Data Loss Prevention

 View Only

Deploy DLP Endpoint Agent By Active Directory GPO 

Jun 03, 2012 10:34 AM

To deploy DLP Endpoint Agent on an enterprise environment that already has Active Directory, you can create a mst file and use Group Policy Objects (GPO) to deploy the agent.

You need to the tool named ORCA to create the MST file.

Here are the steps:

1. Right click the AgentInstall.msi, select 'Edit with Orca'.

2. Choose 'Transform' menu, select 'New Transform':

3. Select 'Property' under the 'Tables' list:

4. Choose 'Tables' menu, select 'Add Row':

5. For the value of 'Property', type 'ENDPOINTSERVER', for the value of 'Value', type the hostname or IP address of the endpoint server:

6. Click 'OK' to add this row to the 'Property' table, so, the 'Property' table should look like this:

7. Choose 'Transform' menu, select 'Generate Transform':

An .mst file will be saved.

8. Create a bat file to use the msiexec command and use the mst file:

the command of the bat file looks like this:

msiexec /i \\dc\dlp\AgentInstall.msi TRANSFORMS=\\dc\dlp\AgentInstall.mst /q

9. Edit the Group Policy of the AD, select the bat script created on step 8 for the startup script:

Then, during the startup of the client machine, the DLP Endpoint Agent will be installed by the startup script:

Statistics
0 Favorited
38 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Feb 02, 2015 10:43 AM

It would seem we just need to add the new parameters to the Transform. I have not tested this using a .mst as shown in the steps above, but adding the following values the same way as you added the ENDPOINTSERVER as shown above, I think it may work. Here are the Properties that I know of that you can try adding via Orca:

 

ENDPOINTSERVER (shown above)

TOOLS_KEY

UNINSTALLPASSWORDKEY

ARPSYSTEMCOMPONENT

ENDPOINT_CERTIFICATE

ENDPOINT_PRIVATEKEY

ENDPOINT_PRIVATEKEY_PASSWORD

ENDPOINT_TRUSTSTORE

Jan 22, 2015 10:04 AM

I agree the 12.5.1 agent is much more of a pain to install. Any suggestions or methods anyone used to get this to install via GPO is greatly apprecaited.

Jan 05, 2015 03:37 AM

Hi Yang,

Can you please help us how to deploy DLP 12.5.1 agent through with AD ?? Since this time a lot of certificates are required for installation, i am not able to figure out how we do it for this version.

Thanks in advance..

Nov 25, 2013 02:19 AM

HI, it  not yet clear with me. since this is a startup script.

Please explain due to startup script will it installation process, every time when user login in?

 

or???

 

it will deploy just once, and is it okay to remove gpo, once there is an agent????

 

 

thaanks,

Oct 26, 2013 03:01 AM

Nice Artical ......With Steps

May 01, 2013 07:18 PM

Can you please tell me how to create the transform file to include the encryption key? Should I just add a row and use the Property of "encryption key" with a value of "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ?

Also can you write out the batch file that will check for an installed instance and then ignore installation if present?

I apologize as I am a noob to these Transform files.

Thanks!

 

Mar 27, 2013 11:20 PM

Really nice and helpful Article.

Mar 27, 2013 06:59 PM

Is there some way to add the uninstall password to the transform file?

How can we deploy this and also configure the uninstall password?

Dec 15, 2012 10:18 AM

good job. should put inside DLP document.

Dec 12, 2012 10:45 AM

ORCA - is that the utility from Microsoft Windows SDK?

Aug 15, 2012 04:47 PM

So does this install only once via GPO or does it check every time you start up?

Aug 12, 2012 10:34 AM

Good question.

The Startup Script is a part of the GPO, that's mean, this script will be deploy to the OU. So, all the machine under this OU will run this script to install the DLP agent.

And, here I just write a very simple script, you can add some if-then-else in the begining of the script to determine whether the DLP agent had been installed on this endpoint.

 

Aug 10, 2012 06:13 AM

BUt yang , Will it install DLp Agents on all machines. Please explian.And due to start up script will it installation precess every time when user loging.

Jun 27, 2012 02:07 PM

good

Related Entries and Links

No Related Resource entered.