Navigation:  Installing EventSentry > Remote Agent Installation >

Deploying the EventSentry Agent MSI

 Top  Previous  Next

In most cases you will want to initially deploy the EventSentry agent using the remote update feature of the management console, this however requires that the remote hosts have SMB file sharing enabled, that the ADMIN$ share exists, and that the user running the Management Console has rights to add new files to the remote ADMIN$ share.

 

If your network infrastructure does not fulfill these prerequisites or if you prefer to deploy the agent using an MSI file then you can follow the instructions here to prepare an MSI file. You can then use any software capable of deploying MSI files to install the agent on remote machines. Once the agents have been deployed successfully you can use the management console to push configuration updates using only the ES$ share, which does not require the ADMIN$ share or administrative permissions.

 

EventSentry ships with a template MSI file that will have to be modified before it can be deployed. Currently, you will need to install the following two (free) applications in order to prepare the MSI package:

 

ORCA, part of the Windows Installer SDK from Microsoft at this URL: http://support.microsoft.com/kb/255905
Zip 2 Secure EXE or another application capable of compiling a .reg file into an executable

 

1. Creating a self-extracting archive

Before you can deploy the MSI file, your configuration needs to be "injected" into the MSI file, so that it contains your license information, configuration and so on. You can obtain your configuration by exporting it from the management console.

 

clip0011

 

a) From inside the Management Console, select 'File' and then 'Export'.

 

clip0012

 

b) Save to a file with the name eventsentry_svc.reg (the filename is important, your MSI file will not work if it is named differently).

 

Alert or Warning 1 24 n g

The filename is important, your MSI file will not work if the registry file is named differently.

 

c) This .reg file must be compiled into an executable program that will extract it to your %SYSTEMROOT%\system32\eventsentry directory without any prompts for a destination location. This can be accomplished via many different methods and compilers (only one method will be discussed here).

 

 

d) You will first need to create a ZIP file that has the previously created registry file inside of it. You can use any compression application for this purpose, for as long as the result is an application that will extract the eventsentry_svc.reg file into the %SYSTEMROOT%\system32\eventsentry directory.

 

e) Navigate to http://www.chilkatsoft.com/ChilkatSfx.asp and download “Zip 2 Secure EXE”  that will let you create an executable from a zip file.

 

zip_2_secure_exe

 

f) In "ZIP 2 Secure EXE Creator", select the ZIP file, choose the 'Auto-select TEMP directory for unzipping' option and specify %SYSTEMROOT%\system32\eventsentry as the Hard-Coded Unzip Dir. Also clear the "Show Main Dialog" and "Show Progress Dialog" check boxes. The newly created executable will be named the same as the ZIP file but with an EXE extension.

 

2. Installing the Windows Platform SDK to obtain ORCA

 

 

a) You can minimize the components being installed by only choosing the 'Tools' option from the 'Microsoft Windows Installer SDK' package.

 

b) Once that is installed, you will need to run the orca.msi package from 'C:\Program Files\Microsoft Platform SDK\Bin' directory which will install Orca.

 

c) Once the executable has been created, use Orca to open the eventsentry_svc.msi file from the EventSentry installation directory and select the 'Binary' table as shown below.

 

clip0262

 

d) In the Binary table you will need to double click the 'Binary Data' field in the row named "Replace This" which will open a dialog to add a filename. Select your filename (the executable we created earlier) and select OK.

 

 

e) You will then be prompted for verification as you are currently about to overwrite the executable that is currently stored in that value. Select 'OK'.

 

 

f) Finally, save your MSI file and verify that it has a new Time & Date stamp. The new MSI file is now ready for deployment.

 

3. Starting an Unattended Installation

After you have created the MSI file you can manually perform an unattended (quiet) installation of the MSI by running the following command:
 
msiexec /i eventsentry_svc.msi /passive /norestart
 

4. Updating the configuration of the agents

Once the agents have been deployed using the MSI package you might want to update the agents with the latest configuration updates in case you make changes to your EventSentry configuration. You can push configuration updates to the remote machines in three different ways:

 

Regular Remote Update

If the remote hosts have the ADMIN$ share in place then you can simply use the remote update feature of the management console to push configuration updates.

 

Remote Update using ES$ share

If the ADMIN$ share is unavailable on the remote machines then you can setup a ES$ share on each monitored host. See Updating the Configuration for more information on setting up the ES$ share.

 

Pushing the eventsentry_svc.reg file

If both the ADMIN$ and the ES$ share are not an option, then you can use your software deployment application to copy an updated EventSentry configuration file to the monitored hosts. This requires that your software deployment software supports copying individual files to its target computers. Follow the instructions below:

 

a) Repeat step 1a from this document to export the configuration to a file. The resulting file should be named eventsentry_svc.reg.

b) Distribute this file to the %SYSTEMROOT% directory of the machines running the EventSentry agent

 

The EventSentry agents will automatically import the eventsentry_svc.reg file if it exists in the %SYSTEMROOT% directory.