Security

 View Only

  • 1.  OnGuard MSI GPO

    Posted Aug 16, 2021 05:42 PM
    Looking to deploy the OnGuard client via Microsoft GPO. Should it be deployed using the Computer or User configuration? Does it need an .MST installer to pass the Silent install options? Anything needed other then simply placing the file on a server share and using the URI in the Package Deployment?


    ------------------------------
    Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
    ------------------------------


  • 2.  RE: OnGuard MSI GPO

    Posted Aug 24, 2021 05:53 AM
    I found this discussion that seems related to your question.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: OnGuard MSI GPO

    Posted Aug 24, 2021 08:20 AM
    Hi Herman! Thanks for the response. I did see that thread. They are not using AD GPO to push the client. They are using a 3rd part product. If and when I figure it out, I will certainly post back an update here.

    ------------------------------
    Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
    ------------------------------

    Original Message


  • 4.  RE: OnGuard MSI GPO

    Posted Feb 27, 2025 04:16 PM

    For anyone facing the same issue:

    Yes, you need to deploy it into the "Computer configuration" GPO.

    Yes, it does need a MST to point to "agent.conf" file, because it's not found on an UNC path. You can use Microsoft Orca do create a Transform (open MSI file on Orca, click on Transform > New Transform). Click on "Property" table, right click on right panel and select "Add Row", create a new "CONFIG_FILE_PATH" property and point it to UNC filepath of "agent.conf" file (e.g. \\ad.example.com\NETLOGON\OnGuardCPPM\agent.conf) as seen on the image below:

    Click on OK.
    Now on Transform menu, click on Generate transform and save the MST file into the same folder of ClearPassOnGuardInstall.msi file.
    Import the ClearPass OnGuard MSI package on Computer Configuration\Policies\Software Settings\Software installation GPO and on Modifications tab, select your MST file on UNC filepath.
    Please notice that this tab is enabled only when creating the package. If you already created a ClearPass OnGuard package, you'll need to create it again.

    Original Message


Related Content