Overview
There are two methods for including the agent in a gold image and deploying it to user devices:
- Use a deployment policy with a custom user detection script that excludes the usernames of administrators deploying the agent.
- Include only the installer files. Do not run the installer or otherwise install the app until after you deploy the gold image to a user device. The sequence is critical:
-
Get installer files for agents.
-
Copy your installer files to your gold image.
-
Deploy your gold image to your devices.
-
Run the agent installers on your devices.
Considerations
- This article uses the term gold image to describe a template for imaging user devices that includes pre-configured operating system files, settings, and applications. Other names for this concept include base image, clone image, system image, and desktop image.
- Gold images and devices must meet agent system requirements.
- For help with customization and scripts for agent installers, contact your Customer Success Manager (CSM) to engage the Professional Services team.
Insider risk agent
Exclude administrators in your custom user detection script
Excluding specific administrator users in the custom user detection script ensures the insider risk agent waits to perform the installation until the end user signs in to the device.
Sample excerpts of customer user detection scripts with excluded administrator users are listed below. See Deployment script and command reference for the insider risk agent for complete details. If you need help customizing a script for your environment, contact your Customer Success Manager (CSM) to engage the Professional Services team.
Windows script excerpt
REM List of Excluded users that shouldn't be used for Incydr install.
FOR %%G IN ("user1"
"user2"
"user3"
"admin"
"Administrator") DO (
IF /I "%currentuser%"=="%%~G" GOTO NOMATCH
)
:NOMATCH
echo Excluded or null user detected (%currentuser%). Will retry user detection in 60 minutes, or when reboot occurs.
GOTO :EOF
Mac script excerpt
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
Backup agent
Method 1: Exclude administrators in your custom user detection script
Excluding specific administrator users in the custom user detection script ensures the agent waits to perform the installation until the end user signs in to the device.
Sample excerpts of customer user detection scripts with excluded administrator users are listed below. See Deployment script and command reference for the backup agent for complete details. If you need help customizing a script for your environment, contact your Customer Success Manager (CSM) to engage the Professional Services team.
Windows script excerpt
REM List of Excluded users that shouldn't be used for agent install.
FOR %%G IN ("user1"
"user2"
"user3"
"admin"
"Administrator") DO (
IF /I "%currentuser%"=="%%~G" GOTO NOMATCH
)
:NOMATCH
echo Excluded or null user detected (%currentuser%). Will retry user detection in 60 minutes, or when reboot occurs.
GOTO :EOF
Mac script excerpt
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
Method 2: Deploy only the installer package
Deploying only the installer package to a gold image helps ensure that the agent detects the correct user, because the installer is executed by the user and not the administrator who deployed the gold image.
Step 1: Get installer files for agents
There are multiple ways to install agents, depending on how you wish to authenticate users and devices when the app installs and connects to the Incydr cloud.
The article Manage agent installations in your environment describes three options.
Select one option, and follow the linked instructions until you are told to run an install command or installer executable.
Option 1: Deploy agents silently with SSO
For an environment that uses SSO authentication, customize agent installers to connect and authenticate automatically. No user intervention is necessary.
Option 2: Install the default agent
Use the default installer executable, with no customization. The app opens a desktop interface and prompts the user for:
- Username and password
- Registration key (the identifier for for your organization)
- Server address (the domain URL of the Incydr cloud)
Step 2: Copy your installer files to your gold image
How you copy your agent installer files onto your base image depends on your software management tool.
How many and which files you copy also depends on your situation:
- Installer executables are *.msi, *.dmg, or *.tgz files, depending on the image's operating system.
- Mac installations include a plain-text configuration file, deploy.properties.
- Installers are typically invoked with scripts that provide your custom command arguments.
Step 3: Deploy your gold image to your devices
How you deploy a base image to devices is outside the scope of this article. However, you must deploy the image before invoking the installer for the backup agent.
Step 4: Run the agent installers on your devices
Use a software management tool or the device operating system to launch a script or task that runs the agent installer.
For SSO and manual sign on (options 1 and 2 above), the installer needs to run after a user logs in to the device, because the most recently logged in username becomes the name used to sign in to the agent.
Related topics
Comments
Please sign in to leave a comment.