Before you begin a silent installation, you should decide whether you will wait until later to join the computer to a zone, or join the computer to a zone as part of the installation procedure.
See Installing silently by using the Microsoft Windows Installer for details about the registry settings that you can configure manually after the installation finishes.
See Installing silently without joining a zone for details about performing the installation.
You use a transform (MST) file that is provided with Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service to configure a default set of agent-specific registry keys during the silent installation.
You can optionally edit the MST file before performing the installation to customize agent-specific registry settings for your environment.
You can optionally use the agent configuration control panel or the registry editor to configure registry settings after the installation finishes.
See Installing silently by using the Microsoft Windows Installer for details about the registry settings that you can configure by editing the MST file.
See Installing silently by using the Microsoft Windows Installer for details about how to edit the MST file before you perform the installation.
See Installing and joining a zone silently for details about performing the installation.
This section describes how to install the agent silently without joining the computer to a zone. This procedure includes configuring registry settings manually using the registry editor or a third-party tool.
Note: To install the agent and join the computer to a zone during installation, see Installing and joining a zone silently for more information.
- Verify that the computers where you plan to install meet the prerequisites described in Verify prerequisites. If prerequisites are not met, the silent installation will fail.
- If you are installing audit and monitoring service, verify that the following tasks have been completed:
Installed and configured the SQL Server management database and the SQL Server audit store database.
Installed and configured one or more collectors.
Configured and applied the Centrify DirectAudit Settings group policy that specifies the installation name.
To install the Centrify Agent for Windows silently without joining the computer to a zone:
- Open a Command Prompt window or prepare a software distribution package for deployment on remote computers.
For information about preparing to deploy software on remote computers, see the documentation for the specific software distribution product you are using. For example, if you are using Microsoft System Center Configuration Manager (SCCM), see the Configuration Manager documentation.
- Run the installer for the Centrify Agent for Windows package. For example:
msiexec /qn /i "Centrify Agent for Windows64.msi"
By default, none of the services are enabled.
- Use the registry editor or a configuration management product to configure the registry settings for each agent.
For example, under
HKEY_LOCAL_MACHINE\Software\Centrify\DirectAudit\Agent, you could set the
DiskCheckThresholdkey to a value other than the default value of 10%.
To install the Centrify Agent for Windows and add a computer to a zone during installation:
- Prepare a computer account in the appropriate zone using Access Manager or the PowerShell command
- You will use the default transform file
Group Policy Deployment.mstin Step 3 to update the MSI installation file so that the computer is joined to the zone in which it was pre-created in Step 1. You can optionally modify
Group Policy Deployment.mstto change or add additional registry settings during installation.
If you want to edit
Group Policy Deployment.mstto change or add additional registry settings and have not yet done so, edit it now as described in Installing silently by using the Microsoft Windows Installer.
In order for the computer to join the zone from Step 1, the
Group Policy Deployment.mstfile must specify the
GPDeploymentproperty with a value of
- Run the following command:
msiexec /i "Centrify Agent for Windows64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"
This section describes how to install the agent and join the computer to a zone at the same time. The procedure described here includes the following steps in addition to executing the MSI file:
- You first prepare (pre-create) the Windows computer account in the appropriate zone.
You execute an MST file together with the MSI file to join the computer to a zone and configure registry settings during the installation.