6.1.2. Procedure – Installing Authentication Agent with Group Policy Object (GPO) deployment
Prerequisites:
Create the necessary certificates as instructed in section Procedure 11.3.8.2, Creating certificates in Proxedo Network Security Suite 2 Administrator Guide.
Set the parameters for the AS certificate.
Export the CA certificate signed by AS in
DERformat for the Windows client.
Steps:
Download the .msi installer. The browser application or the Windows Defender Cloud might send a notification or a warning due to the new and unknown installer program, this can be disregarded.
Install the Windows Client and import the CA certificate during the installation. Reboot the system, if it is necessary.
Define the preferences with the help of the GUI or via the registry.
Test the expected behaviour by initiating traffic.
Export the following registries:
Export the
HKEY_CURRENT_USER\Software\Balasys\AuthAgentregistry to the hlcuaa.reg file, which contains the user settings for AA. The result shall be as follows:Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Balasys] [HKEY_CURRENT_USER\Software\Balasys\AuthAgent] "HasPreferences"=dword:00000000 "TLS"=dword:00000001 "Automatic"=dword:00000001 "Details"=dword:00000000 "CanRemember"=dword:00000001 "ForgetPassword"=dword:00000000 "ForgetPasswordInterval"=dword:00000001
Export the
HKEY_LOCAL_MACHINE\SOFTWARE\Balasys\AuthAgent, which contains the AA Multiplexer settings, into the hklmaa.reg file. The result shall be as follows:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Balasys] [HKEY_LOCAL_MACHINE\SOFTWARE\Balays\AuthAgent] "InstallLang"="1033"
The service private certificate store, used by the AA Multiplexer, can also be deployed as a registry key.
Export the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Cryptography\Services\auth-agent-mpxdregistry to the hklmaacert.reg file. The result shall be as follows:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\ SystemCertificates] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\ SystemCertificates\My] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\ SystemCertificates\My\Certificates] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\auth-agent-mpxd\ SystemCertificates\MY\Certificates\6421DCB8501C2E1F15DB8BD3A94F435C01DB7CD3] "Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,64,21,dc,b8,50,1c,2e,1f,15,db,\ ... ... ... ... ... 64,0a,87,e9,45,99,04,9e,28,cb,c0,6c,2a,e5,c7,cb,ce,29,d8,b1,e1
Note Note that there can be several empty paths created by the system automatically, which can be included safely.
For further details on registries, see Section 4.1.1, Registry entries on Microsoft Windows platforms in Authentication Agent Manual.
As a result, there will be four registries exported.
Switch to the GPO administrator system and download the AA
msi flavorinstaller and place it in the Windows share where the other remotely installled applications are stored.Continue with the procedures detailed in section Procedure 4.1.5, Configuring Group Policy Object (GPO) deployment in Authentication Agent Manual
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu
