Web Security - Installing the Mimecast Security Agent for Windows using Group Policy Object

Updated
This article describes how to install the Mimecast Security Agent for Windows using Group Policy Object (GPO), and is intended for use by Administrators.

Prerequisites

Before deploying the Mimecast Security Agent for Windows to client machines, you must ensure the following prerequisites have been met:

Creating a Transform File (.MST)

These instructions describe how to create a transform file (.MST) using Orca. You can use other third-party software capable of creating transform files, but these are not covered here.

You can create a transform file using Orca by using the following steps:

  1. Download and install Orca.
  2. On the machine where Orca is installed, download the Mimecast Security Agent for Windows MSI File. See Installing the Mimecast Security Agent for Windows.
  3. Extract the .ZIP file to a directory.
  4. Start Orca via the Start Menu.
  5. Click on the File | Open.
  6. Select the MimecastSecurityAgentWorkstation64.msi file from the extracted .ZIP file directory.
  7. Click on the Open button.
  8. Click on the Transform | New Transform.
    New Transform from Orca
  9. Select the Property table.
    Property table
  10. Click on Tables | Add Row.
    Add row

    Newer versions of the agent already have the LICENSEKEY property, meaning step 10 can be skipped.

  11. Complete the Add Row dialog as follows:
      • Property: LICENSEKEY
      • Value: Enter the license key and click OK. This can be obtained either from the:
        • Mimecast Administration Console. Navigate to Web Security | Agent Settings and select the Installation tab.
        • Customerkey file that forms part of the Mimecast Security Agent installation download.
  1. Click on the OK button to add the LICENSEKEY property to the table.
  2. Click on the Transform | Generate Transform menu item. The Save Transform As dialog is displayed.

    Generate Transform
  3. Specify a transform File Name in your chosen directory.
  4. Click on the Save button.

Installing the Mimecast Security Agent for Windows using GPO

You can install the Mimecast Security Agent for Windows using GPO with the .MST file by using the following steps:

  1. Open the Group Policy Management Console on the machine you use to manage your GPOs.
  2. Create a GPO in the Forests | Domains | Group Policy Objects folder, giving it an appropriate name (e.g. Mimecast Security Agent for Windows). See Microsoft's Create Group Policy Object support documentation.
      Create a GPO
  3. Right-click the GPO node.
  4. Select the Edit menu item. The Group Policy Management Editor dialog is displayed.
  5. Right-click the Computer Configuration | Policies | Software Settings | Software Installation node.
  6. Select the New | Package.
      Select the New Package
  7. Select the .MSI File using the UNC path of the network shared location (e.g. \\server1\MimecastWSAgent). See Microsoft's Use Group Policy to remotely install software support documentation.

    The .MSI file must be placed on a shared network drive to enable the GPO option to install the MSA remotely.

  8. Click on the Open button. The Deploy Software dialog is displayed.
  9. Select the Advanced option and click on the OK button. The Mimecast Security Agent Properties dialog is displayed.
  10. In the Mimecast Security Agent Properties dialog, click on the Add button in the Modifications tab.
      Mimecast Security Agent Properties
  11. Select the .MST File created above and click on the Open button.
  12. It is recommended that the following settings be configured to ensure the MSI distribution process is smooth and seamless:
    Setting Value
    Computer Configuration\Policies\Administrative Templates\Windows Components\Window Installer\Always install with elevated privileges Enabled
    Computer Configuration\Policies\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon Enabled
    Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure software Installation policy processing Enabled and check Allow processing across a slow network connection
  13. It is recommended that the following settings be configured to ensure the MSI distribution process is smooth and seamless:
  14. Depending on how you control the deployment of GPOs in your organization, assign the GPO to an Organization Unit (OU) that contains either the:
      • Target machines
      • Security groups that contain your target machines.

        We recommend you test the GPO with a test machine before deploying it to production machines.

  1. Once the machines have picked up the GPO, they must be restarted twice:
      • The first restart is for the installation of the Microsoft Security Agent, due to changes to the GPO.
      • The second post installation restart is for the agent to enter Protected Mode.

The automated install process installs the following prerequisite software automatically:

      • Microsoft Visual C++ 2017 Redistributable.
          Microsoft Visual C++
      • Microsoft Message Queue (MSMQ) Server.
          Microsoft Message Queue

 

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.