Security Controls

Performing a New Installation

Disconnected Networks

You can skip this section if you are not installing the console on a disconnected machine.

If you are installing the console on a machine that resides in a disconnected network and you are missing any of the prerequisite software, you must download the software from a connected machine and then manually install it on the disconnected console before you begin the installation process.

In addition, you must manually download the product core files and move the files to the disconnected machine.

1.Download the Security Controls executable file to the root directory on a connected machine.

2.On the connected machine, download the product core files by opening a command prompt and then typing the following command.

C:\>IvantiSecurityControls.exe /layout:OfflineFiles

This will create a C:\OfflineFiles folder that contains a copy of the Security Controls executable file plus a \Datafiles sub-folder that contains the related product core files.

3.Copy the entire contents of the C:\OfflineFiles folder to a portable device and move the files to the root directory on the disconnected machine.

4.On the disconnected machine, initiate the installation by double-clicking the Security Controls executable file that is located in the C:\OfflineFiles folder.

The installer will check if the C:\OfflineFiles\DataFiles sub-directory exists. If it does, it will automatically copy the contents of the \DataFiles folder to the proper locations in the C:\ProgramData directory.

See the following section for instructions on completing the installation process, beginning with Step 5.

For more disconnected network information, see:

Performing Windows Patching in a Disconnected Environment

How to Patch Disconnected Linux Machines

Installation Process

1.Begin the installation process by double-clicking the Security Controls executable file.

If you receive a prompt indicating that a reboot is required, click OK and the installation process will automatically resume after the reboot.

If you are missing any prerequisites they are displayed in the Setup dialog. If you are not missing any prerequisites you will skip Step 2 - Step 4 and go directly to the Welcome dialog described in Step 5.

2.If you are required to enter a user name and password each time you launch your browser and browse the Internet, enable the Proxy settings check box, click the link, and type the necessary credentials.

It may be necessary to specify a domain as part of your user name (for example: mydomain\my.name). These settings can be modified later by going to Tools > Options > Proxy.

It also may be necessary to modify your HTTP proxy information after the installation is complete. See HTTP Proxy Post Installation Notes for details.

3.Click the Install button to install any missing prerequisites.

A few of the prerequisites require a reboot after they are installed. In this case the installation program will request a system reboot before continuing. The installation program will restart automatically following the reboot.

4.(Conditional) If you were missing any prerequisites that required a reboot, to continue with the installation after the reboot click Install.

5.Read the information on the Welcome dialog and then click Next.

The license agreement is displayed. You must agree to the terms of the license agreement in order to install the program.  

6.To continue with the installation click Next.

The Destination Folder dialog is displayed.

7.If you want to change the default location of the program, click the browse button and choose a new location.

TIP: If you want a shortcut icon to be created and placed on your desktop, enable the Create a shortcut on the desktop check box.

When you are done, click Next. The Ready to install dialog is displayed.

8.To begin the installation click Install.  

Near the end of the installation process the Database Setup Tool dialog is displayed.

9.If you have a previously installed Security Controls database that you wish to use, select Use an existing database and then click Next. Otherwise, select Create a new database and then click Next.

A dialog similar to the following is displayed:

10.Use the boxes provided to define how users and services will access the SQL Server database.

Choose a database server and instance

Server name: You can specify a machine or you can specify a machine and the SQL Server instance running on that machine (for example: machinename\SQLExpress). If SQL Server is already installed, this box will be automatically populated with the local SQL Server instance name.

Database name: Specify the database name you want to use. The default database name is SecurityControls.

Choose how interactive users will connect to the database

Specify the credentials you want the program to use when a user performs an action that requires access to the database.

Integrated Windows Authentication: This is the recommended and default option. Security Controls will use the credentials of the currently logged on user to connect to the SQL Server database. The User name and Password boxes will be unavailable.

Specific Windows User: Select this option only if the SQL Server database is on a remote machine. This enables you to provide a specific Windows user name and password combination. This option will have no effect if the database is on the local (console) machine (see Supplying Credentials for more information about local machine credentials). All Security Controls users will use the supplied credentials when performing actions that require interaction with the remote SQL Server database.

SQL Authentication: Select this option to enter a specific SQL Server user name and password combination that will be used to log on to the specified SQL Server.

CAUTION! If you supply SQL authentication credentials and have not implemented SSL encryption for SQL connections, the credentials will be passed over the network in clear text.

Test Server Connection: To verify that the program can use the supplied interactive user credentials to connect to the SQL Server database, click this button.

Choose how services will connect to the database

Specify the credentials you want the background services to use when making the connection to the database. These are the credentials that the results importer, agent operations, and other services will use to log on to SQL Server and provide status information.

Use alternate credentials for console services:

If the SQL Server database is installed on the local machine you will typically ignore this option by not enabling this check box. In this case the same credentials and mode of authentication that you specified above for interactive users will be used.

You will typically only enable this check box if the SQL Server database is on a remote machine. When the database is on a remote machine you need an account that can authenticate to the database on the remote database server.

Authentication method: Available only if Use alternate credentials for console services is enabled.

Integrated Windows Authentication: Selecting this option means that the machine account will be used to connect to the remote SQL Server. The Kerberos network authentication protocol must be available in order to securely transmit the credentials. The User name and Password boxes will be unavailable.

If you choose Integrated Windows Authentication the installation program will attempt to create a SQL Server login for the machine account. If the account creation process fails, see SQL Server Post-Installation Notes for instructions on manually configuring a remote SQL Server to accept machine account credentials. Do this after you complete the Security Controls installation process but before you start the program.

Specific Windows User: Select this option to enter a specific Windows user name and password combination. Security Controls's background services will use these credentials to connect to the SQL Server database. This is a good fallback option if for some reason you have difficulties implementing integrated Windows authentication.

SQL Authentication: Select this option to provide a specific SQL Server user name and password combination for the services to use when logging on to SQL Server.

11.After providing all the required information, click Next.

If the installation program detects a problem with any of the specified credentials, an error message will be displayed. This typically indicates that a user account you specified does not exist. Make a correction and try again.

The program will create, link to, or upgrade the database. When the database operation is complete the Database Installation Complete dialog is displayed.

12.Click Next.

The Installation Complete dialog is displayed.

13.Click Finish.

The Completed dialog is displayed.

14.If you want to start Security Controls immediately, enable the Launch Security Controls check box and then click Finish; otherwise, just click Finish.

Related Topics

System Requirements

Obtaining the Software

Installing the Prerequisites

SQL Server Pre-Installation Notes

HTTP Proxy Post-Installation Notes

SQL Server Post-Installation Notes

Your Next Steps


Was this article useful?