Deployment via Configuration Manager

This tutorial demonstrates the method of distributing the software organisational wide to capture the audit data. Only a Sitewide license can be distribted.

Loading the Script
  1. In the Configuration Manager console, click Software Library.
  2. In the Software Library workspace, click Scripts.
  3. On the Home tab, in the Create group, click Create Script.
  4. On the Script page of the Create Script wizard, configure the following settings:
    • Script Name – Enter a name for the script like SecurE8.
    • Script language – Select PowerShell.
    • Import – Import the SecurE8 script SecurE8Auditor.ps1 into the console. The script is displayed in the Script field.
    • Script – Displays the currently imported script. You cannot edit the script as it is signed and doing so will prevent its execution.
  5. Continue the wizard. Click Next to proceed.

Start
Import
Specify Parameters
  1. Provide the required paramaters to SecurE8:
    • Tags – Sets comma seperated custom tags that appear in the Flight Deck.
    • Server – Specifies that the device is a server.
    • Workstation – Specifies that the device is a workstation.
    • InternetFacing – Specifies that the device is internet facing like in the DMZ or hosting services directly on the internet.
    • AllowMacro – Specifies that the user has a genuine business need to execute macros.
    • Strategies – To perform a quicker audit You have several options here
    • CaptureArtifacts – When turned on, the software will save artifacts.
    • Directory – This is the path that App control will test. The default of user and temp folders is applied if omitted.
    • Save – This is the location the results file is saved to. This points to a shared folder (usual called Data) that the Flight Deck can access. The default is the current forlder if ommited.
    • EICAR – This test will trigger a response from your virus scanner.

The new script is displayed in the Script list with a status of Waiting for approval. Before you can run this script on client devices, you must approve it.

Configure
Allow Secure8 to Execute
  1. Complete the wizard. The new script is displayed in the Script list with a status of Waiting for approval. Before you can run this script on client devices, you must approve it.
  2. Select the Script and Click Approve/Deny in the top ribbon menu
  3. Review the Script details, Click Next.
  4. Select Approve and then Click Next.
  5. Once approved; click Close.

Approval
Distribute the Software
  1. After approving SecurE8, Select any Collection or a client Device.
  2. Right-click – Select Run Script options
  3. From the list, select SecurE8 and proceed through the wizard deploying the software.

Deploy
Capturing the Complience Data.
  1. SecurE8 will capture all the assesment data and save it to a ML1 file at the specified save location.
  2. Check the save location within a few minutes that files are being generated. This will tell you which machines have captured the data.
  3. To Monitor the Script execution status in the Configuration Manager (SCCM) console Right Click on Script Status. The image below demostrates this.
  4. To view the status of the installation of SecurE8 on the client-side, refer to the client log CCMNotificationAgent.log.
  5. Every 90 days a new release of the software is distributed to customers. You will need to update to the newer version to stay complient. This is a simple process of importing the new script, approving it for release and deploying it again.

Save