サポートと今すぐチャット
サポートとのチャット

Safeguard Authentication Services 5.1.1 - Installation Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Installing and configuring Safeguard Authentication Services Installing and joining from the Unix command line Getting started with Safeguard Authentication Services Troubleshooting Enterprise package deployment

Customizing installation options

To install specific Safeguard Authentication Services Windows components

  1. From the Software License Agreement dialog, click the Customize installation options link.
  2. In the Installation Options dialog, select the components and options you want to install and click OK.

    Available components:

    • Core Components (required)
    • ADUC Extensions
    • Group Policy Extensions
    • Documentation
    • Safeguard Authentication Services Control Center

    Available options:

    • Install Start Menu Shortcuts
    • Install Desktop Shortcuts

    Note: You must install the Core Components.

  3. To add other Safeguard Authentication Services components later or modify the current installation of Safeguard Authentication Services, run the setup wizard again.

    From the root of the distribution media, double-click the autorun application.

Installing using msiexec.exe

You can install specific Safeguard Authentication Services components from the Windows command line using Msiexec.exe, the Microsoft Windows Installer program, which processes product installation files in the .MSI format. You can either double-click the individual Safeguard Authentication Services component .msi files or you can run msiexec.exe to install, modify, and perform other operations from the Windows command line.

The individual Safeguard Authentication Services component .msi files, located on the distribution media in the windows folder, are:

  • aducX64.msi: Installs the Active Directory Users and Computers Unix extensions for user and group management on a Windows 64-bit platforms.
  • aducX86.mis: Installs the Active Directory Users and Computers Unix extensions for user and group management on a Windows 32-bit platforms.
  • cc.msi: Installs the Control Center extension.
  • corX64.msi: Installs the core packages on a Windows 64-bit platform.
  • coreX86.msi: Installs the core packages on a Windows 32-bit platform.
  • doc.msi: Installs the User Documentation.
  • GpSettingsX86: Installs the Safeguard Authentication Services Group Policy settings reporting library used by third parties such as Change Auditor and Group Policy Manager to report on Group Policy settings.
  • gpX64.msi: Installs the Group Policy extension on a Windows 64-bit platforms.
  • gpX86.msi: Installs the Group Policy extension on a Windows 32-bit platforms.

You can use the following properties on the command line when installing the individual Safeguard Authentication Services components.

Table 9: MSI properties
MSI property Description
INSTALLFOLDER Specifies the directory where you want to install the package. (Core X86 only.)

Default: %PROGRAMFILES(X86)%\Quest Software\Authentication Services

INSTALLDESKTOPSHORTCUTS Specifies whether or not to install desktop shortcuts.

Default: 0 (Do not install desktop shortcuts.)

INSTALLSTARTMENUSHORTCUTS Specifies whether or not to install Start menu shortcuts.

Default: 0 (Do not install Start menu shortcuts.)

ARPSYSTEMCOMPONENT Specifies whether or not to add an entry in the Uninstall or change a program interface (Add/Remove Programs) for each individual component (ADUC, Group Policy, and Control Center).

Default: 0 (Add entry in Add/Remove Programs.)

NOCHANGEPSPOLICY Specifies whether or not to allow PowerShell execution policy modifications. (Core X86 only.)

Default: 0 (Allow PowerShell policy modifications.)

The following procedures show examples of using the MSI Properties from the Windows command line.

To install Safeguard Authentication Services Windows components using Msiexec.exe

  1. To install the Control Center, enter the following:
    msiexec /i cc.msi

    Note: Run msiexec -help to see the full command syntax.

  2. To specify the install directory path for the core packages, enter:
    msiexec INSTALLFOLDER=%SystemDrive%:\<Directory> /i coreX86.msi

    Note: By default, the installation directory is:

    • On Windows 64-bit platforms:
      %SystemDrive%:\Program Files\Quest Software\Authentication Services
    • On Windows 32-bit platforms:
      %SystemDrive%:\Program Files (x86)\Quest Software\Authentication Services

  3. To install the Control Center and create a Desktop icon for it, enter:
    msiexec INSTALLDESKTOPSHORTCUTS=1 /i cc.msi
  4. To install the Control Center and create a Start menu shortcut for it, enter:
    msiexec INSTALLSTARTMENUSHORTCUTS=1 /i cc.msi
  5. To install the ADUC extensions and add a separate entry in the Uninstall or change a program interface for it, enter:
    msiexec ARPSYSTEMCOMPONET=0 /i aducX64.msi

    Note: Setting ARPSYSTEMCOMPONET to 1 prevents the application from displaying in the Uninstall or change a program interface (Add/Remove Programs).

