, click Next.
-
On the Completion window, click Close.
-
On the Create Application Wizard, under General > Deployment Types, click Next.
-
On the Summary window, click Next.
-
On the Completion window, click Close.
Distributing the content (Application)
Perform the steps mentioned in Distributing the content (Application) section to distribute the WLARegistrySettings application, which you created in the above step.
Deploying the application into client machines
Perform the steps mentioned in Deploying the application into client machines section to deploy the WLARegistrySettings application, which you created in the above step.
Pushing computer policy to the client machines
Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the WLARegistrySettings application, which you created in the above step.
After following the steps, new registry settings for the agent will be pushed to the client machines.
Uninstalling the agent
This section involves the following steps to uninstall the agent:
Deleting the deployment from Device Collection
-
In the left pane, click Assets and Compliance > Overview > Device Collections.
-
Under Device Collections, in the right pane, click on the device collection from where you want to uninstall the agent. Then, at the bottom pane, click on your device collection tile to view the deployments.
-
Under the Deployments tab, right-click on SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment, and click Delete.
This deletion will only delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment from the device collection. It will not delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 application from the Software Library.
-
On the Configuration Manager pop-up, click Yes.
Deploying the application into client machines for uninstallation
-
Perform Step 1 to Step 4(a) of Deploying the application into client machines section to deploy the application into client machines for uninstalling the agent.
-
Now, on the General > Deployment Settings window, select Uninstall from the Action drop-down, and then click Next.
-
To complete the deployment, perform Step 4(c) to Step 6 of Deploying the application into client machines section.
Pushing computer policy to the client machines
Perform the steps mentioned in Pushing computer policy to the client machines section to push computer policy to the client machines for SafeNet Authentication Service Agent for Win 8-10-2012-2016 application, which you have created for agent installation.
After following the steps, a new computer policy for uninstalling the agent will be pushed to the client machines.
This step will uninstall the agent from the client machines. However, in Software Center, sometimes, the uninstall deployment application shows the Removal failed error. It can be removed if you delete the uninstall deployment from the Configuration Manager console (refer to the steps mentioned in Deleting the deployment from Device Collection section).
Upgrading the agent
Upgrading the agent involves the following steps:
Creating a folder for the agent upgrade
Place the following files in a new folder (for example, SafeNetAgentUpgrade), to be shared with the client machines for agent upgrade:
-
.agent file
-
.MSI file
-
.CMD file
Now, perform the following steps:
-
For the .agent and .MSI (SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi) files, copy the files that you have downloaded in Creating an Application in STA section, and paste it in the new folder (SafeNetAgentUpgrade) on your local machine.
Ensure to use the default name of the downloaded MSI file.
-
For the .CMD (Windows Command Script) file, create a new file in the above created folder and enter the following command in any text editor:
msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi" /quiet REINSTALLMODE=vomus REINSTALL=ALL
For example, msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi" /quiet REINSTALLMODE=vomus REINSTALL=ALL JSONFILEPATH="\WIN-8INCV9BLBCT\Shared\SafeNet\file.agent"
With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).
Save the file with .CMD extension (for example, ConfigurationSetupUpgrade.CMD). This file will be used to upgrade the agent.
Creating an application with new agent version in Microsoft Endpoint Configuration Manager
Perform the following steps to create an application for the latest version of the agent. Afterwards, we will link this newly created application with the application that has older version of the agent (for the upgrade).
-
Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.
-
On the Create Application Wizard, under General, click Manually specify the application information radio button, and then click Next.
-
Under General Information, perform the following steps:
- In the Name field, enter the name of the application. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016_3.6.0
- In the Publisher field, enter the company name. For example, Thales.
- In the Software version field, enter the version of the agent. For example, 3.6.0.
- Click Next.
-
Under Software Center, proceed with the default settings and click Next.
-
Under Deployment Types, click Add.
-
On the Create Deployment Type Wizard,
- Under General, select Script Installer from the Type drop-down and then click Next.
- Under General Information, in the Name field, enter the name for this deployment type. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016_3.6.0. Click Next.
- Under Content, perform the following steps:
– In the Content location field, enter the folder path that you created in Creating a folder for the agent upgrade section in the UNC format. For example, \WIN-8INCV9BLBCT\Shared\SafeNetAgentUpgrade
– In the Installation program field, enter the CMD file name present in the SafeNetAgentUpgrade folder that you have created in Creating a folder for the agent upgrade section. For example, ConfigurationSetupUpgrade.CMD
– In the Uninstall program field, enter the following command:
msiexec /x {523727B0-D5D5-4392-935B-BFEAA70F29A6} /q
– Click Next.
- Under Detection Method, click Add Clause. Then, on the Detection Rule window, perform the following steps:
– In Setting Type, select Windows Installer from the drop-down.
– In the Product code field, enter {523727B0-D5D5-4392-935B-BFEAA70F29A6}.
– Select This MSI product code must exist on the target system and the following condition must be met to indicate presence of this application radio button.
– In the Value field, enter the product version of the new agent MSI. For example, 3.6.0.2637
– Click OK.
- Under Detection Method, click Next.
- Under User Experience, perform the following steps:
– In Installation behavior, select Install for system from the drop-down.
– In Logon requirement, select Whether or not a user is logged on from the drop-down.
– In Installation program visibility field, select Hidden from the drop-down.
– Click Next.
- Under Requirements, click Next.
- Under Dependencies, click Next.
- Under Summary, click Next.
- Under Completion, click Close.
-
-
On the Create Application Wizard, under Deployment Types, click Next.
-
On the Summary window, click Next.
-
On the Completion window, click Close.
Creating Supersedence relationship
-
Under Software Library > Application Management > Applications, right-click on the new application that you created in above step, and then click Properties.
-
Under Supersedence tab, click Add.
-
On the Specify Supersedence Relationship window, click Browse against the Superseded Application field. Then, on the Choose Application window, select the application that has older version of the agent, which needs to be replaced with the new application. Click OK.
-
Under the New Deployment Type column, select the deployment type of the new application from the drop-down.
-
Under the Uninstall column, ensure that the checkbox is not selected.
-
Click OK.
-
-
Click Apply and then click OK.
Distributing the content (Application)
Perform the steps mentioned in Distributing the content (Application) section to distribute the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.
Deploying the application into client machines
Perform the steps mentioned in Deploying an application into client machines section to deploy the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.
Pushing computer policy to the client machines
Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.
After following the above steps, old version of the agent will be replaced with the new version on the client machines.
Restart might be required after the upgrade.