Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Manual installation of Change Guardian Windows Agent requires two artifacts, e.g., Agent Certificate for target host and Installer. The Administrator should first generate the Agent certificate for the Agent host before proceeding with the installation.
The steps below will help administrators build a custom script within third party deployment solutions which can generate agent certificates and download Agent Installer artifacts.
For illustration purpose the code snippets are in Power shell syntax supporting version 5.1.
Prerequisite:
1 - Create a temporary user with the Administrator Role to interact with Server APIs.
2 - Download the Windows Agent Package in the machine in which tools e.g SCCM can be used to deploy agent remotely .
3 - Copy the Windows Agent Package to “C:\Windows\temp\“ folder using any tools e.g. SCCM to each agent machine .
param(
[String]$server = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server IP Address/FQDN"),
[String]$user = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server Username"),
[String]$password = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server Password")
)
Uninstalling the Windows Agent if installed .
Write-Host "Uninstalling the Windows Agent if installed ..." $app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -match "Netiq Change Guardian Agent" } $app.Uninstall()
Get the Authentication Token for accessing Server APIs as below.
POST Request Response for "https://${server}:8443/SentinelAuthServices/auth/tokens" should fetch the details of token which can be later used for accessing Agent Manager APIs.
Authorization header should be Base64 encoded.
Write-Host "Getting the Authentication Token for accessing Server APIs..."
$url = "https://${server}:8443/sentinel/views/logon.html"
Invoke-WebRequest -Uri $url -Method POST -Body @{username=$user;password=$password} -SessionVariable sv > $null
Write functions to fetch IP Address and FQDN of your Agent Host.
Write-Host "Fetching IP Address and FQDN of your Agent Host... "
$agentHostname = [System.Net.DNS]::GetHostByName($Null).HostName
$agentIP = Test-Connection -ComputerName (hostname) -Count 1 | Select -ExpandProperty IPV4Address
Write-Host "Agent Host Name: " $agentHostname
Write-Host "Agent Ip Address: " $agentIP
Call Agent Manager API to get Agent Certificates by providing Agent Hostname/IPaddress.
Write-Host "Calling Agent Manager API to get Agent Certificates by providing Agent Hostname/IPaddress... "
$cert_download_URL = "https://" $server ":8443/cg-api/ams/api/agent-manager/download/ChangeGuardianAgentCertificates_" $agentHostname ".zip?location=c0d42d81-eff6-4ea9-b1b7-ebc891600fa3&id=0&hostname=" $agentHostname "&ipaddress=" $agentIP
$certs_file = "ChangeGuardianAgentCertificates_" $agentHostname ".zip"
Write-Host "Downloading the Agent Certificate... "
Invoke-WebRequest -Uri $cert_download_URL -Method GET -WebSession $sv -Passthru -OutFile $certs_file >$null
Copy and extract both the artifacts to a temporary directory.
$randDir = [System.Guid]::NewGuid().ToString()
$tempDir = "C:\Windows\temp"
if (New-Item -Path $tempDir -Name $randDir -ItemType "directory")
{
Write-Host "$(Get-Date -format g) Temp Directory Created"
}
$archive_Path = $tempDir "\" $randDir
Expand-Archive -Path $installer_file -DestinationPath $archive_Path
Expand-Archive -Path $certs_file -DestinationPath $archive_Path -Force
Run the Agent Installer from Temporary directory.
Write-Host "Runing the Agent Installer from Temporary directory... "
$installed = Start-Process NetIQCGAgentSilentInstaller.exe -ArgumentList "/s" -Wait -Verb runas -WindowStyle Minimized -WorkingDirectory $archive_Path -PassThru
Note:
Due to self signed certificate usage Invoke Web cmdlets need to have a snippet of .NET Code to ignore certificate errors for PS Versions 4.0/5.0/5.1.