For organizations that use an RMM tool (Kaseya, Connectwise, etc.) to manage software distribution, you can deploy the AuthAnvil Two Factor Auth Windows Logon Agent and Credential Provider using these tools.
Note: You must be using Version 3.1 or newer of the agent to take advantage of this feature. And to successfully use this installation method, the target system MUST have all pre-requisites installed beforehand. (ie: .NET 2.0 Framework, MSVC++ 9.0 runtimes and MSXML).
Note: As of April 8th 2014 Windows XP is no longer being supported.
Configure the INI for the MSI package
You will need to create a special INI file that the MSI will read during remote installation. This INI file needs to exist in the same shared directory as the underlying MSI file.
To aid in the setup and configuration of this INI file, within the deployment kit is a special application called LogonINIBuilder.exe, designed specifically to do this. Below is a screenshot of a typical configuration.
The options are the same settings as available in the silent mode installer, except for the BANNER variable. If you have been issued a digital fingerprint for your own banner, you will need to manually edit the INI file and add the line Banner=xxxxx, where xxxxx is the digital hash provided to you by Scorpion Software. If you store your aalogon.bmp file in the same directory as the INI and MSI files, during deployment the bmp will be copied to the target system and applied.
Once you have configured the settings for the INI the way you like it press the Create File button and select to store it in the same directory as the MSI file(s).
Note: If you do not have a secondary AuthAnvil Two Factor Auth server configured for redundancy, set the secondary SAS URL to be that of the first server.
Note 2: The installation password is not supported for deployments to command line systems. Any value set there will be ignored.
Deploy the package using your RMM tool
The exact steps vary from tool to tool, but many deploy using the msiexec command. You will need to configure your RMM tool to deploy the MSI, the INI, and optionally the aalogon.bmp file to the same directory and run the command: msiexec /q /i AAWinLogon.msi CMDLINE="INI=aalogon.ini" where AAWinLogon.msi is the MSI package and aalogon.ini is the INI file that you created. This will cause the Windows Logon Agent to be silently installed on the computer that you selected, using the settings defined in the INI.
On GINA based systems (XP/2003), the computer will need to be restarted before the agent will be applied. On Credential Provider based systems (Vista/2008/7), the user will only need to log out and then log back in again to reload the Credential Provider.
- AuthAnvil 2FA Windows Logon Agent Install Guide.
- How do you deploy a Windows Logon Agent using AD distribution policies?
If you have any questions or need some help, we would be happy to assist. Open a case atkaseya.zendesk.com.