Artykuły dotyczące produktów biznesowych

How do I create an MST transformation file to deploy ESET Remote Administrator Agent via SCCM or GPO? (6.x)

Problem

  • Prepare the ESET Remote Administrator Agent (ERA Agent) installer file for distribution via Group Policy Object (GPO) or Software Center Configuration Manager (SCCM).
     
  • Alternative method to distribute ERA Agent for enterprise environments or environments with a high number of client computers.

Szczegóły

This article details how to create a modified version of the ERA Agent Installer file for distribution in large to enterprise-level environments. The .msi file for the ERA Agent is separated from the .bat file available from ESET Remote Administrator and then modified so that it will be able to recognize the proper certificate and port for communication with your ERA Server after distribution to client computers.

Rozwiązanie

Prerequisites

To access the .msi Agent installer file

When you export the Agent installer file from ERA, it will be a .bat file. Run the .bat file as though you were installing Agent, but do not complete the installation. This will download the .msi, which you can then edit to create your MST file. See below for step-by-step instructions:

  1. Double click the .bat file to run it and click Cancel when the ESET Setup Wizard is displayed. This will download the .msi installer file without overwriting your existing ERA Agent.
     
  2. The .msi file will automatically be downloaded to the following directory:

    C:\ProgramData\ESET\RemoteAdministrator\Agent\SetupDate\Installer

I. Edit the ESET Remote Administrator installer file

  1. Click StartAll Programs Orca to launch Orca database editor.
     
  2. Click File Open, navigate to the ERA Agent installer file that you want to apply the transformation file to, select it and then click Open.
     
  3. Click Transform New Transform.

Figure 1-1
Click the image to view larger in new window

  1. Select Property from the Tables section, right-click anywhere in the list of property values and select Add Row from the context menu.

Figure 1-2
Click the image to view larger in new window

  1. Add the property P_HOSTNAME and type the hostname or IP address of your ESET Remote Administrator Server (ERA Server) into the Value field.
     
  2. Repeat steps 4 and 5 to add the property P_PORT, where the value is the port used to connect to your ERA Server (2222 by default).

Figure 1-3
Click the image to view larger in new window

  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.
     
  2. Click Admin Certificates Peer Certificates, locate the Agent certificate for the ERA Agents you will be distributing, click it and select Export as Base64. Save the exported file to your Desktop.

Figure 1-4
Click the image to view larger in new window

  1. Click Certificate Authorities, click your ERA Certificate Authority and select Export public key as Base64. Save the exported file to your Desktop.

Figure 1-5
Click the image to view larger in new window

  1. In Orca, add the following three rows to the file (see steps 4 and 5 above for instructions). See below for property value details:

    P_CERT_CONTENT: Copy the contents of the peer certificate file  into the value field (open it in a text editor such as notepad).

    P_CERT_PASSWORD: Only create this if your peer certificate requires a password. Enter the password to use the peer certificate.

    P_CERT_AUTH_CONTENT:  Copy the contents of the Certificate Authority public key file into the value field (open it in a text editor such as notepad).
     

Alternative method: make the certificate available locally

For special cases, you can substitute this method for step 10.

  1. Export the peer certificate for the Agent and the public key of the certificate authority used to sign the Server's peer certificate from the ERA Server. Make these files available to client computers using a shared folder or another resource that all clients can access.
     
  2. In Orca, add the following three rows to the file (see steps 4 and 5 above for instructions). See below for property value details:

    P_CERT_PATH: The path to the exported .pfx certificate.

    P_CERT_PASSWORD: Only create this if your peer certificate requires a password. Enter the password to use the peer certificate.

    P_CERT_AUTH_CONTENT: The path to the public key of the Certificate Authority that will be used to install ERA Agent.
  1. Click Transform Generate Transform and save the transform file to your Desktop. For step-by-step instructions to deploy this file, see the appropriate article below for the deployment method you will use:

Figure 1-6
Click the image to view larger in new window