Installing the TS Agent

This section explains how to install the TS Agent, either manually or through a Microsoft GPO.

Installing the TS Agent manually

  1. Open an administrator session on the server on which the TS Agent will be installed.
  2. Upload the .msi installation file that was downloaded earlier.
  3. Double-click on the file to run the installation.
  4. Click on Run then on Next.
  5. In the installation program, in the Account type window, select the account used to run this service (Local system account or Account dedicated to the service).

  6. In the Encryption key window, enter and confirm the pre-shared key defined on the firewall for this TS Agent instance (see Creating TS Agents).

    NOTE
    If the agent is being reinstalled, you can select the checkbox Use existing configuration to keep the pre-shared key and custom values in settings from the previous version of the TS Agent installed on the server.

  7. In the Ready to install Stormshield TS Agent window, click on Install.

  8. The server has to be restarted to finalize the installation of the TS Agent. If you do not restart the server immediately, remember to schedule it in order to use the TS Agent.

NOTE
Before restarting the server, you can run a script, which analyzes any ports that may be in conflict with the TS Agent, and which adds them to its settings to reserve them for system operations. As such, these ports cannot be assigned to any user. This script can be used later, but the server will need to be restarted again. For further information, refer to the section Appendix: Using script to configure ports that are reserved for system operations

Installing the TS Agent through a Microsoft GPO

In a Microsoft Active Directory environment, the TS Agent can be automatically deployed through a GPO (Group Policy Objects). This deployment is a two-step process.

Creating an MST package containing the arguments required for deploying the TS Agent

An MST package must first be created to include the following arguments required for deploying the TS Agent:

  • PKEY_VALUE, which specifies the pre-shared key (PSK) required for communication between the TS Agent the and the firewall,
  • REBOOT, set to Force to restart the server at the end of the installation.

A third-party tool has to be used to create the MST package. The procedure described below uses the Microsoft Orca tool available in the components of the Microsoft Windows Installer software development kit (SDK).

  1. Copy the TS Agent installation program (.msi file) downloaded earlier in a shared folder that can be accessed by the Microsoft Active Directory domain controller and the RDS/Citrix servers.
  2. On a machine equipped with the Microsoft Orca tool (administrator workstation, Microsoft Active Directory controller, etc.) and which can access the shared folder, right-click on the TS Agent's MSI package, and select Edit with Orca.
  3. Click on Transform > New transform and select the TS Agent's msi package.
  4. Select the Property table.
  5. To specify the pre-shared key required for communication between the TS Agent and the SNS firewall:
    1. Right-click and choose Add Row.
    2. In the Property field, enter PKEY_VALUE.
    3. In the Value field, indicate the value of the pre-shared key.
    4. Click on OK.
  6. To restart the server when the installation of the TS Agent is complete:
    1. Right-click and choose Add Row.
    2. In the Property field, enter REBOOT.
    3. In the Value field, enter Force.
    4. Click on OK.
  7. Click on Transform > Generate Transform.
  8. Choose a name for the MST package and save it in the same folder as the TS Agent MSI installation package.
  9. Close the Orca editor by clicking on File > Exit.

Creating the GPO to deploy the TS Agent MSI and MST packages

As soon as the MST package is created, you can create the GPO to deploy the TS Agent MSI and MST packages.

On the Microsoft Active Directory domain controller on which the GPO is to be created:

  1. Run the server manager.
  2. In the upper menu bar, click on Tools, then on Group Policy Management.
  3. In the list on the left, right-click on the Microsoft Active Directory domain name and select Create a GPO in this domain, and link it here...
  4. Name the GPO and confirm by clicking on OK (e.g., TS Agent).
  5. In the list on the left, right-click on the name of the GPO that you have just created, and select Edit.
    The GPO editing window opens.
  6. In the menu to the left of the GPO, expand the menu Computer Configuration > Policies > Software Settings.
  7. Right-click on Software installation and select New > Package. Select the TS Agent MSI installation package.
  8. Select Advanced mode and click on OK.
    The GPO editing window opens.
  9. Rename this installation instance if necessary, by adding the TS Agent version number, for example.
  10. In the Changes tab, click on Add. , select the MST package that was created earlier and click on Open. The MST package selected is now associated with the TS Agent installation GPO.
  11. Confirm by clicking on OK.

The TS Agent installation package is now ready to be deployed on machines in the Microsoft Active Directory domain.

The GPO will apply the next time the machines in question are restarted (RDS/Citrix servers).