Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SafeNet Agent for Windows Logon

Deploying the agent via Microsoft Endpoint Configuration Manager

search

Please Note:

Deploying the agent via Microsoft Endpoint Configuration Manager

This section describes the steps to deploy the agent via Microsoft Endpoint Configuration Manager, formerly known as, Microsoft System Center Configuration Manager (SCCM).

Note

The agent deployment is tested with Microsoft Endpoint Configuration Manager version 2203.

Prerequisites

As a prerequisite,

  • Microsoft Endpoint Configuration Manager must be installed on the admin machine from which the agent will be deployed on the client machines.
  • Configuration Manager client must be installed on all the machines in which the agent needs to be deployed.

Installing the agent

Installing the agent involves the following steps:

Creating an application in Microsoft Endpoint Configuration Manager

  1. Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.

  2. On the Create Application Wizard window, under General, in the Location field, enter the file path where the SafeNet Agent for Windows Logon MSI is present in UNC format.

    For example, \\WIN-8INCV9BLBCT\Shared\SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.MSI

    Note

    Use the default MSI name as provided in the downloaded agent package.

    Click Next.

  3. On the Import Information window, click Next.

  4. On the General Information window, perform the following steps:

    1. In the Name field, enter the application name of your choice or proceed with the default name, that is, SafeNet Authentication Service Agent for Win 8-10-2012-2016.

    2. In the Publisher field, enter the company name. For example, Thales.

    3. In the Software version field, enter the version of the agent. For example, 3.5.2.

    4. In the Installation program field, enter the following command:

      msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.MSI" /quiet TOKENVALIDATORLOCATION=<Primary SafeNet Server IP address or hostname or FQDN>

      Note

      With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).

    5. In the Install behavior drop-down, ensure Install for system is selected.

    6. Click Next.

  5. On the Summary window, click Next.

  6. On the Completion window, click Close.

Distributing the content (application)

  1. On the Configuration Manager console, in the right pane, under Applications, right-click the application that you have created in the above step, and then click Distribute Content.

  2. On the Distribute Content Wizard, under General, click Next.

  3. On the Content window, ensure that your application name is listed and then click Next.

  4. On the Content Destination window, click Add and then click Distribution Point.

  5. On the Add Distribution Points window, under Available distribution points, select the distribution point that will host the content.

    Click OK.

  6. On the Content Destination window, click Next.

  7. On the Summary window, click Next.

  8. On the Completion window, click Close.

Deploying the application into client machines

  1. Under Applications, right-click the application that you have created in Creating an Application in Microsoft Endpoint Configuration Manager section and then click Deploy.

  2. On the Deploy Software Wizard, under General, click Browse displayed against the Collection field.

  3. Now, under Select Collection window, select Device Collections from the drop-down.

  4. Under Device Collections, select the device collection where you want to deploy the agent and then click OK.

  5. On the General window, click Next.

  6. Under General > Content, ensure that the distribution point that you have selected in Distributing the content (Application) is listed and then click Next.

  7. Under General > Deployment Settings, in Purpose, select Required from the drop-down and then click Next.

  8. Under General > Scheduling, proceed with the default settings and click Next.

  9. Under General > User Experience, proceed with the default settings and click Next.

  10. Under General > Alerts, proceed with the default settings and click Next.

  11. On the Summary window, click Next.

  12. On the Completion window, click Close.

Pushing computer policy to the client machines

  1. In the left pane, click Assets and Compliance > Device Collections.

  2. Under Device Collections, in the right pane, right-click the device collection that you have selected in Step 3 of Deploying the application into client machines section. Click Client Notification and then click Download Computer Policy.

  3. On the Configuration Manager pop-up, click OK.

After following the above steps, the agent will be successfully deployed on the client machine.

Note

Restart might be required after the installation.

Configuring the registry settings

This section involves the steps to configure the registry key values as per your requirement. After the configuration, the updated registry key values will be pushed to the client machines.

Perform the following steps to configure the registry settings:

Copy the SCCM-Deployment folder from the downloaded agent package

  1. Copy the SCCM-Deployment folder from the downloaded agent package and paste it on your local machine. The files present in this folder will be used later.

    The SCCM-Deployment folder contains the following two files:

    • ConfigurationSetup.cmd
    • RegistryConfiguration.reg

    Note

    If you rename the registry file named RegistryConfiguration, then update the same in ConfigurationSetup.cmd file.

