Automating Manual Process of Installing Change Guardian Windows Agent

Automating Manual Process of Installing Change Guardian Windows Agent

Manual installation of Change Guardian Windows Agent requires two artifacts, e.g., Agent Certificate for target host and Installer. The Administrator should first generate the Agent certificate for the Agent host before proceeding with the installation.


The steps below will help administrators build a custom script within third party deployment solutions which can generate agent certificates and download Agent Installer artifacts.


For illustration purpose the code snippets are in Power shell syntax supporting version 5.1.

Step -1


Prerequisite:

1 - Create a temporary user with the Administrator Role to interact with Server APIs.

2 - Download the Windows Agent Package in the machine in which tools e.g SCCM can be used to deploy agent remotely .

3 - Copy the Windows Agent Package to “C:\Windows\temp\“ folder using any tools e.g. SCCM  to each agent machine .

 




param(
  [String]$server = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server IP Address/FQDN"),
  [String]$user = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server Username"),
  [String]$password = $(Read-Host "$(Get-Date -format g) Enter Change Guardian Server Password")
)





Step-2 

Uninstalling the Windows Agent if installed .

 

 

Write-Host "Uninstalling the Windows Agent if installed ..."
$app = Get-WmiObject -Class Win32_Product | Where-Object { 
    $_.Name -match "Netiq Change Guardian Agent" 
}
$app.Uninstall()

 

 

Step -3

Get the Authentication Token for accessing Server APIs as below.

POST Request Response for "https://${server}:8443/SentinelAuthServices/auth/tokens" should fetch the details of token which can be later used for accessing Agent Manager APIs.

Authorization header should be Base64 encoded.




Write-Host "Getting the Authentication Token for accessing Server APIs..."
$url = "https://${server}:8443/sentinel/views/logon.html"
Invoke-WebRequest -Uri $url -Method POST -Body @{username=$user;password=$password} -SessionVariable sv > $null




Step-4

Write functions to fetch IP Address and FQDN of your Agent Host.






Write-Host "Fetching IP Address and FQDN of your Agent Host... "
$agentHostname = [System.Net.DNS]::GetHostByName($Null).HostName
$agentIP = Test-Connection -ComputerName (hostname) -Count 1 | Select -ExpandProperty IPV4Address
Write-Host "Agent Host Name: " + $agentHostname
Write-Host "Agent Ip Address: " + $agentIP



Step-5

Call Agent Manager API to get Agent Certificates by providing Agent Hostname/IPaddress.






Write-Host "Calling Agent Manager API to get Agent Certificates by providing Agent Hostname/IPaddress... "
$cert_download_URL = "https://" + $server + ":8443/cg-api/ams/api/agent-manager/download/ChangeGuardianAgentCertificates_" + $agentHostname + ".zip?location=c0d42d81-eff6-4ea9-b1b7-ebc891600fa3&id=0&hostname=" + $agentHostname + "&ipaddress=" + $agentIP
$certs_file = "ChangeGuardianAgentCertificates_" + $agentHostname + ".zip"
Write-Host "Downloading the Agent Certificate... "
Invoke-WebRequest -Uri $cert_download_URL -Method GET -WebSession $sv -Passthru -OutFile $certs_file >$null



Step-6

Copy and extract both the artifacts to a temporary directory.






$randDir = [System.Guid]::NewGuid().ToString()
$tempDir = "C:\Windows\temp"
if (New-Item -Path $tempDir -Name $randDir -ItemType "directory")
{
Write-Host "$(Get-Date -format g) Temp Directory Created"
}
$archive_Path = $tempDir + "\" + $randDir
Expand-Archive -Path $installer_file -DestinationPath $archive_Path
Expand-Archive -Path $certs_file -DestinationPath $archive_Path -Force




Step-7

Run the Agent Installer from Temporary directory.




Write-Host "Runing the Agent Installer from Temporary directory... "
$installed = Start-Process NetIQCGAgentSilentInstaller.exe -ArgumentList "/s" -Wait -Verb runas -WindowStyle Minimized -WorkingDirectory $archive_Path -PassThru


Note:

Due to self signed certificate usage Invoke Web cmdlets need to have a snippet of .NET Code to ignore certificate errors for PS Versions 4.0/5.0/5.1.

 

Labels (2)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments

Hi,

it's mentioned:

Due to self signed certificate usage Invoke Web cmdlets need to have a snippet of .NET Code to ignore certificate errors for PS Versions 4.0/5.0/5.1.

Can you provide such a snippet?

 

Regards,

Ulrich

I get an error when the following command is executed. All Variable have the correct entries:

 

Invoke-WebRequest -SkipCertificateCheck -Uri $cert_download_URL -Headers $ams_header -PassThru -OutFile $certs_file

 

Invoke-WebRequest : Response status code does not indicate success: 401 (Unauthorized).
At C:\temp\cg-script.ps1:31 char:1
+ Invoke-WebRequest -SkipCertificateCheck -Uri $cert_download_URL -Hea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Method: GET, Reques\u2026PowerShell/6.2.1
}:HttpRequestMessage) [Invoke-WebRequest], HttpResponseException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

 

I couldn't find any hints what's going wrong 😞

It's Powershell 6.2.1 on Windows 7

Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2019-10-14 07:16
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.