Deploying the agent via Microsoft Endpoint Configuration Manager

This section describes the steps to deploy the agent via Microsoft Endpoint Configuration Manager, formerly known as, Microsoft System Center Configuration Manager (SCCM). It involves the following steps:

• Installing the agent

• Configuring the Registry Settings

• Uninstalling the agent

• Upgrading the agent

• Deploying the updated agent configuration file

The agent deployment is tested with Microsoft Endpoint Configuration Manager version 2203.

Prerequisites

As a prerequisite,

• Microsoft Endpoint Configuration Manager must be installed on the admin machine from which the agent will be deployed on the client machines.

• Configuration Manager client must be installed on all the machines in which the agent needs to be deployed.

Installing the agent

Installing the agent involves the following steps:

1. Creating a folder for agent installation

2. Creating an Application in Microsoft Endpoint Configuration Manager

3. Distributing the content (Application)

4. Deploying the application into client machines

5. Pushing computer policy to the client machines

Creating a folder for agent installation

Place the following files in a new folder (for example, SafeNetAgent), to be shared with the client machines for agent installation:

• .agent file

• .MSI file

• .CMD file

Now, perform the following steps:

1. For the .agent and .MSI (SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi) files, copy the files that you have downloaded in Creating an Application in STA section, and paste in the new folder (SafeNetAgent) on your local machine.

   Ensure to use the default name of the downloaded MSI file.

2. For the .CMD (Windows command script) file, create a new file in the above created folder, and enter the following command in the file using any text editor.

   msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.MSI" /quiet AGENTMODE=1

   With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).

   Save the file with .CMD extension (for example, ConfigurationSetup.CMD). This file will be used to install the agent.

Creating an Application in Microsoft Endpoint Configuration Manager

1. Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.

   

2. On the Create Application Wizard window, under General, select the Manually specify the application information radio button, and then click Next.

   

3. On the General > General Information window, perform the following steps:

   1. In the Name field, enter a name of the application. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016.

   2. In the Publisher field, enter the company name. For example, Thales.

   3. In the Software version field, enter the version of the agent. For example, 3.5.2.

   4. Click Next.

      

4. On the General > Software Center window, proceed with the default settings and click Next.

5. On the General > Deployment Types window, click Add.

   

   On the Create Deployment Type Wizard,

   1. Under General, select Script Installer from the Type dropdown, and then click Next.

      

   2. Under General > General Information, in the Name field, enter a name for the deployment type. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016, and then click Next.

      

   3. Under General > Content, perform the following steps:

      1. In the Content location field, enter the folder path that you created in Creating a folder for the agent installation section in the UNC format. For example, \WIN-8INCV9BLBCT\Shared\SafeNetAgent.
      2. In the Installation program field, enter the CMD file name present in the folder that you created in Creating a folder for the agent installation section. For example, ConfigurationSetup.CMD.
      3. In the Uninstall program field, enter the following command:

         msiexec /x {523727B0-D5D5-4392-935B-BFEAA70F29A6} /q

         

      4. Click Next.

   4. Under General > Detection Method, click Add Clause. Then, on the Detection Rule window, perform the following steps:

      1. From the Setting Type dropdown, select Windows Installer.
      2. In the Product code field, enter {523727B0-D5D5-4392-935B-BFEAA70F29A6}.
      3. Click OK.

         

      4. Click Next.

   5. Under General > User Experience, perform the following steps:

      1. From the Installation behavior dropdown, select Install for system.
      2. From the Logon requirement dropdown, select Whether or not a user is logged on.
      3. From the Installation program visibility dropdown, select Hidden.
      4. Click Next.

         

   6. Under General > Requirements, click Next.

   7. Under General > Dependencies, click Next.

   8. On the Summary window, click Next.

   9. On the Completion window, click Close.

6. On the Deployment Types window, click Next.

7. On the Summary window, click Next.

8. On the Completion window, click Close.

Distributing the content (Application)

1. On the Configuration Manager console, in the right pane, under Applications, right-click the application that you have created in the above step, and then click Distribute Content.

