Note: You must be using Version 3.5 or newer of the agent to take advantage of this feature. And to successfully use this installation method, the target system MUST have all pre-requisites installed beforehand. (ie: .NET 2.0 Framework, MSVC++ 9.0 runtimes and MSXML).
Note: This process only works with the legacy MSI installer that is no longer available. It will not work with the following installers.
For organizations that use supported command line only systems, such as Windows Server 2008 core or Hyper-V server, you can either deploy the AuthAnvil Two Factor Auth Credential Provider using Active Directory (Appendix C), your favorite RMM tool (Appendix D), or from the console.
Windows Credential Provider supporting Windows 10 - 64 Bit Installer AuthAnvil On-Premises Help Center
Configure the INI for the MSI package
You will need to create a special INI file that the MSI will read during remote installation. This INI file needs to exist in the same shared directory as the underlying MSI file.
To aid in the setup and configuration of this INI file, within the deployment kit is a special application called LogonINIBuilder.exe, designed specifically to do this. Below is a screenshot of a typical configuration.
The options are the same settings as available in the silent mode installer, except for the BANNER variable. If you have been issued a digital fingerprint for your own banner, you will need to manually edit the INI file and add the line Banner=xxxxx, where xxxxx is the digital hash provided to you by Scorpion Software. If you store your aalogon.bmp file in the same directory as the INI and MSI files, during deployment the bmp will be copied to the target system and applied.
Once you have configured the settings for the INI the way you like it press the Create File button and select to store it in the same directory as the MSI file(s).
Note: If you do not have a secondary AuthAnvil Two Factor Auth server configured for redundancy, set the secondary SAS URL to be that of the first server.
Note 2: The installation password is not supported for deployments to command line systems. Any value set there will be ignored.
Install the Credential Provider Package
Copy the MSI, the INI, and optionally the aalogon.bmp file to the same directory on the target machine, navigate to that directory, and run the command: msiexec /q /i AAWinLogonCP.msi CMDLINE="INI=aalogon.ini" where aalogon.ini is the INI file that you created. This will cause the Credential Provider to be silently installed on the computer that you selected, using the settings defined in the INI.
Once installation is complete, the user will only need to log out and then log back in again to reload the Credential Provider.
- AuthAnvil 2FA Windows Logon Agent Install Guide.
- How do you deploy a Windows Logon Agent using AD distribution policies?
- Deploying Windows Logon agent with RMM Tools.
If you have any questions or need some help, we would be happy to assist. Open a case atkaseya.zendesk.com.