  2. To update the registry file, perform the following steps:

    1. Open the RegistryConfiguration.reg file in any text editor.

    2. Uncomment the specific registry entry that you want to change by removing semi-colon (;).

    3. Change the registry key's value as per your requirement. For example, change the LogLevel key value from 3 to 4.

      For more details about the Registry Settings, click here.

    Save the RegistryConfiguration.reg file after making the required changes. It is recommended that you take a backup of the updated RegistryConfiguration.reg file for contigencies.

Creating an application in Microsoft Endpoint Configuration Manager

To push the updated registry settings into the client machines, you need to create an application and deploy it.

  1. Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.

  2. On the Create Application Wizard, under General, select Manually specify the application information radio button, and then click Next.

  3. Under General > General Information, perform the following steps:

    1. In the Name field, enter the name of the application. For example, WLARegistrySettings.

    2. In the Publisher field, enter the company name. For example, Thales.

    3. In the Software version field, enter the version of the agent for these registry settings. For example, 3.5.2.

    4. Click Next.

  4. Under General > Software Center, proceed with the default settings and click Next.

  5. Under General > Deployment Types, click Add.

  6. On the Create Deployment Type Wizard, under General, select Script Installer from the Type drop-down and then click Next.

  7. Under General > General Information, in the Name field, enter a name for the deployment type. For example, WLARegistrySettings and then click Next.

  8. Under General > Content,

    1. In the Content location field, enter the SCCM-Deployment folder path in the UNC format that you have copied in Step 1 of Copy the SCCM-Deployment folder from the downloaded package section.

      For example, \\WIN-8INCV9BLBCT\Shared\SCCM-Deployment

    2. In the Installation program field, enter the CMD file name present in the SCCM-Deployment folder. For example, ConfigurationSetup.CMD.

    Click Next.

  9. Under General > Detection Method, click Add Clause.

    1. On the Detection Rule window, perform the following steps:

      1. In the Setting Type field, ensure that File System is selected.

      2. In the Type field, ensure that File is selected.

      3. In the Path field, enter C:\Windows\Temp\WLASCCM.

        Note

        The above path is mentioned in ConfigurationSetup.CMD file, which is present in the SCCM-Deployment folder.

      4. In the File or folder name field, enter the registry file name (for example, RegistryConfiguration.reg) that is present in the SCCM-Deployment folder.

      5. Un-check This file or folder is associated with a 32-bit application on 64-bit systems checkbox.

      6. Click OK.

  10. Under General > Detection Method, click Next.

  11. Under General > User Experience, perform the following steps:

    1. In Installation behavior, select Install for system from the drop-down.

    2. In Logon requirement, select Whether or not a user is logged on from the drop-down.

    3. In Installation program visibility, select Hidden from the drop-down.

    4. Click Next.

  12. Under General > Requirements, click Next.

  13. Under General > Dependencies, click Add.

    1. On the Add Dependency window, in the Dependency group name field, enter the dependency group name. For example, SafeNet Agent and then click Add.

    1. On the Specify Required Application window, perform following steps:

      1. Under Available applications, click the application name that you have created in Creating an Application in Microsoft Endpoint Configuration Manager section.

        For example, SafeNet Authentication Service Agent for Win 8-10-2012-2016.

      2. Under Deployment types for selected application, select the MSI checkbox.

      3. Click OK.

  14. On the Add Dependency window, uncheck the checkbox under the Auto Install column (displayed against the application that you have selected in previous step) and then click OK.

  15. Click Next.

  16. On the Summary window, click Next.

  17. On the Completion window, click Close.

  18. On the Create Application Wizard, under General > Deployment Types, click Next.

  19. On the Summary window, click Next.

  20. On the Completion window, click Close.

Distributing the content (application)

Perform the steps mentioned in Distributing the content (Application) section to distribute the WLARegistrySettings application, which you have created in the above step.

Deploying the application into client machines

Perform the steps mentioned in Deploying the application into client machines section to deploy the WLARegistrySettings application, which you have created in the above step.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the WLARegistrySettings application, which you have created in the above step.

Uninstalling the agent

This section involves the following steps to uninstall the agent:

  1. Deleting the deployment from Device Collection
  2. Deploying the application into client machines for uninstallation
  3. Pushing computer policy to the client machines

Deleting the deployment from Device Collection

  1. In the left pane, click Assets and Compliance > Overview > Device Collections.

  2. Under Device Collections, in the right pane, click on the device collection from where you want to uninstall the agent. Then, at the bottom pane, click on your device collection tile to view the Deployments.

  3. Under the Deployments tab, right-click on SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment and click Delete.

    Note

    This deletion will only delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 deployment from the device collection. It will not delete the SafeNet Authentication Service Agent for Win 8-10-2012-2016 application from the Software Library.

  4. On the Configuration Manager pop-up, click Yes.

Deploying the application into client machines for uninstallation

  1. Perform Step 1 to Step 5 of Deploying the application into client machines section to deploy the application into client machines for uninstalling the agent.

  2. Now, on the General > Deployment Settings window, select Uninstall from the Action drop-down, and then click Next.

  3. To complete the deployment, perform Step 7 to Step 11 of Deploying the application into client machines section.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push computer policy to the client machines for SafeNet Authentication Service Agent for Win 8-10-2012-2016 application, which you have created for agent installation.

After following the steps, a new computer policy for uninstalling the agent will be pushed to the client machines.

Note

This step will uninstall the agent from the client machines. However, in Software Center, sometimes, the uninstall deployment application shows the Removal failed error. It can be removed if you delete the uninstall deployment from the Configuration Manager console (refer to the steps mentioned in Deleting the deployment from Device Collection section).

Upgrading the agent

Upgrading the agent involves the following steps:

Creating an application with new agent version in Microsoft Endpoint Configuration Manager

Perform the following steps to create an application for the latest version of the agent. Afterwards, we will link this newly created application with the application that has an older version of the agent (for the upgrade).

  1. Open the Configuration Manager console. In the left pane, click Software Library > Application Management > Applications > Create Application.

  2. On the Create Application Wizard, under General, in the Location field, enter the file path in UNC format where new version of the agent MSI is present, and then click Next.

    For example, \\WIN-8INCV9BLBCT\Shared\NewWLA\SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi

    Note

    Use the default MSI name provided in the downloaded agent package.

  3. Under General > Import Information, click Next.

  4. Under General Information, perform the following steps:

    1. In the Name field, enter the application name of your choice or proceed with the default name, that is, SafeNet Authentication Service Agent for Win 8-10-2012-2016_3.6.0.

    2. In the Publisher field, enter the company name. For example, Thales.

    3. In the Software version field, enter the version of the agent. For example, 3.6.0.

    4. In the Installation program field, enter the following command:

      msiexec /i "SafeNet Authentication Service Agent for Win 8-10-2012-2016 x64.msi" /quiet REINSTALLMODE=vomus REINSTALL=ALL

      Note

      With the above command, after the agent installation, hard restart will be triggered on the client device. To avoid this, append /norestart parameter in the above command and ensure that you restart the client device later (for the agent to work properly).

    5. In the Install behavior drop-down, ensure that Install for system is selected.

    6. Click Next.

  5. On the Summary window, click Next.

  6. On the Completion window, click Close.

Creating supersedence relationship

  1. Under Software Library > Application Management > Applications, right-click on the new application that you have created in above step, and then click Properties.

  2. Under Supersedence tab, click Add.

  3. On the Specify Supersedence Relationship window, click Browse against the Superseded Application field.

  4. On the Choose Application window, select the application that has older version of the agent, which needs to be replaced with the new application. Click OK.

  5. Under the New Deployment Type column, select the deployment type of the new application from the drop-down.

  6. Under the Uninstall column, ensure that the checkbox is not selected.

  7. Click OK.

  8. Click Apply and then click OK.

Updating detection method for the upgrade

  1. Under Applications, click on the new application that you have created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager section.

  2. In the bottom pane, click the application tile. Under the Deployment Types tab, right-click on the deployment type and then click Properties.

  3. On the SafeNet Authentication Service Agent for Win 8-10-2012-2016 - Windows Installer (.msi file) Properties window, click the Detection Method tab. Select the clause and then click Edit Clause*.

  4. On the Detection Rule window, perform the following steps:

    1. Click This MSI product code must exist on the target system and the following condition must be met to indicate presence of this application radio button.

    2. In the Value field, enter the latest product version of the agent MSI. For example, 3.6.0.2637.

    3. Click OK.

  5. Click Apply and then click OK.

Distributing the content (application)

Perform the steps mentioned in Distributing the content (Application) section to distribute the application that you have created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

Deploying the application into client machines

Perform the steps mentioned in Deploying an application into client machines section to deploy the application that you have created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

Pushing computer policy to the client machines

Perform the steps mentioned in Pushing computer policy to the client machines section to push the computer policy to the client machines for the application that you have created in Creating an application with new agent version in Microsoft Endpoint Configuration Manager.

After following the above steps, old version of the agent will be replaced with the new version on the client machines.

Note

Restart might be required after the upgrade.

On this page