3.1.2. Procedure – Installing Authentication Agent with Group Policy Object (GPO) deployment

Prerequisites: 

  • Create the necessary certificates as instructed in section Procedure 11.3.8.2, Creating certificates in Proxedo Network Security Suite 2 Administrator Guide.

  • Set the parameters for the AS certificate.

  • Export the CA certificate signed by AS in DER format for the Windows client.

Steps: 

  1. Download the .msi installer. The browser application or the Windows Defender Cloud might send a notification or a warning due to the new and unknown installer program, this can be disregarded.

  2. Install the Windows Client and import the CA certificate during the installation. Reboot the system, if it is necessary.

  3. Define the preferences with the help of the GUI or via the registry.

  4. Test the expected behaviour by initiating traffic.

  5. Export the following registries:

    • Export the HKEY_CURRENT_USER\Software\Balasys\AuthAgent registry to the hlcuaa.reg file, which contains the user settings for AA. The result shall be as follows:

      Windows Registry Editor Version 5.00
      
      [HKEY_CURRENT_USER\Software\Balasys]
      
      [HKEY_CURRENT_USER\Software\Balasys\AuthAgent]
      "HasPreferences"=dword:00000000
      "TLS"=dword:00000001
      "Automatic"=dword:00000001
      "Details"=dword:00000000
      "CanRemember"=dword:00000001
      "ForgetPassword"=dword:00000000
      "ForgetPasswordInterval"=dword:00000001
    • Export the HKEY_LOCAL_MACHINE\SOFTWARE\Balasys\AuthAgent, which contains the AA Multiplexer settings, into the hklmaa.reg file. The result shall be as follows:

      Windows Registry Editor Version 5.00
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Balasys]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Balays\AuthAgent]
      "InstallLang"="1033"

      The service private certificate store, used by the AA Multiplexer, can also be deployed as a registry key.

    • Export the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Cryptography\Services\auth-agent-mpxd registry to the hklmaacert.reg file. The result shall be as follows:

      Windows Registry Editor Version 5.00
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\
      SystemCertificates]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\
      SystemCertificates\My]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\
      SystemCertificates\My\Certificates]
      
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\
      SystemCertificates\MY\Certificates\6421DCB8501C2E1F15DB8BD3A94F435C01DB7CD3]
      "Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,64,21,dc,b8,50,1c,2e,1f,15,db,\
        ...
        ...
        ...
        ...
        ...
        64,0a,87,e9,45,99,04,9e,28,cb,c0,6c,2a,e5,c7,cb,ce,29,d8,b1,e1
      Note
      Note that there can be several empty paths created by the system automatically, which can be included safely.

    For further details on registries, see Section 4.1.1, Registry entries on Microsoft Windows platforms.

    As a result, there will be four registries exported.

  6. Switch to the GPO administrator system and download the AA msi flavor installer and place it in the Windows share where the other remotely installled applications are stored.

  7. Continue with the procedures detailed in section Procedure 4.1.5, Configuring Group Policy Object (GPO) deployment