Deploying the SDS Enterprise agent installation package on user workstations

There are two ways to deploy packages:

• Interactive mode: standalone mode using the .exe package. Click on the custom .exe package to launch the installation.
  Once you have entered the license key and accepted the license contract, you can install all the product features allowed by the license key.

• Silent mode: the installation requires no user interaction. This mode uses the .msi package. Refer to the requirements before installing the package. An administrator can then install the .msi package with the usual Windows Installer commands. If the package is not installed with administrator privileges, the installation will fail (error 1925).

To deploy the .msi package in silent mode, you can use the Windows Installer msiexec package editing tool or Microsoft Endpoint Configuration Manager.

To use the msiexec tool, the procedure is as follows:

1. Open a command line window as an administrator,

2. Enter the following command:

   msiexec /qn /i "<path>Stormshield Data Security 11.1" LICENCENUM=<licensenumber>

   <licensenumber> consists of 16 characters without spaces.

3. All the features allowed with the license will then be installed. The REMOVEproperty (refer to section Deploying the SDS Enterprise agent installation package on user workstations) allows you to restrict the features installed.
   Once the installation is complete, SDS Enterprise will automatically run every time you start Windows.

There are several variants to the command:

• /qn: installation without any window,
• /qn+: installation with a final confirmation window,
• /qb: installation with a window that shows a progress bar and estimated remaining time,
• /qb: installation with a window that shows a progress bar and estimated remaining time, and a final confirmation window.

NOTE
The /norestart command is not supported. To prevent the computer from restarting, create a .mst with the relevant options.

After having deployed the SDS Enterprise agent on user workstations via the .exe or .msi package, you must deploy the following files on the workstations so that the agents will apply your security policy:

• The signed policy file named policy.jwt,

• The certificate (public key) with which the signature of the policy can be verified. It must be named admin_policy.cer.

To deploy these files in their intended folders:

1. Save the signed policy file named policy.jwt in the folder named %programdata%\Stormshield\Stormshield Data Security, or replace it if it already exists.

2. Save the certificate named admin_policy.cer in the folder named C:\Programmes\Arkoon\Security BOX, or replace it if it already exists.

The REMOVE property can be used to restrict the number of features that the user is allowed to install, even when the license key allows other features.

For example, you can create several installation profiles with only one license key and one installation package.

Below is the list of possible values:

Code	Removed feature
SBoxFile	Stormshield Data File
SBoxShare	Stormshield Data Share (the Share feature is a Stormshield Data File sub-feature, which will be automatically deleted if Stormshield Data File is deleted)
SBoxDisk	Stormshield Data Virtual Disk
SBoxShredder	Stormshield Data Shredder
SBoxMailOutlookAddIn	Stormshield Data Mail
SBoxTeam	Stormshield Data Team
SBoxExtCarte	Stormshield Data Card Extension
SBoxSign	Stormshield Data Sign
SBoxConnector	Stormshield Data Connector

When setting the value of the REMOVE property, the features that you want to prevent the user from installing must be separated by a comma without any spaces.

For example, to install the .msi package by deleting Stormshield Data File and Stormshield Data Virtual Disk as features:

1. Open a command line window as an administrator,

2. Enter the following command:

   msiexec /i "<path>\ Stormshield Data Security 11.1" LICENCENUM=<SBOXLICENCENUM> REMOVE=SBoxFile,SBoxDisk