Detailed information about this topic
Once the Console is installed, you can deploy Clients to the computers on your domain in one of the following ways:
-
Client Deployment Settings Wizard: Deploy or uninstall clients on your computers in one pass.
NOTE: Available only in Privilege Manager Professional Edition and Professional Evaluation Edition.
-
Client Windows Installer file: Use PAClient.msi to install the Client locally on a computer (administrative privileges are required).
-
Microsoft Group Policy Management Console: Use login scripts or other software deployment techniques for mass-deployment.
To use the Client Deployment Settings Wizard to install the Privilege Manager Client
-
Start the Client Deployment Settings Wizard.
-
Open the Console.
-
Under the Getting Started section of the left navigation menu, click Setup Tasks.
-
Select the Deploy Client Wizard icon in the Advanced Configuration pane on the right. It always shows the default settings.
-
Choose one of the following options:
-
Not Configured: Enable child GPOs to inherit Client deployment settings from their parent.
-
Install Client: Install/upgrade Client software.
-
Remove Client: Remove Client software (for versions 3.0 and higher).
-
Unregister: Stop Client software installation GPO settings from applying.
-
Click Next.
-
Define the Server.
-
Click Browse to locate a Server through Active Directory.
-
To verify the connection of the selected Server to the ScriptLogic PA Reporting Service, click Test. If the test fails, check to see if there are network or firewall problems.
-
If you want to configure another Server, click the Clear the server name link. The displayed service remains installed.
-
Click Next to use Validation Logic to target the settings to specific client computers or user accounts within the GPO, or click Finish to save your settings and quit.
If an error message indicates that the target GPO is not selected:
-
Click OK to close the message window.
-
Open the GPO tab and select the desired GPO.
-
Click Save on the GPO toolbar to save the new settings.
-
To view the Client Deployment Settings, double-click Client Deployment Settings on the Advanced Policy Settings tab of the GPO.
-
Check that the Client is successfully deployed onto the computer. Ensure that:
-
The CSEHost.exe process is running.
-
The Client record is shown in the Add/Remove Programs tool.
-
The Privilege Manager icon and the right-click menu are available in the system tray on the client computer.
-
New GPO rules created by Privilege Manager are applied to Client computers following a group policy update.
To use the Client Windows Installer file to install the Client locally on a computer
-
To locate the Client MSI setup file, open the Console.
-
Click Additional Resources > Open Client Installation Folder. The Client file appears in a browser window.
-
Check that the Client is successfully deployed onto the computer. Ensure that:
-
The CSEHost.exe process is running.
-
The Client record is shown in the Add/Remove Programs tool.
-
The Privilege Manager icon and the right-click menu are available in the system tray on the client computer.
New GPO rules created by Safeguard Privilege Manager for Windows are applied to Client computers following a group policy update.
To install Clients on your domain via the Microsoft Group Policy Management Console (GPMC)
-
Copy the PAClient.msi file to a network share that can be read by all users. Or, just share the file folder (a share with the PAClient.msi file is configured automatically upon Server configuration).
-
To locate the Client MSI setup file, open the Console.
-
Click Additional Resources > Open Client Installation Folder. The Client file appears in the browser window.
-
Right-click Group Policy Objects and select New from the pop-up menu to open the Group Policy Management Console on the Server to create a new Group Policy Object (GPO).
-
Enter a name for the new GPO and click OK.
-
Right-click the new GPO and select Edit to open it.
-
In the Group Policy Management Editor, select Computer Configuration > Policies > Software Settings > Software installation. In the right pane, right-click the new GPO, and select New > Package.
-
If the client distribution GPO is computer-based (defined under Computer Configuration), enable the Always wait for the network at computer startup and logon policy, located in Computer Configuration > Policies > Administrative Templates > System > Logon). Otherwise, the Client installs after the second reboot of the client computer.
-
If the client distribution GPO is user-based (defined under User Configuration), then the Client installs after the first logon.
-
In the dialog that appears, browse to the PAClient.msi file on the network share where it was copied to.
-
Use the File name field to specify the Client location in the Universal Naming Convention (UNC) format:
\\computername\sharename\filename.msi
-
Click Open.
-
Select Assigned in the Deploy Software dialog.
-
Assign the new GPO to a domain or OU.
-
To assign it to a domain, right-click the domain in GPMC and select Link an Existing GPO.
-
Select the GPO in the dialog and click OK.
-
Check that the Client is successfully deployed onto the computer.
Ensure that:
-
The CSEHost.exe process is running.
-
The Client record is shown in the Add/Remove Programs tool.
-
The Privilege Manager icon and the right-click menu are available in the system tray on the client computer.
New GPO rules created by Privilege Manager are applied to Client computers following a group policy update.
NOTE: During updates, all Client settings and rule group policies are automatically updated. You have two options for initiating updates:
NOTE: The automatic Server upgrade may be unavailable if the ScriptLogic PA Reporting Service is not running.
-
If the Console detects that the Server component is installed on a remote computer, it instruct you to launch it on the remote computer.
-
If a message prompts you to upgrade your Server and database (installed locally with the reporting functionality of some prior Privilege Manager versions):
-
Click OK and follow the Privilege Manager Server Configuration Wizard to complete the following steps:
-
Install the missing SQL Server components from the Internet.
-
Back up your database.
-
Configure a shared folder for client mass deployment.
-
Click Finish to save the results and exit the wizard.
-
If a message displays indicating that the Privilege Manager Host Service that needs to be updated is currently in use, click OK to ignore the message.
-
To upgrade later, open the Privilege Manager Server Configuration Wizard and confirm that you are running the upgrade process before you configure the Server.
-
Until you have upgraded the Server and database, you will have problems installing the Server locally.
For more information, see Configuring the Server.
-
Re-configure your Client data collection settings, if necessary.
-
Select a GPO from the Group Policy Settings section.
-
Switch to the Advanced Policy Settings tab.
-
Double-click Client Data Collection Settings to configure settings using the Client Data Collection Settings Wizard. For more information, see Configuring Client data collection.
-
After you upgrade, By Digital Certificate rules will be saved as By Path to the Executable rules.
-
To upgrade Clients, install the newer version over the older one. For more information, see Installing the Client.
For more information, see Removing the Server.