Deploy the SDS Enterprise agent installation package and a custom security policy to user workstations
To deploy the SDS Enterprise agent installation package to user workstations, you can choose either interactive or silent installation. You can also choose the features to be deployed.
After deploying the agents, you will need to deploy the signed custom security policy file and corresponding certificate to the users' workstations, in the folders shown below, so that the SDS Enterprise agents apply your security policy.
You must hold administrator privileges on the computer in order to deploy the SDS Enterprise agent.
NOTE
Before installing the Stormshield Data Mail feature, ensure that your appliance pool uses a Windows version compatible with SDS Enterprise. For more information on compatibility, refer to the section
Downloading SDS Enterprise agent installation packages from SDMC-
Select the Downloads menu on the left.
-
At the top, select the .msi or .exe package in the language of your choice:
-
.exe: Standalone package allowing the solution and its requirements to be installed in interactive mode. The package contains a default security policy, used if you do not deploy your own security policy.
-
.msi: Package allowing the product to be installed in silent mode. The package contains a default security policy, used if you do not deploy your own security policy.
-
-
Download the package and then see the next section to deploy it.
The links on the download page redirect you to the MyStormshield client area. By default, the latest available version of the agent will be downloaded. If you wish to download a previous version, go directly to your MyStormshield space.
Deploying the installation package
There are two ways to deploy packages:
- Interactive mode: standalone mode using the .exe package. Click on the custom .exe package to launch the installation.
Once you have entered the license key and accepted the license contract, you can install all the product features allowed by the license key.
- Silent mode: the installation requires no user interaction. This mode uses the .msi package. Refer to the requirements before installing the package. An administrator can then install the .msi package with the usual Windows Installer commands. If the package is not installed with administrator privileges, the installation will fail (error 1925).
To deploy the .msi package in silent mode, you can use the Windows Installer msiexec package editing tool or Microsoft Endpoint Configuration Manager.
To use the msiexec tool, the procedure is as follows:
-
Open a command line window as an administrator,
-
Enter the following command:
msiexec /qn /i "<path>Stormshield Data Security 11.3" LICENCENUM=<licensenumber>
<licensenumber>consists of 16 characters without spaces. -
All the features allowed with the license will then be installed. The
REMOVEproperty (refer to section Deploy the SDS Enterprise agent installation package and a custom security policy to user workstations) allows you to restrict the features installed.
Once the installation is complete, SDS Enterprise will automatically run every time you start Windows.
There are several variants to the command:
/qn: installation without any window,/qn+: installation with a final confirmation window,/qb: installation with a window that shows a progress bar and estimated remaining time,/qb: installation with a window that shows a progress bar and estimated remaining time, and a final confirmation window.
NOTE
The /norestart command is not supported. To prevent the computer from restarting, create a .mst with the relevant options.
Deploying a signed custom security policy file and corresponding certificate
After deploying the SDS Enterprise agent to the users' workstations via the .exe package or the .msi package, you can deploy the following files to the workstations so that the agents apply your own security policy:
-
The signed policy file named policy.jwt,
-
The certificate (public key) with which the signature of the policy can be verified. It must be named admin_policy.cer.
To deploy these files in their intended folders:
-
Save the signed policy file named policy.jwt in the folder named %programdata%\Stormshield\Stormshield Data Security, or replace it if it already exists.
- Save the certificate named admin_policy.cer in the folder named C:\Programmes\Arkoon\Security BOX, or replace it if it already exists.
Selecting the features to install
You can use the REMOVE property to restrict user-installed features, even if the license key allows others.
Applying this property means, for example, that you can have different installation profiles while using a single licence key and a single installation package.
Below is the list of possible values:
|
Code |
Removed feature |
|---|---|
|
SBoxFile |
Stormshield Data File |
| SBoxShare | Stormshield Data Share (the Share feature is a Stormshield Data File sub-feature, It is therefore automatically deleted if Stormshield Data File is deleted) |
|
SBoxDisk |
Stormshield Data Virtual Disk |
|
SBoxShredder |
Stormshield Data Shredder (the Shredder feature requires the installation of Stormshield Data File to work) |
|
SBoxMailOutlookAddIn |
Stormshield Data Mail |
|
SBoxTeam |
Stormshield Data Team |
|
SBoxExtCarte |
Stormshield Data Card Extension |
|
SBoxSign |
Stormshield Data Sign |
| SBoxConnector | Stormshield Data Connector |
When setting the value of the REMOVE property, the features that you want to prevent the user from installing must be separated by a comma without any spaces.
For example, to install the .msi package by deleting Stormshield Data File and Stormshield Data Virtual Disk as features:
-
Open a command line window as an administrator,
-
Enter the following command:
msiexec /i "<path>\ Stormshield Data Security 11.3" LICENCENUM=<SBOXLICENCENUM> REMOVE=SBoxFile,SBoxDisk