Security Controls

Agents Options

The Agents Options dialog allows you to specify whether manual agent installations will be permitted and the passphrase that must be used during the agent registration process.

Enable passphrase in manual Agent installations

If enabled, indicates that manual installation of an agent is permitted and that a passphrase will be used to authenticate the agent to the console. Users will be required to specify a matching passphrase during the agent registration process.

If not enabled, indicates that manual installation of an agent is not permitted.

Passphrase

If the Enable passphrase in manual Agent installations check box is enabled, type the passphrase you want users to use during the manual agent installation process. The passphrase can be any number of words or characters and is case-sensitive.

Confirm

Retype the same passphrase in this box to confirm the passphrase.

Save script to file

To copy the custom script to a file, click this button. The file will be saved as a .ps1 file. You can then move the file to the remote machine and run it from within a Windows PowerShell ISE console.

Copy script to clipboard

To copy the custom script to the clipboard on the console machine, click this button. You might choose this option if you want to email the script to one or more users.

Open DataFiles directory

To open the File Explorer folder that contains the STPlatformUpdater.exe file, click this button.

Using the Custom PowerShell Script

If you permit manual installation of your agents, you must provide a secure connection between each remote agent machine and the console by importing the issuing certificate to each remote machine. You can do this yourself or you can use the provided PowerShell setup script to automatically perform these steps for you.

The PowerShell script will automatically:

Copy the ST Root Authority certificate to the current user's Trusted Root Authority certificate store on the remote machine

The default Security Controls self-signed certificate is contained within the script and that is what gets copied to the remote machine. If you replace this certificate you will need to update the script.

Install the agent using the policy and passphrase parameters that you provide

Steps you must perform:

1.Using the Save script to file or Copy script to clipboard buttons, save the PowerShell script to a local or network folder.

2.Using the Open DataFiles directory button, save the agent installer program (STPlatformUpdater.exe) to the same local or network folder.

3.Transfer the PowerShell script and the agent installer program to your remote machine.

4.Initiate the PowerShell script on the remote machine using a command similar to the folowing:

c:\temp>PowerShell -File .\InstallAgent.ps1 -Policy "Test Policy" -Passphrase "My secure passphrase"

 

 


Was this article useful?