   

2. On the Distribute Content Wizard, under General, click Next.

3. On the General > Content window, ensure that your application name is listed, and then click Next.

   

4. On the General > Content Destination window, click Add, and then click Distribution Point.

   

5. On the Add Distribution Points window, under Available distribution points, select the distribution point that will host the content.

   

6. Click OK.

7. On the Content Destination window, click Next.

8. On the Summary window, click Next.

9. On the Completion window, click Close.

Deploying the application into client machines

1. Under Applications, right-click the application that you created in Creating an Application in Microsoft Endpoint Configuration Manager section, and then click Deploy.

   

2. On the Deploy Software Wizard, under General, click Browse displayed against the Collection field.

   

   Now, under Select Collection window, select Device Collections from the dropdown.

   

3. Under Device Collections, select the device collection where you want to deploy the agent, and then click OK.

   

4. On the General window, click Next.

   1. Under Content, ensure that the distribution point that you have selected in Distributing the content (Application) is listed, and then click Next.

      

   2. Under Deployment Settings, from the Purpose dropdown, select Required, and then click Next.

      

   3. Under Scheduling, proceed with the default settings and click Next.

   4. Under User Experience, proceed with the default settings and click Next.

   5. Under Alerts, proceed with the default settings and click Next.

5. On the Summary window, click Next.

6. On the Completion window, click Close.

Pushing computer policy to the client machines

1. In the left pane, click Assets and Compliance > Device Collections.

   

2. Under Device Collections, in the right pane, right-click on the device collection that you have selected in Step 3 of Deploying the application into client machines section. Click Client Notification and then click Download Computer Policy.

   

3. On the Configuration Manager pop-up, click OK.

   

After following the above steps, the agent will be successfully deployed on the client machine.

Restart might be required after the installation.

Configuring the Registry Settings

This section involves the steps to configure the registry key values as per your requirement. After the configuration, the updated registry key values will be pushed to the client machines.

Perform the following steps to configure the registry settings:

1. Download the SCCM-Deployment folder

2. Creating an Application in Microsoft Endpoint Configuration Manager

3. Distributing the content (Application)

4. Deploying the application into client machines

5. Pushing computer policy to the client machines

Download the SCCM-Deployment folder

1. Click here to download the SCCM-Deployment folder.

2. Unzip the folder with the same name, that is, SCCM-Deployment. This folder contains the following two files:

   • ConfigurationSetup.cmd

   • RegistryConfiguration.reg

   These files will be used later.

   If you rename the registry file named RegistryConfiguration, then update the same in ConfigurationSetup.cmd file.

3. To update the registry file,

   1. Open the RegistryConfiguration.reg file in any text editor.

   2. Uncomment the specific registry entry that you want to change by removing semi-colon (;).

   3. Change the registry key’s value as per your requirement. For example, change the LogLevel key value from 3 to 4.

      For more details about the Registry Settings, click here.

4. Save the RegistryConfiguration.reg file after making the required changes.

   It is recommended that you take a backup of the updated RegistryConfiguration.reg file for contigencies.

Creating an Application in Microsoft Endpoint Configuration Manager

To push the updated registry settings into the client machines, you need to create an application and deploy it.

1. Perform Step 1 and Step 2 mentioned in the Creating an Application in Microsoft Endpoint Configuration Manager section.

2. Under General > General Information, perform the following steps:

   1. In the Name field, enter a name of the application. For example, WLARegistrySettings.

   2. In the Publisher field, enter the company name. For example, Thales.

   3. In the Software version field, enter the version of the agent for these registry settings. For example, 3.5.2.

   4. Click Next.

      

3. Under General > Software Center, proceed with the default settings and click Next.

4. Under General > Deployment Types, click Add.

5. On the Create Deployment Type Wizard, under General, select Script Installer from the Type dropdown, and then click Next.

6. Under General > General Information, in the Name field, enter a name for the deployment type. For example, WLARegistrySettings, and then click Next.

7. Under General > Content,

   1. In the Content location field, enter the SCCM-Deployment folder path in the UNC format that you downloaded in Download the SCCM-Deployment folder section.

      For example, \WIN-8INCV9BLBCT\Shared\SCCM-Deployment

   2. In the Installation program field, enter the CMD file name present in SCCM-Deployment folder. For example, ConfigurationSetup.CMD.

