Skip to main content

 

Druva Documentation

How to silently deploy inSync User Authentication Keys - inSync 4.x

Summary

An IT administrator can use the command line to silently load the inSync user authentication key on clients, which is especially useful for automating the installation using Active Directory Group Policy. This article explains the steps.

Note : This method was used only till inSync 4.5.1 version.

Loading an inSync key from the command line

The following commands are used to load a new user key using the command prompt:

32-bit Client Systems

C:> cd "C:\Program Files\Druva\inSync\"
C:\Program Files\Druva\inSync> inSyncGUI.exe 'path\to\the\userkey.isk'

64-bit Client Systems

C:> cd "C:\Program Files (x86)\Druva\inSync\"
C:\Program Files (x86)\Druva\inSync> inSyncGUI.exe 'path\to\the\userkey.isk'

OR

You can directly open the key:

C:> Path\to\the\userkey.isk

In both the methods, a dialog box will appear on client's Desktop confirming a successful key load. If another key is already loaded, it will ask if you wish to replace the existing key. 

Go to top

Using the '-s' Switch for Silent Loading

You can use  '-s' switch with command to silently load the key.

This will not show a dialog box or ask for confirmation before loading a new user key, which  is useful when you do not want any user intervention in the key loading process.

The following commands are used to load a new user key silently:

32-bit Client Systems

C:>  cd "C:\Program Files\Druva\inSync\"
C:\Program Files\Druva\inSync>  inSyncGUI.exe -s 'path\to\the\userkey.isk'

64-bit Client Systems

C:>  cd "C:\Program Files (x86)\Druva\inSync\"
C:\Program Files (x86)\Druva\inSync>  inSyncGUI.exe -s 'path\to\the\userkey.isk'

NOTE: In case of version 3.x or older, inSync client gets installed under the C:\Program Files\Druvaa directory which has additional 'a' in 'Druvaa'. So, you need to replace 'Druva' with 'Druvaa'.

Linux Client

To load a key on a Linux client, type the following command on the shell prompt. 

# bash # \usr\bin\insync \Path\to\the\userkey.isk

  Go to top

Automating key deployment with GPO

The administrator can automate the key load process using Active Directory Group Policy Object (GPO) by writing a script. 

Note: For silent key loading to work, the User authentication key name should match the AD Log On account name for which you wish to load the key. The reason is that the user authentication key gets created as 'username.isk'. 

The following section explains how to silently upload the key with a batch script using GPO.

Creating Users for silent deployment

1. Create users, using  the AD Import feature and select Logon Name as the name to be used for creation. 
2. If you are using CSV import or if you are creating users manually, make sure that the users are imported/created with Log on name.

importad2.png

3. After users are imported, save the keys.

importad3.png

4. Now you will have a set of '.isk' keys based on the AD Logon Name.

5. Save all the keys on a server under a 'GPO' share. 

See How to Import Active Directory Users into inSync and How to Import Users from CSV in inSync Server 4.x.

Using a Batch File

As explained in the earlier section, you can use '-s' switch with the  inSyncGUI.exe command to load a key silently.

To automate the loading process for a set of users, you can:

 - Create a batch file to load the key silently on the client.

 - Deploy it as a Logon script using  a Group Policy Object.

Sample Batch File 'keyload.bat'

Use this sample batch file keyload.bat as an example and modify as per your requirements.

@echo on
SET FLAG="C:%HOMEPATH%\Flag.txt"
IF EXIST %FLAG% GOTO END
cd C:\Program Files\Druva\inSync\
cd C:\Program Files (x86)\Druva\inSync\
copy "\\192.168.1.1\GPO\%USERNAME%.isk" "%HOMEPATH%"
inSyncGUI.exe -s "C:%HOMEPATH%\%USERNAME%.isk" > %FLAG%
:END
  • The script has a pre-requisite that the key "User name" has to be the same as the Windows login user name. For example: A user key named "John.isk" will load on the client only when the Windows login account also matches  "John".
  • To avoid running the script more than once there is a FLAG file, which gets created while loading the key for the first time. Any further attempts are stopped if the FLAG file exists. 
SET FLAG="C:%HOMEPATH%\Flag.txt"  // This will set the path for the flag.txt to users home directory
IF EXIST %FLAG% GOTO END          // Check to ensure if the file exists.

     The FLAG file gets created while loading the user key for the first time.

inSyncGUI.exe -s "C:%HOMEPATH%\%USERNAME%.isk" > %FLAG%

Note: The sample path in the batch file is "\\192.168.1.1\GPO\%USERNAME%.isk", where '192.168.1.1' is a server where the user authentication keys have been saved under a 'GPO' share. 

Note: Try this in a test environment before implementing in the live one.

Go to top

  • Was this article helpful?