KBI 311320 How To Deploy Argent for Security USB Monitoring Agent Through Active Directory Group Policy

Version

Argent for Security all versions

Date

Thursday, 3 December 2015

Summary

Argent for Security is using an Agent for USB monitoring on remote machines

In order for the ease of deployment Argent provides this agent in a MSI package which can be easily deployed by setting a Group Policy in the Active Directory

This document explains the step by step instructions to deploy Argent for Security USB Monitoring Agent

To download ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP tool:

Download ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP

Technical Background

Deployment Of Argent for Security USB Monitoring Agent On A Windows 2008 Server

Step 1 – Single Click To Create Argent for Security USB Agent MSI Package

The USB agent must be provided with Argent for Security Main Engine name for its functioning

When the Agent is deployed as an MSI package through Active Directory Group Policy, an unattended installation – without the user key in the Argent Main Engine name – is preferred

To accomplish this, the MSI package is created on the fly with a single click command file

Following are the steps to make the MSI Package on the fly

  1. Please copy ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.ZIP’ file to the folder “C:\Temp”
  2. Extract the zip file using ‘Extract Here’
  3. This will create a folder “C:\Temp\ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER” as shown below



    Click For Full Size

    Please edit the “ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.CMD”

    Replace the string “###MAIN_ENGINE_NAME###” with the Argent for Security Main Engine name

    Note: Please change only the text marked in red as shown above

    There is one more such string in the script which is used for validation purpose

    Please do not change it

  4. Execute the script ‘ARGENT_FOR_SECURITY_USB_AGENT_MSI_MAKER.CMD’ using the option ‘Run As Administrator’ as shown below



    Click For Full Size

  5. Multiple console windows appear as shown below
  6. When the CMDs exit, ‘ARGSOFT_USB_AGENT.msi’ will be created in the same folder as shown below



    Click For Full Size

    Use this MSI package for deployment

Step 2 – Create A Distribution Point

Follow the succeeding steps to create a distribution point which is a shared folder in the domain server

  • Log on to the server as an Administrator
  • Create a folder called ‘Argsoft_USB_Agent’
  • Share the folder
  • Set permissions on the share to allow access to the distribution package
  • Copy the MSI package to the distribution point




Click For Full Size

Step 3 – Open Group Policy Management Console

Start -> Administrative Tools -> Group Policy Management




Click For Full Size

Step 4 – Add New Group Policy

  • Select Group Policy Object
  • Right Click and Select ‘New’ from the popup menu




Click For Full Size

Step 5 – Name The New Group Policy Object

  • Name new group policy object as ‘Argsoft_USB_Agent’ and Click OK




Click For Full Size

Step 6 – Configure New Group Policy Object

  • Select Argsoft_USB_Agent under Group Policy Objects
  • Right Click and Select Edit from the popup menu




Click For Full Size

Step 7 – Configure Using Group Policy Management Editor

  • Select Software Installation under Computer Configuration – >Software Settings



Click For Full Size

Step 8 – Add Package

  • Right Click and Select ‘New – > Package’ from popup menu




Click For Full Size

Step 9 – Set The Path Of The Distribution Point

Please note that you must specify the UNC path of the shared installer package that you want

For example, \\Server\Argsoft_USB_Agent\ARGSOFT_USB_AGENT.MSI




Click For Full Size

Step 10 – Select ‘Advanced’ In Deploy Software




Click For Full Size

Step 11 – Configure Deployment Screen

  • Select ‘Assigned’ in Deployment Type
  • Check ‘Uninstall the application when it fails out of the scope of management’
  • Click OK button




Click For Full Size

Step 12 – Configure Newly Created Group Policy Object

  • Activate Group Policy Management Console




Click For Full Size

Step 13 – Link Newly Created Group Policy Object

  • Select domain under domains
  • Right Click and Select ‘Link an Existing GPO’




Click For Full Size

Step 14 – Select GPO

  • Select Argsoft_USB_Agent
  • Click OK button




Click For Full Size

Step 15 – Linked GPO Will Be Shown Under The Domain Name




Click For Full Size

Step 16 – Select Newly Linked GPO Under The Domain Name




Click For Full Size

Now a group policy to install Argent for Security USB Monitoring Agent has been successfully created

Agent will be automatically installed on all machines in the domain upon restart

Please refer the following URL for redeployment and removal of the package:

https://support.microsoft.com/en-us/kb/816102

Resolution

N/A