Can I use Active Directory to distribute, enforce or audit OPSWAT Client usage?

Microsoft Active Directory is a powerful directory service that can be used to distribute, enforce and audit OPSWAT Client usage on managed PCs.

Automatic Installation (one-time)

Because the persistent OPSWAT Client is packaged as an MSI, it is very easy to perform distribution to managed endpoints. A simple one-time installation can be performed by hosting your OPSWAT Client installer in a central location and then referencing it as a parameter to MSIEXEC, for example the following line would cause a silent installation of an OPSWAT Client installer hosted on a shared network drive mounted as drive Z:
MSIEXEC /a "Z:\Shared\Public\OPSWAT_GEARS_Client_3445-2e5e65e6b68ce141d-0.msi" /qn

Automatic Installation (enforced)

Active Directory can used to not only distribute and install the software, but also to enforce that it remains installed. In Active Directory terms, this is called 'assigning software'. You have a choice to assign software to authenticated users or machines. Both are viable options and you should choose the one that aligns with your other corporate software installations.

The official Microsoft guide can be found here: https://support.microsoft.com/en-us/kb/816102

Auditing

MetaAccess provides a way to audit OPSWAT Client on your network with the OPSWAT domain controller Client. Check more details at How can I synchronize devices from Active Directory to my MetaAccess account?

Beside that, Active Directory supports the creation of audit policies. These can be used to record events when processes are created and/or terminated on your managed devices. When combined with event log forwarding this can be an effective tool to get a centralized view of process changes across your organization. The downside is that filtering for a specific process (like GearsAgentService.exe) is not natively supported.


This article applies to the Windows persistent OPSWAT Client.
This article was last updated on 2017-09-26
(This article was changed to reflect the new name of MetaAccess on 2017-09-27)
AW, DL