SummaryinSync client deployment consists of the inSync client package installation on the client machine and subsequent authentication of the client with the inSync server. Mass deployment of inSync in an enterprise can save a lot of effort and time for an administrator.
This article describes multiple ways to auto-deploy a number of inSync clients in your enterprise.
What is covered:
- How inSync authenticates
- Multiple ways to create Users
- Multiple approaches to Client Deployment
- Deployment using the Command Line
- Command to load an inSync Key
- Using the '-s' Switch for silent loading
- Automating the loading process
- Deployment using Active Directory Group Policy Objects
- Installing the client automatically using GPO
- Using AD GPO to load the Keys
- Deploying the script
- Token Based Mass Deployment
How inSync Authenticates
During the authentication process, an inSync server checks that the client’s credentials are valid.
The server sends certain configuration information to the inSync end-user in the form of a .isk file (inSync 4.x) or via e-mail (inSync 5.x). The client uses the configuration information to get authenticated and connect to the inSync server.
Multiple ways to Create Users
inSync users can be created manually or can be imported from existing sources, like from Active Directory or from a list of users in a .csv file. Refer to the following KBs for details.
Once users are created a set of keys gets generated, one per user. These keys need to be loaded on the clients.
Multiple approaches to Client Deployment
If deployment is to be done manually, end users in an enterprise can install the inSync package and then either double click the .isk file or enter the credentials in a pop up dialog to authenticate and connect to the server.
An IT administrator can automate both installation and authentication. This can be done using third party deployment tools like Active Directory Group Policy Objects (GPO) and an inSync command that allows silent authentication without end user intervention.
There can be multiple ways to automate deployment:
- Deploy using the command line
- Deploy using Active Directory Group Policy Objects
- Token based mass deployment
Deployment using the command line
IT administrators can automate installation of inSync on multiple clients using any third-party tool of their choice.
Subsequently, client authentication can be done on the command line using the following inSync command.
Command to load an inSync Key
The following commands are used to load a new inSync user key using the command prompt:
C:\Program Files\Druva\inSync> inSyncGUI.exe 'path\to\the\userkey.isk' (32-bit Clients) C:\Program Files (x86)\Druva\inSync> inSyncGUI.exe 'path\to\the\userkey.isk' (64-bit Clients)
A dialog box appears on the client's desktop confirming a successful key load. If another key is already loaded, it will ask if you wish to replace existing key.
Using the '-s' Switch for Silent Loading
You can use '-s' switch with the command to silently load a key.This will not show a dialog box or ask for confirmation, which is useful for automation. Since you do not want any user intervention in the key loading process.
The following commands are used to load a new user key silently:
C:\Program Files\Druva\inSync> inSyncGUI.exe -s 'path\to\the\userkey.isk' (32-bit Client Systems) C:\Program Files (x86)\Druva\inSync> inSyncGUI.exe -s 'path\to\the\userkey.isk' (64-bit Client Systems)
Automating the loading process
You can use this command in conjunction with any third party tool to load keys on clients automatically.
Deployment using Active Directory Group Policy Objects
After importing AD users into inSync you can deploy the installer (inSync msi) as well as load the inSync key using Active Directory.
Installing the client automatically using GPO
Installing an inSync client automatically using GPO involves carrying out the following steps.
Create a Distribution Point
To assign the installable (MSI), first create distribution point on the publishing server:
1. Log on the server as domain administrator.
2. Create a network share and place inSync client (MSI) in it.
3. Set folder permissions to allow all the computers to access the installable.
Note: Windows 2003/2008 Group Policy automated program installation requires Druva inSync v3+ client (MSI) and PCs running Windows XP/Vista.
Create a Group Policy Object
To create a Group Policy Object (GPO):
1. Start the Active Directory Users and Computers console.
2. In the console tree, right click the domain and click Properties.
3. Click Group Policy tab and select New.
4. Choose a name for the policy (e.g. "Druva inSync distribution") and click OK.
5. Select the group policy object in the list and click Security Properties and then open the tab.
6. Choose the groups for which you want to apply the policy.
7. When done click OK.
Assign the Installable
To assign the installable MSI package to the domain computers:
1. Start the Active Directory Users and Computers console.
2. In the console tree, right click on your domain and click Properties.
3. Select group policy object in the list and click Edit.
4. Under Computer Configuration expand Software Settings.
5. Right click Software Installation, select New and then click Package.
6. Type the full UNC path of the shared installable (e.g. "//file-server/share/Druvaa-inSync-Client-ver-3.0.2.msi").
7. Click Assign to assign the package and it will be listed in the right pane of the Group Policy window.
Note:The "assign software" method of Group Policy can be used for both domain computers and users. If the installable is assigned to a user, it gets installed when the user logs on to any computer using the domain credentials. When assigned to the computer, it gets installed when the PC boots up and is available to all the users on the PC. The installation gets finalized only when the application is started for the first time.
Using AD GPO to load the Keys
After the inSync package is installed, you can load the keys using a batch process.
To automate the loading process for a set of users you can follow the below mentioned steps:
1. Create a batch file to load the key silently on the client. Refer to sample batch file given in next section.
2. Run the batch file as a Logon script using a Group Policy Object.
Sample Batch File 'keyload.bat'
As explained in an earlier section, you can use '-s' switch with the inSyncGUI.exe command to load a key silently. This can be incorporated in a batch script as shown in the next section.
Sample of keyload.bat
@echo on SET FLAG="C:%HOMEPATH%\Flag.txt" IF EXIST %FLAG% GOTO END cd C:\Program Files\Druva\inSync\ cd C:\Program Files (x86)\Druva\inSync\ copy "\\192.168.1.1\GPO\%USERNAME%.isk" "%HOMEPATH%" inSyncGUI.exe -s "C:%HOMEPATH%\%USERNAME%.isk" > %FLAG% :END
• The script has a pre-requisite that the key "User name" has to be the same as the Windows login user name. For example: A user key named "John.isk" will load on the client only when the Windows login account also matches "John".
• To avoid running the script more than once there is a FLAG file, which gets created while loading the key for the first time. Any further attempts are stopped if the FLAG file exists.
SET FLAG="C:%HOMEPATH%\Flag.txt" // This will set the path for the flag.txt to users home directory IF EXIST %FLAG% GOTO END // Check to ensure if the file exists.
The FLAG file gets created while loading the user key for the first time.
inSyncGUI.exe -s "C:%HOMEPATH%\%USERNAME%.isk" > %FLAG%
Note: The sample path in the batch file is "\\192.168.1.1\GPO\%USERNAME%.isk", where '192.168.1.1' is a server where the user authentication keys have been saved under a 'GPO' share.
Deploying the Script
Deploy this script as a Logon script using a Group Policy Object.
Token Based Mass Deployment
For token based mass deployment refer to How to Implement Automatic Token-Based Deployment of inSync Clients.