5.2 Installing Windows Agents

You can install Windows agents in the following ways:

  • Remotely install agents using the Agent Manager. For more information, see Remote Installation.

  • Manually install the agent on a local computer. For more information, see Manual Installation.

NOTE:Agent Manager and the Windows agents will be in FIPS mode by default.

For information about requirements and recommendations for computers where you plan to install the agent, see the Technical Information page.

5.2.1 Remote Installation

Remote installation using the Agent Manager provides a convenient and uniform method for installing one or more Windows agent.

To remotely install agents, you must first add the assets (computers) where you want to install agents. You can import assets from Active Directory or a text file, or manually add assets. After you add assets, select the assets to which you want to deploy agents and then install the agents.

To add assets to Agent Manager:

  1. From Change Guardian main click, Integration > Agent Manager.

  2. Do one of the following:

    • (Conditional) If you have not previously added assets, in Agent Manager, under Asset Groups, click All Assets and then click Add Assets.

    • (Conditional) If you previously added assets, in Agent Manager, click All Assets, then Manage Assets, and then Add.

  3. (Conditional) If you want to import assets from Active Directory, complete the following:

    1. Click Active Directory.

    2. Provide the domain name or IP address of the Active Directory server and credentials for connecting to the server, and then click Authenticate.

    3. Navigate the Active Directory tree to locate the assets you want to add, select the assets, and then click Add Assets.

  4. (Conditional) If you want to import assets from a text file, complete the following:

    1. Create a text file with a header line containing the columns Hostname, MajorType, and Addresses. Use a tab to separate the columns. In the Hostname column, type the fully-qualified domain names of the computers where you want to deploy agents. Optionally, you can specify the IP addresses in the Addresses column. In the Major Type column, specify whether the operating system is UNIX or Windows. For example:

      Hostname

      MajorType

      Addresses

      houidam101.us.netiq.corp

      Windows

       

      houidam102.us.netiq.corp

      Windows

      10.204.102.5

    2. In the Agent Manager, click Hosts List.

    3. Click Browse, navigate to the location where you saved the text file, and then click Open.

  5. (Conditional) If you want to manually add an asset, do the following:

    1. Click Host.

    2. Specify the host name or IP address of the computer. To specify multiple IP addresses, use a comma to separate the addresses.

    3. Select the appropriate operating system type, Windows or Linux/UNIX from the drop-down list.

    4. Click Add Assets.

You can now select the assets where you want to deploy agents and install the agents.

To install Windows Agent using Agent Manager:

  1. From Change Guardian main, click Integration > Agent Manager.

  2. Do one of the following:

    • (Conditional) If you have not previously added assets, in Agent Manager, under Asset Groups, click All Assets and then click Add Assets.

    • (Conditional) If you have previously added assets, in Agent Manager, click All Assets, then Manage Assets, and then Add.

  3. From the assets list, select the computers where you want to deploy the agent. If you select multiple computers, they must all use the same credentials.

  4. Log in as root to the computer that you want to connect and click Next.

  5. Click Manage Installation, and then select Install.

  6. Perform the following steps:

    1. For the agent version, select Windows Agent Agent Version, where Agent Version is the version of the agent you want to deploy.

    2. For the agent configuration, you can choose the default configuration. If you want to modify the default configuration, use the Edit option to customize the default configuration.

      Otherwise, if required, you can add a new configuration using the Add option.

    3. Click Start Installation

Agent Manager initiates the action that you selected. Use the In progress Tasks, Completed Tasks, and Failed Tasks tabs to monitor the progress.

NOTE:When you use the Agent Manager to install Windows agent, Agent Manager communicates with the agent via the Agent Management service.

5.2.2 Manual Installation

You can use the Agent Manager to download a silent installation package that contains the files necessary to install the Windows Agent without having to interact with the setup program.

Prerequisite:

Download the agent artifacts and certificates. See Downloading Agent Artifacts and Certificates section for the procedure.

To manually install the Windows agents:

  1. From Change Guardian main click, Integration > Agent Manager.

  2. Click All Assets > Manage Installation > Download.

  3. Select the Change Guardian Agent for Windows package.

  4. Specify the configuration you want to use, and then click Start Download.

    Agent Manager downloads ChangeGuardianAgentforWindows.zip to your computer.

  5. Copy ChangeGuardianAgentforWindows.zip to the computer where you want to install the Windows agent and extract the files.

    The silent installation package includes NetIQCGAgentSilentInstaller.exe and NetIQCGAgentSilentInstaller.config. Both files must be in the same directory. The configuration file contains the configuration you chose when you downloaded the silent installation package.

  6. Change the directory path to the location where you extracted the files, right-click NetIQCGAgentSilentInstaller.exe file and select Run as administrator option.

Downloading Agent Artifacts and Certificates

You must download the agent artifacts and its respective certificates package which contains the files that are necessary to install agents seamlessly.

When you download the agent artifacts and respective certificates, it is applicable for all the product agents. By default, during upgrade the existing agents will use the default certificates namely profile_iqc certificates. If you want to get newer certificates to ensure PCI compliance, you must switch the secure communication profile from profile_iqc to profile_javos. For more information, see Secure Communication Profile.

By default, during new installation of Change Guardian 5.0, the agents will use profile_javos certificates. If you have only Sentinel and/or Secure Configuration Manager installed, your agents will use the profile_iqc certificates by default.

NOTE:This is applicable for local installation and upgrade of Windows agents and Security Agent for UNIX.

To download the Agent certificates and artifacts:

  1. From Change Guardian main click, Integration > Agent Manager.

  2. Click All Assets > Manage Installation > Download.

  3. Select the Agent certificates and artifacts package.

  4. Specify the hostname and the IP address, and then click Start Download.

  5. Copy and extract ChangeGuardianAgentCertificates.zip file to the offline installer directory, before installing the agents.