4.2 Installing Change Guardian Agent for Windows

Prerequisites: Using Agent Manager, add the assets where you want to install agents. You can either import assets from Active Directory or from a text file, or add assets manually. For more information, see Adding Assets.

4.2.1 Adding Assets

An asset is a device that you can monitor using Change Guardian.

An asset group is a set of assets or devices that you want to associate with one another. Each asset group can contain assets, another asset group, or a combination of assets and asset group. Asset groups allow you to assign policies to the group instead of to each individual computer. When you add an asset to a group, Change Guardian automatically deploys the policies assigned to the group to the new asset.

To add assets:

  1. Open the following URL:

    https://<IP_Address_Change_Guardian_server>:<port_number>

    The default port is 8443. You can use a custom port if Change Guardian was installed with custom configurations.

  2. In the web console, click AGENTS.

  3. Click All Assets > Manage Assets > Add.

  4. (Conditional) To import assets from an Active Directory server, use the Active Directory tab.

    NOTE:If you are using Active Directory over SSL or TLS connection, ensure that you have imported the Active Directory SSL certificate to the Change Guardian server. For more information, see Using CA Signed Certificates.

  5. (Conditional) To import assets from a text file, use the Hosts List tab.

    Create a text file with a header line containing the columns Hostname, MajorType, and Addresses, and use a tab to separate the columns. In the Hostname column, specify the fully-qualified domain names of the computers where you want to deploy agents. Optionally, you can specify the IP addresses under the Addresses column. In the MajorType column, specify whether the operating system is UNIX or Windows.

  6. (Conditional) To manually add an asset, use the Host tab.

You can move an asset from one group to another:

  • To move an asset to Approved asset, check whether the Client Agent Manager service is communicating with Agent Management Service.

  • To move assets from Assets not in any group to any user defined group, select the asset, go to Manage Asset > Move Assets to a Group, and then select the required group.

  • To organize and manage assets, create asset groups under User defined groups and copy assets from Approved Assets group to User defined groups.

4.2.2 Installing Change Guardian Agent for Windows:

You can install Change Guardian Agent for Windows in the following ways:

NOTE:By default, Agent Manager and the Change Guardian Agent for Windows are in FIPS mode.

Remote Installation

Remote installation using Agent Manager provides a convenient and uniform method for installing one or more Change Guardian Agent for Windows. When you use Agent Manager to install, Agent Manager communicates with the agent through the Agent Management service.

Prerequisite: Using Agent Manager, you must first add the assets where you want to install agents. You can either import assets from Active Directory or from a text file, or add assets manually.

To install:

  1. In Agent Manager, select the asset where you want to deploy the agent. If you select multiple assets, they must use the same credentials.

  2. Click Manage Installation > Install Agents.

  3. For newly added assets, specify the root credentials and click Next.

    NOTE:Log in to the newly added asset as an administrator to the deploy agent. The account must be a local administrator or a domain account in the Local Administrators group.

  4. Select the available version of the agent.

  5. For agent configuration, select any one option: default agent configuration, customize the configuration, or add new.

  6. Click Start Installation.

Manual Installation

Manual installation includes installing the agent certificates and artifacts, along with the agent.

Downloading the Agent Certificates and Artifacts

Use Agent Manager to download and install agent artifacts and certificates on one or more hosts.

NOTE:You must install agent artifacts and certificates for each host separately.

To download:

  1. In Agent Manager, click All Assets > Manage Installation > Download.

  2. Select the Agent certificates and artifacts package.

  3. Specify the hostname and the IP address, and then click Start Download.

  4. Copy and extract the ChangeGuardianAgentCertificates_<hostname>.zip file to the agent artifact directory, before installing the agents.

Installing the Agent

To install:

  1. From Agent Manager, download the available version of Change Guardian Agent for Windows.

  2. Copy ChangeGuardianAgentforWindows.zip to the computer where you want to install the Change Guardian Agent for Windows and extract the files.

    Agent artifacts include: NetIQCGAgentSilentInstaller.exe and NetIQCGAgentSilentInstaller.config. The configuration file contains the configuration you chose when you downloaded agent artifacts.

    NOTE:Both agent artifacts and certificates should be in the same directory to successfully complete the installation.

  3. Run the NetIQCGAgentSilentInstaller.exe file as an administrator.

4.2.3 Verifying the Installation

To verify:

  • Ensure that Change Guardian Agent is available in the list of installed programs in Windows Control Panel

  • Ensure that the service NetIQChangeGuardianAgent is running in Windows Services

  • If you used Client Agent Manager to install, ensure that Client Agent Manager is available in the list of installed programs in Windows Control Panel. Also ensure that the service NetIQClientAgentManager is running in Windows Services