Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4618: How to silent install Centify Agent for Windows (DirectAuthorize)

Centrify DirectControl ,  

30 March,17 at 12:36 AM

Applies to: Centrify Agent for Windows (DirectAuthorize) version 3.x and above on all supported platforms.

Question:
Is it possible to silently install and/or join the Centrify Agent for Windows to a Zone automatically?

Answer:

Yes, we support silent installation, It can be done via GP deployment or passing the GP Deployment settings via the MSI Exec program.

Here is a sample:

Step 1) Pre-create the computer

Run Centrify's "New-CdmManagedComputer" PowerShell Cmdlet to do this:

Pre-create computers are done using the New-CdmManagedComputer Cmdlet (Precreate/Prepare is not an approved verb for PowerShell, so we use New instead).

It supports four different actions:

  1. Create a new AD computer and prepare for adjoin. Delegate the join permission to any AD account or self (self-service join).
  2. Using existing AD computer, prepare for adjoin. Delegate the join permission to any AD account or self (self-service join).
  3. Pre-create UNIX computer zone, optionally delegates the permission to an AD account.
  4. Pre-create Windows computer.


Step 2) Deployment 

Group Policy Deployment:

  1. Create software installation GPO with msi, select "Advanced" option, then go to "Modifications" tab page and add the "Group Policy Deployment.mst" file in the list (this file is located at the same location of msi). Please refer to screenshot 1 below.
  2. Link this GPO to a set of computers (e.g. computers in a OU), then pre-create these computers to a target zone in CDC console.
  3. Run gpupdate in client machine to apply the linked GPO, reboot the machine.
  4. At startup time, before user logon, it will install the msi and then automatically reboot the machine again to enable DZ agent settings.
  5. Logon to the machine, DZ agent is running in the pre-created zone in step 2.

OR

MSI Exec Program Deployment:

  1. To install the Centrify Agent for Windows silently and join the computer to a zone:
    1. Switch to the 'Centrify Windows Agent Msi' folder of the suite installation disk and run the following cmd:
msiexec /i "Centrify Windows Agent64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"

You can optionally modify Group Policy Deployment.mst to change or add additional registry settings during installation. 
  1. This will silently install the agents and automatically pick up the zone from the pre-created computer in step 1 and the computer will auto reboot at the end of this command.
 
  1. To install the Centrify Agent for Windows silently without joining the computer to a zone:
    1. Switch to the 'Centrify Windows Agent Msi' folder of the suite installation disk and run the following cmd:
msiexec /qn /i "Centrify Agent for Windows64.msi"
 
​​​NOTE:
  1. Starting in Suite 2016.1 (3.3.2) msiexec will only install Access by default. To install both Access and Audit features must set ADDLOCAL=ALL. For example:
msiexec /qn /i "Centrify Agent for Windows64.msi" ADDLOCAL=ALL
  1. For reference please refer to our Windows Admin Guide.
  2. Step 1 is important to pre-create a computer object before joining it to a zone. This is about zone planning/administration, only zone administrators can pre-create/join the computer to a zone.
  3. The relative path cannot be used when selecting the msi package.
  4. To avoid the mass deployment failure, please use PowerShell cmdlet "New-CdmManagedComputer" (in component of "Centrify DirectManage - Access Module for PowerShell") to pre-create the computer in script before activating the GP deployment policy on the newly created machines., e.g.
New-CdmManagedComputer -Zone <zone_dn> -WindowsComputer <computer_dn>
 
For more details about PowerShell please refer to following admin guide:
https://docs.centrify.com/en/css/suite2016/centrify-win-powershell-guide.pdf
 
 
 
​​
Screenshot 1:
User-added image


 

Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.