Install and Configure the Client

Using the Microsoft Target Designer, you can configure the Ivanti Device and Application Control Client for use on Windows Embedded.

Prerequisites:

  • Verify that you satisfy the minimum hardware and software system requirements.
  • Install the Application Server.
  • Install the Management Console.

To install the Ivanti Device and Application Control Client:

  1. Create an image.
  2. Install the image on the device.

To add the Ivanti Device and Application Control Client to your image:

  1. Import the Ivanti Device and Application Control Client SLD into the component database server using the Import functionality of the Microsoft Component Database Manager.
  2. Launch the Microsoft Target Designer.
  3. Add the Ivanti Device and Application Control Client SLD to your target image.

    1. Using the Microsoft Target Designer 's search tool, search for the Ivanti Device and Application Control Client SLD.
    2. Once found, double-click the Ivanti Device and Application Control Client SLD to add it to your project.
  4. Browse to and locate the Ivanti Device and Application Control Client Settings.
  5. Enter the fully qualified domain name(s) or IP address(es) for the Application Server(s) installed in your environment.
    1. Within the SXS name (or IP Address) field, type the Application Server's IP Address or fully qualified domain name.
    2. Within the Port field, type the Application Server's port (Default = 65129).
  6. Select the desired Encrypted Communication option.
  7. Option

    Description

    Server is using unencrypted protocol

    Communication between Application Server(s) and the Ivanti Device and Application Control Client and is not encrypted but is still signed using the private key. This is, essentially, a legacy communication protocol and not recommended for high security installations.

    Authentication certificate will be copied manually (The certificate will have to be placed manually on the target image)

    Manual mode using TLS communication: The administrator generates and provides the machine certificate used in all communications. All communication between Ivanti Device and Application Control Client and Application Server(s) is encrypted. This mode is used when there is no Certification Authority installed in the network or cannot be reached when doing the client installation. The machine certificate has to be created by a user (usually the administrator) who already possess a certificate good for issuance and trusted as a root or intermediate Certificate Authority by the Application Server. This authorized user has to be physically present at the machine to create this certificate.

    Authentication certificate will be automatically retrieved from a CA

    Automatic mode using TLS communication: The program asks for the certificate to one of the selected Certificate Authorities. This certificate must be good for issuance and trusted as a root or intermediate Certificate Authority by the Application Server. All communication between Ivanti Device and Application Control Client and Application Server(s) is encrypted. You do not need a Certificate Authority at this point, but it will be required when first starting the client(s) since the program request a machine certificate. The user who has the rights to create machine's certificates does not have to be physically present at the machine to do the installation if this mode is selected.

    You should use automatic mode when your organization has already deployed a Certificate Authority infrastructure and the Ivanti Device and Application Control servers and clients are part of it. Thus making the deployment of the Client using TLS completely transparent with no additional action required. When it is not possible to use this mode, then you should turn to the manual mode, as the semi-automatic mode is not available when installing the Client on Windows Embedded.

  8. If desired, select the Do not use NDIS Feature option to disable NDIS support.
  9. NDIS enables Device Control to control 802.1x wireless adapters. If you do not need this protection, you may disable it here.

After Completing This Task:

  • Continue using the Microsoft Target Designer to complete the image.
  • When the image is complete, save the image and then mount the image to your target device.

Tip: Refer to https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ee504814(v=winembedded.70) for additional information.