      

   3. Click Next.

8. Under General > Detection Method, click Add Clause.

   1. On the Detection Rule window, perform the following steps:

      1. From the Setting Type dropdown, ensure that File System is selected.
      2. From the Type dropdown, ensure that File is selected.
      3. In the Path field, enter C:\Windows\Temp\WLASCCM.

         The above path is mentioned in ConfigurationSetup.CMD file, which is present in the SCCM-Deployment folder.

      4. In the File or folder name field, enter the registry file name, for example, RegistryConfiguration.reg that is present in the SCCM-Deployment folder.
      5. Un-check This file or folder is associated with a 32-bit application on 64-bit systems checkbox.
      6. Click OK.

         

9. Under General > Detection Method, click Next.

10. Under General > User Experience, perform the following steps:

    1. From the Installation behavior dropdown, select Install for system.

    2. From the Logon requirement dropdown, select Whether or not a user is logged on.

    3. From the Installation program visibility dropdown, select Hidden.

    4. Click Next.

       

11. Under General > Requirements, click Next.

12. Under General > Dependencies, click Add.

    1. On the Add Dependency window, in the Dependency group name field, enter the dependency group name. For example, SafeNet Agent, and then click Add.

       

    2. On the Specify Required Application window, perform following steps:

       1. Under Available applications, click the application name that you created in Creating an Application in Microsoft Endpoint Configuration Manager section. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016.
       2. Under Deployment types for selected application, select the MSI checkbox.
       3. Click OK.

          

    3. On the Add Dependency window, uncheck the checkbox under the Auto Install column (displayed against the application that you selected in previous step), and then click OK.

    4. Click Next.

13. On the Summary window, click Next.

14. On the Completion window, click Close.

15. On the Create Application Wizard, under General > Deployment Types, click Next.

16. On the Summary window, click Next.

17. On the Completion window, click Close.

Distributing the content (Application)

Perform the steps mentioned in Distributing the content (Application) section to distribute the WLARegistrySettings application, which you created in the above step.

Deploying the application into client machines

Perform the steps mentioned in Deploying the application into client machines section to deploy the WLARegistrySettings application, which you created in the above step.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the WLARegistrySettings application, which you created in the above step.

After following the steps, new registry settings for the agent will be pushed to the client machines.

Uninstalling the agent

This section involves the following steps to uninstall the agent:

1. Deleting the deployment from Device Collection

2. Deploying the application into client machines for uninstallation

3. Pushing computer policy to the client machines

Deleting the deployment from Device Collection

1. In the left pane, click Assets and Compliance > Overview > Device Collections.

2. Under Device Collections, in the right pane, click on the device collection from where you want to uninstall the agent. Then, at the bottom pane, click on your device collection tile to view the deployments.

   

3. Under the Deployments tab, right-click on SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment, and click Delete.

   

   This deletion will only delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment from the device collection. It will not delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 application from the Software Library.

4. On the Configuration Manager pop-up, click Yes.

   

Deploying the application into client machines for uninstallation

1. Perform Step 1 to Step 4(a) of Deploying the application into client machines section to deploy the application into client machines for uninstalling the agent.

2. Now, on the General > Deployment Settings window, select Uninstall from the Action dropdown, and then click Next.

   

3. To complete the deployment, perform Step 4(c) to Step 6 of Deploying the application into client machines section.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push computer policy to the client machines for SafeNet Authentication Service Agent for Win 8-10-2012-2016 application, which you have created for agent installation.

After following the steps, a new computer policy for uninstalling the agent will be pushed to the client machines.

This step will uninstall the agent from the client machines. However, in Software Center, sometimes, the uninstall deployment application shows the Removal failed error. It can be removed if you delete the uninstall deployment from the Configuration Manager console (refer to the steps mentioned in Deleting the deployment from Device Collection section).

Upgrading the agent

Upgrading the agent involves the following steps:

1. Creating a folder for the agent upgrade

2. Creating an application with new agent version in Microsoft Endpoint Configuration Manager

3. Creating Supersedence relationship

4. Distributing the content (Application)

5. Deploying the application into client machines

6. Pushing computer policy to the client machines

Creating a folder for the agent upgrade

Place the following files in a new folder (for example, SafeNetAgentUpgrade), to be shared with the client machines for agent upgrade:

• .agent file

• .MSI file

• .CMD file

Now, perform the following steps:

1. For the .agent and .MSI (SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi) files, copy the files that you have downloaded in Creating an Application in STA section, and paste it in the new folder (SafeNetAgentUpgrade) on your local machine.

   Ensure to use the default name of the downloaded MSI file.

2. For the .CMD (Windows Command Script) file, create a new file in the above created folder and enter the following command in any text editor:

   msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi" /quiet REINSTALLMODE=vomus REINSTALL=ALL

   For example, msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi" /quiet REINSTALLMODE=vomus REINSTALL=ALL JSONFILEPATH="\WIN-8INCV9BLBCT\Shared\SafeNet\file.agent"

   With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).

   Save the file with .CMD extension (for example, ConfigurationSetupUpgrade.CMD). This file will be used to upgrade the agent.

Creating an application with new agent version in Microsoft Endpoint Configuration Manager

Perform the following steps to create an application for the latest version of the agent. Afterwards, we will link this newly created application with the application that has older version of the agent (for the upgrade).

1. Perform Step 1 and Step 2 mentioned in the Creating an Application in Microsoft Endpoint Configuration Manager section.

   1. Under General > General Information, perform the following steps:

      1. In the Name field, enter a name of the application. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016_3.6.0.
      2. In the Publisher field, enter the company name. For example, Thales.
      3. In the Software version field, enter the version of the agent. For example, 3.6.0.
      4. Click Next.

      

   2. Under Software Center, proceed with the default settings and click Next.

   3. Under Deployment Types, click Add.

      

   4. On the Create Deployment Type Wizard,

      1. Under General, select Script Installer from the Type dropdown and then click Next.
      2. Under General Information, in the Name field, enter the name for this deployment type. For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016_3.6.0, and then click Next.
      3. Under Content, perform the following steps:

         – In the Content location field, enter the folder path that you created in Creating a folder for the agent upgrade section in the UNC format. For example, \WIN-8INCV9BLBCT\Shared\SafeNetAgentUpgrade

         – In the Installation program field, enter the CMD file name present in the SafeNetAgentUpgrade folder that you created in Creating a folder for the agent upgrade section. For example, ConfigurationSetupUpgrade.CMD.

         – In the Uninstall program field, enter the following command:

         msiexec /x {523727B0-D5D5-4392-935B-BFEAA70F29A6} /q

         

         – Click Next.

      4. Under Detection Method, click Add Clause. Then, on the Detection Rule window, perform the following steps:

         – From the Setting Type dropdown, select Windows Installer.

         – In the Product code field, enter {523727B0-D5D5-4392-935B-BFEAA70F29A6}.

         – Select This MSI product code must exist on the target system and the following condition must be met to indicate presence of this application radio button.

         – In the Value field, enter the product version of the new agent MSI. For example, 3.6.0.2637

         

         – Click OK.

      5. Under Detection Method, click Next.
      6. Under User Experience, perform the following steps:

         – From the Installation behavior dropdown, select Install for system.

         – From the Logon requirement dropdown, select Whether or not a user is logged on.

         – From the Installation program visibility dropdown, select Hidden.

         – Click Next.

         

      7. Under Requirements, click Next.
      8. Under Dependencies, click Next.
      9. Under Summary, click Next.
      10. Under Completion, click Close.

2. On the Create Application Wizard, under Deployment Types, click Next.

3. On the Summary window, click Next.

4. On the Completion window, click Close.

Creating Supersedence relationship

1. Under Software Library > Application Management > Applications, right-click on the new application that you created in the above step, and then click Properties.

   

2. Under Supersedence tab, click Add.

   1. On the Specify Supersedence Relationship window, click Browse against the Superseded Application field. Then, on the Choose Application window, select the application that has older version of the agent, which needs to be replaced with the new application, and then click OK.

