Deploying the SDS Enterprise agent installation package on user workstations
To deploy the SDS Enterprise agent installation package on user workstations, you can choose either an interactive or silent installation. You can also choose the features to be deployed.
After the agents are deployed, you must deploy the signed security policy file and the peer certificate on user workstations in the folders indicated below, so that the SDS Enterprise agents will apply your security policy.
You must hold administrator privileges on the computer in order to deploy the SDS Enterprise agent.
NOTE
Before installing the Stormshield Data Mail feature, ensure that your appliance pool uses a Windows version compatible with SDS Enterprise. For more information on compatibility, refer to the section
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
There are two ways to deploy packages:
- Interactive mode: standalone mode using the .exe package. Click on the custom .exe package to launch the installation.
Once you have entered the license key and accepted the license contract, you can install all the product features allowed by the license key.
- Silent mode: the installation requires no user interaction. This mode uses the .msi package. Refer to the requirements before installing the package. An administrator can then install the .msi package with the usual Windows Installer commands. If the package is not installed with administrator privileges, the installation will fail (error 1925).
To deploy the .msi package in silent mode, you can use the Windows Installer msiexec package editing tool or Microsoft Endpoint Configuration Manager.
To use the msiexec tool, the procedure is as follows:
-
Open a command line window as an administrator,
-
Enter the following command:
msiexec /qn /i "<path>Stormshield Data Security 11.1" LICENCENUM=<licensenumber>
<licensenumber>
consists of 16 characters without spaces. -
All the features allowed with the license will then be installed. The
REMOVE
property (refer to section Deploying the SDS Enterprise agent installation package on user workstations) allows you to restrict the features installed.
Once the installation is complete, SDS Enterprise will automatically run every time you start Windows.
There are several variants to the command:
/qn
: installation without any window,/qn+
: installation with a final confirmation window,/qb
: installation with a window that shows a progress bar and estimated remaining time,/qb
: installation with a window that shows a progress bar and estimated remaining time, and a final confirmation window.
NOTE
The /norestart
command is not supported. To prevent the computer from restarting, create a .mst with the relevant options.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
After having deployed the SDS Enterprise agent on user workstations via the .exe or .msi package, you must deploy the following files on the workstations so that the agents will apply your security policy:
-
The signed policy file named policy.jwt,
-
The certificate (public key) with which the signature of the policy can be verified. It must be named admin_policy.cer.
To deploy these files in their intended folders:
-
Save the signed policy file named policy.jwt in the folder named %programdata%\Stormshield\Stormshield Data Security, or replace it if it already exists.
- Save the certificate named admin_policy.cer in the folder named C:\Programmes\Arkoon\Security BOX, or replace it if it already exists.
![Closed](../../Skins/Default/Stylesheets/Images/transparent.gif)
The REMOVE
property can be used to restrict the number of features that the user is allowed to install, even when the license key allows other features.
For example, you can create several installation profiles with only one license key and one installation package.
Below is the list of possible values:
Code |
Removed feature |
---|---|
SBoxFile |
Stormshield Data File |
SBoxShare | Stormshield Data Share (the Share feature is a Stormshield Data File sub-feature, which will be automatically deleted if Stormshield Data File is deleted) |
SBoxDisk |
Stormshield Data Virtual Disk |
SBoxShredder |
Stormshield Data Shredder |
SBoxMailOutlookAddIn |
Stormshield Data Mail |
SBoxTeam |
Stormshield Data Team |
SBoxExtCarte |
Stormshield Data Card Extension |
SBoxSign |
Stormshield Data Sign |
SBoxConnector | Stormshield Data Connector |
When setting the value of the REMOVE
property, the features that you want to prevent the user from installing must be separated by a comma without any spaces.
For example, to install the .msi package by deleting Stormshield Data File and Stormshield Data Virtual Disk as features:
-
Open a command line window as an administrator,
-
Enter the following command:
msiexec /i "<path>\ Stormshield Data Security 11.1" LICENCENUM=<SBOXLICENCENUM> REMOVE=SBoxFile,SBoxDisk