Installing Dr.Web Agent Software via Active Directory

If the Active Directory service is used in the LAN, you can remotely install the anti-virus Agent on workstations using this service.

info

The Agent installation via Active Directory service is also available when using Distributed File System (see the Appendices document, p. Using DFS During Installation the Agent via the Active Directory section).

Dr.Web Agent Installation

To install the Agent using the Active Directory

1.Download the Dr.Web Agent installer for networks with Active Directory from the installation page.

2.Install Dr.Web Agent on the local network server supporting the Active Directory service. This can be made in the command line mode (A) or in the graphic mode of the installer (B).

info

If you upgrade Dr.Web Server, you do not have to upgrade Dr.Web Agent installer for networks with Active Directory. After upgrading the Dr.Web Server software, the Agents and the anti-virus software will be upgraded at the stations automatically.

(A) To Set All Necessary Installation Parameters in the Command Line Mode

Issue the following command with all necessary parameters and the obligatory parameter /qn which disables the graphic mode:

msiexec /a <package_name>.msi /qn [<parameters>]

The /a parameter launches installation of the administrative package.

Package name

The name of the installation package for the Agent through Active Directory usually has the following format:

drweb-13.00.0-<build>-esuite-agent-activedirectory.msi

Parameters:

/qn—disable the graphic mode. With this switch the following parameters are to be specified:

ESSERVERADDRESS=<DNS_name>—set the address of Dr.Web Server to which the Agent is to be connected. For the possible formats see the Appendices document, p. Appendix E.

ESSERVERPATH=<full_filename>—specify the full path to the certificate of Dr.Web Server and the file name (by default drwcsd-certificate.pem in the webmin/install subfolder of the Dr.Web Server installation folder).

TARGETDIR—the network folder for the Agent image (modified installation package), which will be select via the Group Policy Object Editor for the selected installation. This folder must have read and write access. The path should be given in the network addresses format even if the folder is a locally accessible resource; the folder should be accessible from the target stations.

warning

Before administrative installation, in the destination directory for the Agent image (see the TARGETDIR parameter), you should not place installation files manually. The Agent Installer for networks with Active Directory (<package_name>.msi) and other files required for installation of the Agents on workstations, will be placed into the destination folder automatically during administrative installation. If these files are present in the destination folder before the administration installation, e.g., from the previous installations, when the similar files will be rewritten.

If you need to perform administrative installation from different Dr.Web Servers, it is recommended that you specify different destination folders for each Dr.Web Server.

info

After deployment the administrative package, in the <destination_directory>\Program Files\DrWeb directory, only the README.txt file must resides.

Examples:

msiexec /a ESS_Agent.msi /qn ESSERVERADDRESS=servername.net ESSERVERPATH=\\win_serv\drwcs_inst\drwcsd-certificate.pem TARGETDIR=\\comp\share

msiexec /a ESS_Agent.msi /qn ESSERVERADDRESS=192.168.14.1 ESSERVERPATH="C:\Program Files\DrWeb Server\webmin\install\drwcsd-certificate.pem" TARGETDIR=\\comp\share

These parameters can alternatively be set in the graphic mode of the installer.

Next on a local network server, where Active Directory administrative tools are installed, appoint installation of the package (see procedure below).

(B) To Set All Necessary Installation Parameters in the Graphic Mode

warning

Before administrative installation, make sure that the destination directory for the Agent image does not contain Dr.Web Agent Installer for networks with Active Directory (<package_name>.msi).

info

After deployment the administrative package, in the <destination_directory>\Program Files\DrWeb directory, only the README.txt file must reside.

1.Issue the command

msiexec /a <path_to_installer>\<package_name>.msi

2.An InstallShield Wizard window with information on the program selected for installation will be opened. Click Next.

info

The Agent Installer uses the language specified in the language settings of a computer.

3.In the next window, specify the DNS name (preferred form) or the IP address of Dr.Web Server (see the Appendices document, p. Appendix E). Specify the location of the public key file of Dr.Web Server (drwcsd.pub). Click Next.

4.In the next window type the name of a network catalog, to which the image of the Agent is planned to be written. The path should be specified in the network addresses format even if the catalog is a locally accessible resource; the catalog should be accessible from the target stations. Click Install.

5.After installation is finished, the settings window displays which helps you configure installation of the package on network workstations.

Installation of the Package on Selected Workstations

1.In Control Panel (or in the Start menu for Windows 2003/2008/2012/2012R2 Server OS, in the Start → Programs menu for the Windows 2000 Server OS), select Administrative Tools → Active Directory Users and Computers (when you install Agent in the graphic mode, this window displays automatically).

2.In the domain containing the computers on which Dr.Web Agents are to be installed, create an organizational unit (hereinafter OU), name it, for example, ESS. To do this, in the domain context menu, select New → Organizational unit. In the opened window, type the new unit name and click OK. Include the computers, on which the Agent is to be installed, into this unit.

3.Open the group policy editor. To do this:

a)for Windows 2000/2003 Server OS: on the OU context menu, select Properties. In the opened window go to the Group Policy tab.

b)for Windows 2008 Server OS: select Start → Administrative tools → Group Policy management.

4.For the created OU, set the group policy. To do this:

a)for Windows 2000/2003 Server OS: click Add and create an element named ESS policy. Double-click it.

b)for Windows 2008/2012/2012R2 Server OS: on the created ESS OU context menu, select Create a GPO in this domain, and Link it here. In the opened window, specify the name of the new group policy object and click OK. In the new group policy context menu, select Edit.

5.In the Group Policy Object Editor window, specify the settings for the group policy created on step 4. To do this:

a)for Windows 2000/2003 Server OS: in the hierarchical tree, select Computer Configuration → Software Settings → Software Installations.

b)for Windows 2008/2012/2012R2 Server OS: in the hierarchical tree, select Computer Configuration → Policies → Software Settings → Software Installations.

6.On the context menu of Software Installations, select New → Package.

7.Specify the Agent installation package. To do this, specify the address of the network shared (resource which contains the Agent image you created during the administrative installation). The path should be specified in the network addresses format even if the catalog is a locally accessible resource.

8.A Deploy Software window will be opened. Select the Assigned option. Click OK.

9.In the Group Policy Object Editor window, select the added package. On the context menu of this element, select Properties.

10.In the opened package properties window, select the Deployment tab. Click the Advanced button.

11.An Advanced Deployment Options window will be opened.

Set the Ignore language when deploying this package flag.

If you plan to install Dr.Web Agent via the customize msi package on 64-bit OS, set the Make this 32-bit x86 application available to Win64 machines flag.

12.Click OK twice.

13.Dr.Web Agent will be installed on selected computers at their next registration in the domain.

Policies Assignment in Consideration of Previous Agent Installations

When you assign an Active Directory policy to install the Agent, you should consider a possibility, that the Agent is already installed at the station. There are three possible options:

1.Dr.Web Agent is not installed at the station.

After policies assignment, the Agent will be installed by general rules.

2.Dr.Web Agent is already installed at the station without using the Active Directory service.

After Active Directory policy assignment, installed Agent will remain at the station.

info

In this case, the Agent is installed at the station, but for the Active Directory service Agent is not installed. So, after every station startup, attempt of unsuccessful Agent installation will be repeated.

To install the Agent via the Active Directory, you must uninstall the Agent manually (or via the Control Center) and assign the Active Directory policy for this station repeatedly.

3.Dr.Web Agent is already installed at the station via the Active Directory.

Repeated assignment of a policy to a stations with Dr.Web Agent installed via the Active Directory service is not performed.

Thus, policies assignment will not take any affect to the anti-virus software state at the station.