8.1 Using the Setup Program to Install

This section guides you through the process of installing Windows agents using the NetIQSecurityAgentForWindows.msi setup program. By default, the setup program uses the local system account for the Windows agent service. You can assign a different account to the agent service to provide different permissions when you run the service. You can also specify the ports that the agent uses to communicate with Secure Configuration Manager. The agent communicates with Secure Configuration Manager Core Services using encrypted SSL protocol.

WARNING:The installation procedure requires the Workstation service to be running, and must be performed locally. Performing the installation from a remote share can cause issues or errors with the installation.

NOTE:Use the setup program only if you are installing the Windows agent for the first time. Use the command line to update an existing version of the Windows agent. For more information about using the command line for installation, see Using the Command Line to Install.

To use the setup program for installing the Windows agent:

  1. Log in with an administrator account to the computer on which you want to install the Windows agent components.

  2. Start the Workstation service.

  3. Run the NetIQSecurityAgentForWindows.msi setup program from the root folder of the Windows agent installation kit.

  4. In the setup window, click Next.

  5. Read the license agreement. If you accept the terms of the agreement, select I accept the terms in the license agreement, and then click Next.

  6. (Optional) To specify an account other than LocalSystem for the Windows agent service, complete the following steps:

    1. Deselect the Run agent service as a LocalSystem account check box.

    2. In the Service Account field, type the user name of the account you want to assign to the agent service.

      NOTE:

      • The agent service requires an account with administrative permissions to function properly.

      • (Conditional) If you start the service within a specific domain, you must specify the domain name using the domainname\username format. For example, AcmeMidWest\smithj.

      • (Conditional) If you specify a local account on a workgroup computer, you must either specify the workgroup name using the workgroupname\username format, or type a space in the User Name field. Leaving the field blank results in an error.

    3. In the Service Password field, type the password for the specified service account.

      The setup wizard validates the specified service account when you click Next.

  7. In the Agent Port field, specify the port that the Windows agent uses to listen for communications from Secure Configuration Manager Core Services. For more information about ports, see Understanding Port Requirements.

  8. (Conditional) If this is a new installation, you can choose where to install the product. If you previously installed a version of the Windows agent on this computer, the setup program installs the product in the previous installation folder.

  9. Click Next.

  10. (Conditional) To automatically register the agent with Secure Configuration Manager, complete the following steps:

    1. In the Core Services Computer field, specify the DNS name, NetBIOS name, or IP address of the Secure Configuration Manager Core Services computer. For example, type NQ1234Dev.NetIQ.com for the DNS name.

    2. In the Core Services Port field, specify the port that Core Services uses to listen for communications from the agent. If you change the default value of 1627, you must update the Network tab of the Core Services Configuration Utility to match the change.

    3. (Optional) To verify that the agent computer can connect to the specified Core Services computer, click Test Connection.

  11. (Conditional) To register the agent manually later, leave the Core Services Computer field blank.

  12. Click Next. Review your installation selections.

  13. Click Install to install the product.

  14. Click Finish to exit the setup program.

  15. To enable complete functionality in the Windows agent after installation, on the computers where the agent is installed, start the following Windows services:

    • DHCP Client

    • Workstation

  16. Repeat Step 1 through Step 15 on each computer where you want to install the Windows agent.

  17. Verify that each agent is registered with Secure Configuration Manager Core Services. For more information about managing systems and manually registering agents, see the User’s Guide for Secure Configuration Manager.

  18. Check AutoSync updates to ensure that the agent audits the latest security intelligence. For more information about AutoSync, see the User’s Guide for Secure Configuration Manager.