Lumension® KnowledgeBase

Article Number:
750

Date Created:
04/28/2011

Last Updated:
05/01/2017

Article Type:
How-To Procedures

Include the L.E.M.S.S. Agent in your imaging software solution

Description

Product:

L.E.M.S.S.

Versions:

Lumension Endpoint Management and Security Suite (LEMSS) Agent 8.0
Lumension Endpoint Management and Security Suite Agent 7.3
Lumension Endpoint Management and Security Suite Agent 7.2
Microsoft Windows XP and Higher

Summary:

Lumension has created this article as a guide to provision the LEMSS Core Agent (LMAgent.exe) onto your base image that is managed by your imaging solution.  This article will also document how to automatically activate additional security modules during the LEMSS Agent registration process. 

Details

LEMSS Agent 8.0

Step 1: Prepping the imaging solution for the LEMSS Agent.

On the image source that will be used, verify that the LEMSS Server is not available from the image source so that the agent cannot register prematurely. You can assure this event won't happen by either unplugging the network cable or release the IP address (ipconfig /release) from the image source.
Before disconnecting the image source from the network, download the LEMSS Agent installer from the LEMSS Console. The installer is available from the Tools > Download Agent Installers page.

Step 2: Command line arguments for installing the LEMSS Agent.

  • On the image source, download lmsetup.exe and copy it to the %windir%\temp\ directory.
    • lmsetup.exe on x86 architecture
    • lmsetupx64.exe on x64 architecture
  • To install the lmsetup.exe with no modules:
    • From a command line, type the following syntax:

cd %windir%\temp
lmsetup.exe install SERVERIPADDRESS="<xxx.xxx.xxx.xxx>"

  • To install the lmsetup.exe with ALL modules (to install specific modules, just add the module name separated by |):
    • From a command line, type the following syntax:

lmsetup.exe install SERVERIPADDRESS="<xxx.xxx.xxx.xxx>" MODULELIST="VulnerabilityManagement|ApplicationControl|Antivirus|PowerMgmt|DeviceControl"

For a full list of supported lmsetup.exe install parameters, see the LEMSS Agent Install Guide (http:// portal.lumension.com)

Step 3: Capture the image and test.

Capture the image with the LEMSS Agent pre-installed and deploy the image over the network as validation that the LEMSS Agent registration settings are correct and you are satisfied with the results.

  • Log into the LEMSS Console.
  • Navigate to Management > Endpoints > locate the newly registered endpoint and validate that the correct modules are assigned to the endpoint.

Step 4: Once the endpoint has registered with the LEMSS Server, move the endpoint to the appropriate group to enforce security policies assigned to the group.

  • Log into the LEMSS Console and navigate to groups.
  • In the Group Tree, select the desired group, change the view filter to Endpoint Membership, and click the Manage button.
  • Search for the new endpoint and click assign to move the endpoint to the group.

Note: To automate this process, leverage the GROUPLIST parameter to automatically assign the endpoint to the group during the registration process. The group name must exist in the LEMSS Console for the GROUPLIST parameter to be honored.
Example: lmsetup.exe install SERVERIPADDRESS="<xxx.xxx.xxx.xxx>" MODULELIST="Vulnerability Management|ApplicationControl|Antivirus|PowerMgmt|DeviceControl" GROUPLIST="Ghost"

LEMSS Agent 7.2 and 7.3

Step 1: Prepping the imaging solution for the LEMSS Agent

Important: On the image source that will be used, make certain the LEMSS Server is not available from the image source so the agent does not register prematurely. This can be accomplished by unplugging the network cable or releasing the IP Address (ipconfig /release) from the image source.
Before disconnecting the image source from the network, download the LEMSS Agent installers from the LEMSS Console which is available from the Tools > Download Agent Installers page.

Step2: Command line arguments for installing the LEMSS Agent.

  • On the image source, download the LMAgent.MSI and copy to %windir%\temp\ directory.
    • LMAgent.msi for Windows on x86 Architecture
    • LMAgentx64.msi for Windows on x64 Architecture
  • To install the LMAgent.MSI with no modules:
    • From a command line, type the following syntax:

cd %windir%\temp
msiexec /i LMAgent.msi SERVERIPADDRESS=YOURSERVER
Note: It is recommended to use a Fully Qualified Domain Name (FQDN) for resolving the address for the LEMSS Server for the SERVERIPADRESS property. If you use this method, you have to activate the security modules from the LEMSS Management Console. This can be achieved by navigating to Manage > Endpoints > Manage Modules button.

  • To install the LMAgent.msi with ALL Modules (to install specific modules, just add the module name separated by |):
    • From a command line, type the following syntax:

cd %windir%\temp
msiexec /i LMAgent.msi SERVERIPADDRESS=
YOURSERVER MODULELIST="Vulnerability Management|ApplicationControl|Antivirus|PowerMgmt|DeviceControl"

For a full list of supported LMAgent.msi install parameters; please consult the Agent Install Guide that is available at Lumension Customer Portal.

Step 3: Capture the image and test.

Capture the image with the LEMSS Agent pre-installed and deploy the image over the network as validation that the LEMSS Agent registration settings are correct and you are satisfied with the results.

  • Log onto the LEMSS Management Console.
  • Navigate to Manage > Endpoints > locate the newly registered endpoint and validate that the correct modules are assigned to the endpoint.

Step 4: Move the Endpoint to the appropriate Group to inherit security policy settings.

Once the endpoint has registered with the LEMSS Server, move the endpoint to the appropriate group to enforce security policies assigned to the group.

  • Log onto the LEMSS Management Console and navigate to Groups.
  • In the Group Tree (left hand side of the page), select the desired group > change the view filter to Endpoint Membership > click the Manage button.
  • Search for the new endpoint and click assign to move the endpoint to the group.

Note: To automate this process, leverage the GROUPLIST parameter to automatically assign the endpoint to the group during the registration process. The GroupName must exist in the LEMSS Console for the GROUPLIST parameter to be honored. See example below:
msiexec /i LMAgent.msi SERVERIPADDRESS=YOURSERVER
MODULELIST="VULNERABILITYMANAGEMENT|ANTIVIRUS" GROUPLIST=GHOST

For a full list of supported LMAgent.msi install parameters; please consult the Agent Install Guide that is available at Lumension Customer Portal.

12345678910
Current rating: 3.2