HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer) file which makes it easy to deploy within a Windows domain environment, or indeed on any standalone Windows computer. For large network deployments it makes sense to be able to deploy the Cloud Link client software silently and without requiring supervision to answer any prompts. This is possible in two ways - using either a login script or a Group Policy Object (GPO). In most automated deployments it will also be necessary to pre-configure options in the MSI so that after installation the Cloud Link software is ready to use. This would include setting options that are unique to each customer, such as global password, Active Directory authentication and user credentials. It is possible to do this via command line parameters (see http://www.censornet.com/en/kb/command_line_parameters_for_cloud_link) however this means you can only use the login script option and not Group Policy. Also, sometimes you do not want sensitive information such as passwords visible in a startup script. The solution is to use the Microsoft tool "Orca" which is part of the Windows Server SDK, to create a set of configuration options that will override the default. This method is compatible with both login script and Group Policy Object deployment. This document will discuss how to use Orca to create configuration overrides and then provide a practical example of how to use either a script based deployment or Group Policy Object deployment. This document has been written for Windows Server 2008r2 however the steps will be similar with previous versions of Windows Server. REQUIREMENTS Download and install Orca - http://www.microsoft.com/en-us/download/details.aspx?id=6510 Download the latest version of Cloud Link - http://www.censornet.com/en/kb/how_to_install_cloud_link_software_for_use_with_hosted_web_s ecurity PLACING THE MSI FILE IN A SHARED FOLDER The first step is to place the Cloud Link MSI file (e.g. Setup64.msi) in a shared folder that can be accessed from all the target remote machines that you want to install Cloud Link on to. The shared folder needs to be accessible via a UNC (Universal Naming Convention) path, e.g. \\server\share\setup64.msi Also ensure that the shared folder allows read access from Domain Computers: 1
In this document we will assume the server name is dc and the shared folder is called deploy and this will contain the Setup64.msi. Therefore the UNC path would be \\dc\deploy\setup64.msi USING ORCA TO CREATE CONFIGURATION OVERRIDES Right click on Setup64.msi in the shared folder and click Edit with Orca. If you do not have an Edit with Orca menu option please install Orca first. IMPORTANT : Go to the Transform menu and click New Transform 2
This is an important step - do not edit the original MSI file. A transform file allows you to override the default settings when the MSI is installed. It is therefore possible, should you wish, to have multiple transform files to suit different deployment options you may need. Scroll down to the Property table in the left hand list and click on it. Right click anywhere in the right hand pane and click Add Row. You can now add a configuration setting override. For example, to set the global password the Property would be PASSWORD and the Value would be the actual global password to set. Click OK to add the override and check that it is correct by scrolling down to the bottom of the right hand pane. Repeat the process to add more overrides using the parameters detailed here: http://www.censornet.com/en/kb/command_line_parameters_for_cloud_link 3
Once you have added all the overrides you require, go to Transform and click Generate Transform. Navigate to the shared folder where the MSI is located and save the transform file, e.g. Setup64.mst Close Orca. The MSI is now ready for deployment using one of the options documented below. OPTION 1 - USING COMMAND LINE OR LOGIN SCRIPT Execute the following with administrator rights via a batch file or on the remote command line of the computer you wish to install Cloud Link for Windows on. msiexec /i \\dc\deploy\setup64.msi TRANSFORMS=\\dc\deploy/Setup64.mst /qn This will silently install the software using the settings configured in the transform file and without prompting the user at all. OPTION 2 - USING GROUP POLICY OBJECT Log in to your Windows Server as an Administrator and start the Server Manager. In this example, we are going to create a new group that will have the Cloud Link GPO assigned to it. The group will contain at least one computer that we want to remotely install the Cloud Link software on to. In the Server Manager, expand the Roles tree, then Active Directory Domain Services and Active Directory Users & Computers. Then expand your domain and click the default Users container. Right click and create a New Group. Now go to the Computers container and select at least one computer. Right click and select Properties then Member Of. Click Add and select the new group that was just created. 4
Now we have at least one computer to push the Group Policy Object to, so the next step is to actually create the Group Policy Object. In the Server Manager expand the Features option then Group Policy Management and expand your domain. Right click the domain and click Create GPO in this domain, and Link it here... Give the new GPO a useful name: The GPO will appear in the tree view. Right click on it and select Edit. Under Computer Configuration expand Policies then Software Settings Right click Software Installation and select New Package 5
IMPORTANT - do not browse to the path using the dialog. The MSI must be specified by its UNC path as discussed earlier in this document. Failure to do this will cause the remote installation to fail. Therefore enter the path directly in the file browser, e.g. \\dc\deploy\setup64.msi On the next dialog, select Advanced. On the Deployment tab make sure that Uninstall this application when it falls out of the scope of management is ticked if you want the Cloud Link software to be uninstalled when the Group Policy Object is deleted. On the Advanced tab ensure that Ignore language when deploying this package is ticked to avoid any problems with non en-gb locales on remote computers. On the Modifications tab click Add and enter the UNC path to the transform file that you created earlier using Orca, e.g. \\dc\deploy\setup64.mst - like the MSI path you must use the UNC path 6
This will ensure the configuration overrides are applied during installation of the MSI. The Group Policy Object has now been defined. Close the Group Policy Editor. In the Server Manager again click on the newly created Group Policy Object and under Security Filtering remove any entries and add the group that you created earlier in this section. This will limit the Group Policy to only running on the intended computers. TESTING THE GROUP POLICY OBJECT On one of the remote machines test the new GPO by opening a command prompt and running: gpupdate /force /boot This will force a refresh of the computers' group policy and reboot the computer. On the next valid log in, the Cloud Link software will install. If there are any problems open the Event Viewer on the computer where installation has failed and check the Application and System logs for clues as to why the GPO failed. 7