Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
3
Helpful
5
Replies

Best way to rollout CSA to desktops in Windows environment?

robdog01
Level 1
Level 1

‎12-03-2004 04:31 PM - edited ‎03-09-2019 09:39 AM

Given the fact that most users do not have local administrative permissions on their WinXP systems, what is the recommended method of rolling out the CSA client in a Win2000 AD environment?

Is there any way to make the Agent Kit a .msi file for AD distribution? Anything else?

Thanks!

Labels:
0 Helpful
5 Replies 5

nkhawaja
Cisco Employee
Cisco Employee

‎12-04-2004 09:46 PM

Hi,

Yes there is. I know some folks use remote distribution etc. like Altiris for distributing it to clients

thanks

Nadeem

rabrackett
Level 1
Level 1

‎12-20-2004 05:31 AM

We've had good success just using VB scripts to copy the agent executable to the workstation and then executing a scheduled task to install it. There are numberous VB scripting examples on the Web for that.

I did see a customer once try it with PSEXEC from the Sysinternals PSTOOLS kit. There was a particular issue in that about 20% of the agents (this was 4.0.2) didn't report back to the CSA MC after setup completed. We had to uninstall and reinstall those agents to get them working.

0 Helpful

frevere
Level 1
Level 1

‎12-27-2004 06:35 AM

I have created a security group called "local admims" in our Active Directory. Before distributing the laptops, I added the group "local admins" to the local Administrators group. Then whenever software or a new CSA client needs to be installed, I just add the user to the AD "local admins" group, which gives them Administrator rights to the PC/laptop. After installation, remove the user from the group and they no longer have any adminsrator rights. This works great for all software installations.

0 Helpful

rabrackett
Level 1
Level 1
In response to frevere

‎12-27-2004 06:39 AM

How do you prevent the user from performing other priveleged actions during the period they retain enhanced permissions? Couldn't they just add their domain account to the local Administrator's group or create themselves a new local account on the laptop to use when they want to perform a priveleged operation?

0 Helpful

anonymousp
Level 1
Level 1
In response to rabrackett

‎12-29-2004 08:24 AM

Just a tip (or learn from my mistakes):

Do not attempt to install CSA remotely via RDP (Terminal Services). The install interupts the network stack, disconnecting the RDP client. The agent kit installer session ends up in la-la land.

0 Helpful
Customers Also Viewed These Support Documents