      

   2. Under the New Deployment Type column, select the deployment type of the new application from the drop-down.

   3. Under the Uninstall column, ensure that the checkbox is not selected.

   4. Click OK.

      

3. Click Apply and then click OK.

Distributing the content (Application)

Perform the steps mentioned in Distributing the content (Application) section to distribute the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

Deploying the application into client machines

Perform the steps mentioned in Deploying an application into client machines section to deploy the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the application that you created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

After following the above steps, old version of the agent will be replaced with the new version on the client machines.

Restart might be required after the upgrade.

Deploying the updated agent configuration file

Perform the following steps to deploy the updated .agent file (downloaded from the STA console):

1. Downloading the SCCM deployment file

2. Creating an Application in Microsoft Endpoint Configuration Manager

3. Distributing the content (Application)

4. Deploying the application into client machines

5. Pushing computer policy to the client machines

Downloading the SCCM deployment file

1. Click here to download the UpdateAgentConfig_SCCM zip file.

2. Unzip the downloaded zip file. It contains UpdateAgentConfig.cmd command script.

3. Download the latest .agent file from the STA console and rename it to UpdatedWindowsLogon.agent.

4. Copy and paste the following in a network folder location (for example, \EC2AMAZ-6H5R2FL\Shared\UpdateAgentConfig_SCCM):

   1. UpdateAgentConfig.cmd command script

   2. UpdatedWindowsLogon.agent file

Creating an Application in Microsoft Endpoint Configuration Manager

1. Perform Step 1 and Step 2 mentioned in the Creating an Application in Microsoft Endpoint Configuration Manager section.

2. Under General > General Information, perform the following steps:

   1. In the Name field, enter a name of the application. For example, UpdateSafeNetAgentLogonConfiguration.

   2. In the Publisher field, enter the company name. For example, Thales.

   3. In the Software version field, enter the version of the agent. For example, 4.0.0.

   4. Click Next.

      

3. Under General > Software Center, proceed with the default settings and click Next.

4. Under General > Deployment Types, click Add.

5. On the Create Deployment Type Wizard, under General, select Script Installer from the Type dropdown, and then click Next.

6. Under General > General Information, in the Name field, enter a name for the deployment type. For example, UpdateSafeNetAgentLogonConfiguration, and then click Next.

7. Under General > Content,

   1. In the Content location field, enter the network path of the UpdateAgentConfig.cmd file that you have kept in a folder in Downloading the SCCM deployment file section.

      For example, \EC2AMAZ-6H5R2FL\Shared\UpdateAgentConfig_SCCM

   2. In the Installation program field, enter the CMD file name UpdateAgentConfig.cmd.

   3. Click Next.

      

8. Under General > Detection Method, click Add Clause.

   1. On the Detection Rule window, perform the following steps:

      1. From the Setting Type dropdown, ensure that File System is selected.
      2. From the Type dropdown, ensure that File is selected.
      3. In the Path field, enter C:\Windows\Temp\WlaAgent.
      4. In the File or folder name field, enter the agent file name UpdatedWindowsLogon.agent.
      5. Un-check This file or folder is associated with a 32-bit application on 64-bit systems checkbox.
      6. Click OK.

         

9. Under General > Detection Method, click Next.

10. Under General > User Experience, perform the following steps:

    1. From the Installation behavior dropdown, select Install for system.

    2. From the Logon requirement dropdown, select Whether or not a user is logged on.

    3. From the Installation program visibility dropdown, select Normal.

    4. Click Next.

       

11. Under General > Requirements, click Next.

12. Under General > Dependencies, click Add.

13. On the Summary window, click Next.

14. On the Completion window, click Close.

15. On the Create Application Wizard, under General > Deployment Types, click Next.

16. On the Summary window, click Next.

17. On the Completion window, click Close.

Distributing the content (Application)

Perform the steps mentioned in Distributing the content (Application) section to distribute the newly created application, that is, UpdateSafeNetAgentLogonConfiguration.

Deploying the application into client machines

Perform the steps mentioned in Deploying the application into client machines section to deploy the newly created application, that is, UpdateSafeNetAgentLogonConfiguration.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the newly created application, that is, UpdateSafeNetAgentLogonConfiguration.

After following the steps, the updated .agent file will be pushed to the client machines.