You can run the installation program (setup.exe) in administrative mode to create a Windows Installer MSI package. The following sections explain how to create and distribute the MSI package.
Copy the installation program, SSL certificate, and product license file to the machine you want to use to create the MSI package:
Copy one of the following directories from the installation media to the target machine:
Windows 2000/XP Security Client: \Installs\CL
Windows Vista/7 Security Client: \Installs\CL_VISTA
Copy the Management Service SSL certificate (ESM-MS.cer or the enterprise certificate) to the CL or CL_VISTA directory.
If you are not using the Management Service (a non-directory service configuration), you can skip this step. In a non-directory service configuration, there is no Management Service for the Security Client to connect to and therefore no certificate.
Copy the Novell license file (license.dat) to the CL or CL_VISTA directory.
Without the license file, the Security Client is installed in 60-day evaluation mode. If the Security Client connects to a Management Service, you do not need to include the file; when it connects, it receives the license information from the Management Service. If you are not using the Management Service (a non-directory service configuration) or the Security Client does not connect to the Management Service within 60 days of installation, you need to include the license file with the installation program.
Launch setup.exe using the following syntax:
setup.exe /a /V"variables"
For example:
setup.exe /a /V"/qn /L*v c:\log.txt"
The following table explains the available command line variables:
Command Line Variable |
Description |
---|---|
STDRV=stateful |
Applies only to the Windows 2000/XP Security Client. This option changes the default state of the NDIS driver from All Open to All Stateful. This permits all network traffic from boot time until the Security Client determines its location and applies the appropriate location policies. |
/qn |
Suppresses the typical MSI Installation process to perform a quiet installation. Forces an immediate reboot upon completion without user notification. Use the STRBR variable to stop a reboot. |
STRBR=ReallySuppress |
Does not reboot the machine after installation. The Security Client is not activated until the user (or another method) reboots the machine. |
STNMS=”MS Name” |
Changes the Management Service to which the Security Client connects. |
POLICYTYPE=0 |
Instructs the Security Client to attempt to authenticate through the endpoint device’s Active Directory computer account to receive computer-based policies, The Security Client attempts to authenticate using the computer’s Active Directory domain credentials. If authentication fails, the Security Client displays a login prompt that allows the user to select a directory service (Active Directory or eDirectory) and specify credentials. |
POLICYTYPE=1 |
Instructs the Security Client to attempt to authenticate through the user’s Windows login accout to receive user-based policies. The Security Client attempts to authenticate to Active Directory using the user’s Windows login credentials. If authentication fails, the Security Client displays a login prompt that allows the user to select a directory service (Active Directory or eDirectory) and specify credentials. |
POLICYTYPE=3 |
Applies only to the Windows 2000/XP Security Client. Instructs the Security Client to attempt to authenticate through the user’s eDirectory user account (as supplied in the Novell Client) to receive user-based policies in Novell eDirectory. The Security Client receives its credentials from the Novell Client without prompting the user. In order for the Security Client to receive the user credentials from the Novell Client, the Novell Client must be a specific version. For details, see Novell TID 7005278. |
POLICYTYPE=4 |
Applies only to the Windows 2000/XP Security Client. Instructs the Security Client to attempt to authenticate through the endpoint device’s eDirectory workstation account to receive computer-based policies. To use this option, Novell ZENworks 7 Desktop Management must be installed. For more information, see Section 2.2.4, Directory Services Requirements. |
STVA=”Adapter name” |
Adds a Virtual Adapter. Use this option to activate policy control over a virtual adapter |
STSESCANCEL=1 |
Removes the Cancel button from the Enter Decryption Password dialog box. Removing the Cancel button forces the user to enter the decryption password. |
/L*v c:\log.txt |
Turns on logging. Use to activate logging at installation. If it is not done now, you must do it through the Security Client’s Diagnostics tools. See |
Complete the MSI package creation, using information from the following table. Each row of the table corresponds to one of the installation program screens that requires input.
If you haven’t done so already, click
to create the MSI package.The MSI package, which is created in the location you specified, includes two components:
The ZENworks Security Client.msi file, which includes the installation settings and information.
The resource folders (Binaries, MSSoap, program files, System, and System32) that contain the installation files.
If you move the MSI package, you need to move both components.
The Security Client is installed with a default policy, referred to as the resource policy. The resource policy is in effect until the Security Client receives a distributed policy. This occurs when the client connects to the ZENworks services or when you export a policy file from the standalone Management Console and manually distribute it to the client.
If you want to apply a distributed policy immediately, you can include it in the MSI package. As soon as the Security Client starts after installation, the distributed policy is applied.
In the Management Console, create the policy you want to distribute with the MSI package (see Security Policies
in the ZENworks Endpoint Security Management 4.1 Administration Guide for details).
Export the policy, then rename the policy to policy.sen..
The policy must be named policy.sen in order for the Security Client to accept it.
Copy the policy.sen and the setup.sen files to the MSI package’s program files\Novell\ZENworks Security Client folder.
The two new policy files replace the existing policy.sen and setup.sen files.
If you don’t already have a method for distributing software to machines, here are some possibilities:
If you own ZENworks 10 Configuration Management, distribute the MSI package as a bundle. See the ZENworks 10 Configuration Management Software Distribution Reference.
If you own ZENworks 7 Desktop Management, distribute the MSI package as an application object. See the ZENworks 7 Desktop Management Administration Guide.
If you use Active Directory, use a Group policy’s Computer Configuration to distribute the MSI package.
Place the MSI package on a network share or Web server from which users can launch the ZENworks Security Client.msi file.