Creating Deployment Packages
When you create an Ivanti Device and Application Control client deployment package, the Client Deployment tool copies the local client setup .MSI file and creates an .MST transform file that is linked to the .MSI file.
Before you can successfully create an Ivanti Device and Application Control client deployment package, you must:
- Have access to the LESClient.msi or LESClient64.msi file on the computer where you will deploy the client packages.
- If there is a firewall between the Client Deployment tool installed on the client computer and the targeted computer(s), you must verify that firewall ports are open.
- Synchronize the Application Server's system clock with the Ivanti Device and Application Control database server's system clock using the Microsoft Windows time service. See Time Service (https://docs.microsoft.com/en-GB/troubleshoot/windows-server/identity/configure-authoritative-time-server) for details about using the Microsoft Windows time service.
- Start the Windows Remote Registry service on the remote client computer.
- Have a valid digital certificate on the client computer that deploys the client and test the TLS connection to the Application Server.
Important: In Windows Server 2008 operating systems there is a security setting which blocks access to the admin$ share required for Client Deployment. When the following error message is received failed to start the remote registry service. Access is denied you must confirm the correct registry keys. Check the following registry keys:
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy? and change the DWORD entry to 1 to resolve the access to admin$ share problem.
- If the LocalAccountTokenFilterPolicy registry entry does not exist, then it has to be created.
The .MSI file contains the information necessary deploy the Ivanti Device and Application Control client to targeted computers.
- From the Ivanti Device and Application Control Client Deployment dialog, click New Package.
The New Packages dialog opens.
- To select deployment package, select the ellipses from the Source panel.
- In the Package panel, enter a name for the deployment package in the Name field.
- Click OK.
The Options - Ivanti Device and Application Control Installation Transform dialog opens.
Attention: The shaded options are only valid when are installing versions client lower than 4.3. These options are:
- Do not validate name or IP before installing - Provides an Application Server address or name that is not currently available but is accessible after deployment.
- Enable wireless LAN protection - An option available in 2.8 clients lower that is now deprecated by permissions rules.
If there is no sx-public.key file in your client setup folder, then the installation continues using the default public key.
The Client Deployment tool copies the selected public key to the appropriated folder for client deployment.
Tip: You may enter alternative port numbers, as necessary. When you do not specify fully qualified domain name(s) or IP address(es), the Ivanti Device and Application Control clients are deployed in a serverless mode.
NDIS enables Device Control to control 802.1x wireless adapters. If you do not need this protection, you may disable it here.
You will receive a confirmation message indicating whether the server connection is successful or not. If not, you follow the error resolution directions.
List the program with a “Remove button”
Displays the Ivanti Device and Application Control product name in the Add or Remove Program list in the Windows Control Panel with the Remove option.
List the program but suppress the “Remove button”
Displays the Ivanti Device and Application Control product name in the Add or Removes Program list in the Windows Control Panel without the Remove option.
Do not list the program
Does not display the Ivanti Device and Application Control product name in the Add or Remove Program list in the Windows Control Panel.
The client deployment package files are copied to the specified directory. The new deployment package is listed in the Packages panel of the Ivanti Device and Application Control Client Deployment dialog.
After Completing This Task:
Verify the location of the LESClient.mst file created in the deployment package folder you specified, by selecting Packages > Options from the Ivanti Device and Application Control Client Deployment dialog.