KBI 311320 How To Deploy Argent for Security USB Monitoring Agent Through Active Directory Group Policy
Version
Argent for Security all versions
Date
Thursday, 3 December 2015
Summary
Argent for Security is using an Agent for USB monitoring on remote machines
In order for the ease of deployment Argent provides this agent in a MSI package which can be easily deployed by setting a Group Policy in the Active Directory
This document explains the step by step instructions to deploy Argent for Security USB Monitoring Agent
To download ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP tool:
Technical Background
Deployment Of Argent for Security USB Monitoring Agent On A Windows 2008 Server
Step 1 – Single Click To Create Argent for Security USB Agent MSI Package
The USB agent must be provided with Argent for Security Main Engine name for its functioning
When the Agent is deployed as an MSI package through Active Directory Group Policy, an unattended installation – without the user key in the Argent Main Engine name – is preferred
To accomplish this, the MSI package is created on the fly with a single click command file
Following are the steps to make the MSI Package on the fly
- Please copy ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP’ file to the folder “C:\Temp”
- Extract the zip file using ‘Extract Here’
- This will create a folder “C:\Temp\ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER” as shown below
Please edit the “ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.CMD”
Replace the string “###MAIN_ENGINE_NAME###” with the Argent for Security Main Engine name
Note: Please change only the text marked in red as shown above
There is one more such string in the script which is used for validation purpose
Please do not change it
- Execute the script ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.CMD’ using the option ‘Run As Administrator’ as shown below
- Multiple console windows appear as shown below
- When the CMDs exit, ‘ARGSOFT_USB_AGENT.msi’ will be created in the same folder as shown below
Use this MSI package for deployment
Step 2 – Create A Distribution Point
Follow the succeeding steps to create a distribution point which is a shared folder in the domain server
- Log on to the server as an Administrator
- Create a folder called ‘Argsoft_USB_Agent’
- Share the folder
- Set permissions on the share to allow access to the distribution package
- Copy the MSI package to the distribution point
Step 3 – Open Group Policy Management Console
Start -> Administrative Tools -> Group Policy Management
Step 4 – Add New Group Policy
- Select Group Policy Object
- Right Click and Select ‘New’ from the popup menu
Step 5 – Name The New Group Policy Object
- Name new group policy object as ‘Argsoft_USB_Agent’ and Click OK
Step 6 – Configure New Group Policy Object
- Select Argsoft_USB_Agent under Group Policy Objects
- Right Click and Select Edit from the popup menu
Step 7 – Configure Using Group Policy Management Editor
- Select Software Installation under Computer Configuration – >Software Settings
Step 8 – Add Package
- Right Click and Select ‘New – > Package’ from popup menu
Step 9 – Set The Path Of The Distribution Point
Please note that you must specify the UNC path of the shared installer package that you want
For example, \\Server\Argsoft_USB_Agent\ARGSOFT_USB_AGENT.MSI
Step 10 – Select ‘Advanced’ In Deploy Software
Step 11 – Configure Deployment Screen
- Select ‘Assigned’ in Deployment Type
- Check ‘Uninstall the application when it fails out of the scope of management’
- Click OK button
Step 12 – Configure Newly Created Group Policy Object
- Activate Group Policy Management Console
Step 13 – Link Newly Created Group Policy Object
- Select domain under domains
- Right Click and Select ‘Link an Existing GPO’
Step 14 – Select GPO
- Select Argsoft_USB_Agent
- Click OK button
Step 15 – Linked GPO Will Be Shown Under The Domain Name
Step 16 – Select Newly Linked GPO Under The Domain Name
Now a group policy to install Argent for Security USB Monitoring Agent has been successfully created
Agent will be automatically installed on all machines in the domain upon restart
Please refer the following URL for redeployment and removal of the package:
https://support.microsoft.com/en-us/kb/816102
Resolution
N/A