Deciding to install with or without joining the computer to a zone

Before you begin a silent installation, you should decide whether you will wait until later to join the computer to a zone, or join the computer to a zone as part of the installation procedure.

If you install without joining a zone during installation:

See Installing silently by using the Microsoft Windows Installer for details about the registry settings that you can configure manually after the installation finishes.

See Installing silently without joining a zone for details about performing the installation.

If you install and join a zone during installation:

You use a transform (MST) file that is provided with Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service to configure a default set of agent-specific registry keys during the silent installation.

You can optionally edit the MST file before performing the installation to customize agent-specific registry settings for your environment.

You can optionally use the agent configuration control panel or the registry editor to configure registry settings after the installation finishes.

See Installing silently by using the Microsoft Windows Installer for details about the registry settings that you can configure by editing the MST file.

See Installing silently by using the Microsoft Windows Installer for details about how to edit the MST file before you perform the installation.

See Installing and joining a zone silently for details about performing the installation.

Installing silently without joining a zone

This section describes how to install the agent silently without joining the computer to a zone. This procedure includes configuring registry settings manually using the registry editor or a third-party tool.

Note:   To install the agent and join the computer to a zone during installation, see Installing and joining a zone silently for more information.

Check prerequisites:

  1. Verify that the computers where you plan to install meet the prerequisites described in Verify prerequisites. If prerequisites are not met, the silent installation will fail.
  2. If you are installing audit and monitoring service, verify that the following tasks have been completed:
    1. Installed and configured the SQL Server management database and the SQL Server audit store database.

    2. Installed and configured one or more collectors.

    3. Configured and applied the Centrify DirectAudit Settings group policy that specifies the installation name.

To install the Centrify Agent for Windows silently without joining the computer to a zone:

  1. Open a Command Prompt window or prepare a software distribution package for deployment on remote computers.

    For information about preparing to deploy software on remote computers, see the documentation for the specific software distribution product you are using. For example, if you are using Microsoft System Center Configuration Manager (SCCM), see the Configuration Manager documentation.

  2. Run the installer for the Centrify Agent for Windows package. For example:
    msiexec /qn /i "Centrify Agent for Windows64.msi"

    By default, none of the services are enabled.

  3. Use the registry editor or a configuration management product to configure the registry settings for each agent.

    For example, under HKEY_LOCAL_MACHINE\Software\Centrify\DirectAudit\Agent, you could set the DiskCheckThreshold key to a value other than the default value of 10%.

To install the Centrify Agent for Windows and add a computer to a zone during installation:

  1. Prepare a computer account in the appropriate zone using Access Manager or the PowerShell command New-CdmManagedComputer.
  2. You will use the default transform file Group Policy Deployment.mst in Step 3 to update the MSI installation file so that the computer is joined to the zone in which it was pre-created in Step 1. You can optionally modify Group Policy Deployment.mst to change or add additional registry settings during installation.

    If you want to edit Group Policy Deployment.mst to change or add additional registry settings and have not yet done so, edit it now as described in Installing silently by using the Microsoft Windows Installer.

    In order for the computer to join the zone from Step 1, the Group Policy Deployment.mst file must specify the GPDeployment property with a value of 1.

  3. Run the following command:

    msiexec /i "Centrify Agent for Windows64.msi" /qn TRANSFORMS="Group Policy Deployment.mst"

Installing and joining a zone silently

This section describes how to install the agent and join the computer to a zone at the same time. The procedure described here includes the following steps in addition to executing the MSI file:

  • You first prepare (pre-create) the Windows computer account in the appropriate zone.

You execute an MST file together with the MSI file to join the computer to a zone and configure registry settings during the installation.