  6. You can apply several MSI properties simultaneously, as in the following example:
    Msiexec.exe INSTALLFOLDER=C:\foo INSTALLDESKTOPSHORTCUTS=1 INSTALLSTARTMENUSHORTCUTS=0 ARPSYSTEMCOMPONENT=1 NOCHANGEPSPOLICY=1 /i corex86.msi

    If you run this command line, the Core X86 package will be installed into C:\foo, icons will be added to the Desktop, but no Start menu shortcut will be added. Furthermore, this package will not be listed in the Uninstall or change a program interface (Add/Remove Programs) and the PowerShell Execution Policy will not be updated.

To uninstall Safeguard Authentication Services components from the Windows command line

  1. To uninstall the Control Center, enter the following:
    msiexec /uninstall cc.msi

    Notes:

    You can specify either /uninstall or /x.

    If you manually install MSI files, take care to uninstall them in the reverse order that they are installed. For example if you install CoreX86 and AducExtensionsx86 remove them in this order: AducExtensionsx86, then Corex86.

Configure Active Directory

To utilize full Active Directory functionality, when you install Safeguard Authentication Services in your environment, One Identity recommends that you prepare Active Directory to store the configuration settings that it uses. Safeguard Authentication Services adds the Unix properties of Active Directory users and groups to Active Directory and allows you to map a Unix user to an Active Directory user. This is a one-time process that creates the Safeguard Authentication Services application configuration in your forest.

Note: To use the Safeguard Authentication Services Active Directory Configuration Wizard, you must have rights to create and delete all child objects in the Active Directory container.

If you do not configure Active Directory for Safeguard Authentication Services, you can run your Safeguard Authentication Services client agent in Version 3 Compatibility Mode, which allows you to join a host to an Active Directory domain.

For more information, see Version 3 Compatibility Mode..

You can also create the Safeguard Authentication Services application configuration from the Unix command line, if you prefer. For more information, see Creating the application configuration from the Unix command line..

Configuring Active Directory

The first time you install Safeguard Authentication Services in your environment, One Identity recommends that you perform this one-time Active Directory configuration step to utilize full Safeguard Authentication Services functionality.

Note: If you do not configure Active Directory for Safeguard Authentication Services, you can run your Safeguard Authentication Services client agent in Version 3 Compatibility Mode, which allows you to join a host to an Active Directory domain.

For more information, see Version 3 Compatibility Mode..

To configure Active Directory for Safeguard Authentication Services

  1. In the Safeguard Authentication Services Active Directory Configuration Wizard Welcome dialog, click Next.
  2. In the Connect to Active Directory dialog:
    1. Provide Active Directory login credentials for the wizard to use for this task:
      • Select Use my current AD logon credentials if you are a user with permission to create a container in Active Directory.
      • Select Use different AD logon credentials to specify the Active Directory credentials of another user, enter the User name and Password.

      Note: The wizard does not save these credentials; it only uses them for this setup task.

    2. Indicate how you want to connect to Active Directory:

      Select whether to connect to an Active Directory Domain Controller or One Identity Active Roles Server.

      Note: If you have not installed the One Identity Active Roles Server MMC Console on your computer, the ActiveRoles Server option is not available.

    3. Optionally enter the domain or domain controller and click Next.
  3. In the License Safeguard Authentication Services dialog, for Add a license, browse to select your license file and click Next.

    Refer to About licenses for more information about licensing requirements.

    Note: You can add additional licenses later from Safeguard Authentication Services Control Center | Preferences | Licensing.

  4. In the Configure Settings in Active Directory dialog, accept the default location in which to store the configuration or browse to select the Active Directory location where you want to create the container and click Setup.

    Note: You must have rights to create and delete all child objects in the selected location. For more information on the structure and rights required see Windows permissions.

  5. Once you have configured Active Directory for Safeguard Authentication Services a message like this displays: You've successfully completed the setup. Click Close.

    The Control Center opens. You are now ready to configure your Unix Agent Components.

    Proceed to Configure Unix agent components

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択