How to set up imaged machines for SafeConnect

Setting Up Imaged Machines (not Deep Freeze) for SafeConnect

When using SafeConnect with machine images, the file sc.dat will need to be deleted from " Program Files (x86) \SafeConnect" on Windows machines or “SafeConnect.app/Contents/MacOS” on Mac OS X machines to ensure that it is absent when an image is created or a machine is frozen. sc.dat is the Policy Key’s unique identifier. If it is the same on more than one active machine, SafeConnect will ignore Policy Key traffic from the duplicates, and force a reinstall. Removing this file will ensure the Policy Key functions as expected.

Step-by-step guide

Windows Instructions

  1. Install the Policy Key as normal

  2. Ensure the policy key communicates correctly (best way is verify compliance via the dashboard)

  3. Once the client has successfully started, stop the SCmanager service

    1. From the command prompt: run “net stop scmanager”

    2. From the Task Manager: Stop the SafeConnect Manager Service

  4. With the Service stopped , navigate to the " Program Files (x86) \SafeConnect” directory

    1. Remove the “sc.dat” file

  5. Shut down the machine, and pull the image normally.

Mac OS X Instructions

  1. Install the Policy Key as normal

  2. Ensure the policy key communicates correctly (best way is verify compliance via the dashboard)

  3. Once the client has successfully started, stop the scManagerD and SafeConnect processes

    1. From Activity Monitor: Select scManagerD and SafeConnect and click “Quit Process”

  4. From the Finder, open Applications. Ctrl-click on SafeConnect and choose “Show Package Contents”. Open the “Contents/MacOS” folder.

    1. Remove the “sc.dat” file

  5. Shut down the machine, and pull the image normally.

If there is a server on the network used to host machine images, it may be necessary to add an exception allowing access to the server IP from SafeConnect managed machines. To add an exception for the image server, the IP address must be added to the appropriate ACL of the network device used for SafeConnect enforcement. Please contact OPSWAT Support is assistance is required.

Setting Up Deep Freeze Machines for SafeConnect

Step-by-step guide

Windows

On Deep Freeze machines, the Policy Key should be installed in Thaw Space. This allows the Policy Key to function normally without reverting to previous versions, or prompting for reinstallation, after the machine reverts to its image.

It may be possible automate the following operations, via a batch file for example. Steps are as follows:

  1. Install the Policy Key

    1. ServiceInstaller.exe /s

  2. Stop the SafeConnect Client and Service

    1. net stop scmanager

    2. taskkill /IM SafeConnectClient.exe

  3. Delete the Policy Key’s unique fingerprint file

    1. DEL "C:Program Files (X86)\SafeConnect\SC.dat"

  4. Make a SafeConnect directory on the non-frozen drive (D: in this example)

    1. MKDIR D:\SafeConnect

  5. Copy the Policy Key files over

    1. COPY "C:Program Files (X86)\SafeConnect\” D:\SafeConnect

  6. Delete the original Policy Key files, then the directory

    1. DEL /Q "C:Program Files (X86)\SafeConnect\”

    2. RD "C:Program Files (X86)\SafeConnect\”

  7. Create a symbolic link to the new directory

    1. MKLINK /D "C:Program Files (x86)\SafeConnect" D:\SafeConnect

    2. If this method of linking doesn’t work, you may need to run “junction”, as detailed on MS TechNet.

If you freeze the machine in this state you should be good to go.

MacOS X

  1. Install latest PK on thawed OS

  2. Run the following commands from a terminal:

    1. sudo killall scClient && sudo launchctl unload /Library/LaunchDaemons/Safe.Connect.plist

    2. sudo mv /Applications/SafeConnect.app /Volumes/THAWSPACE/

    3. sudo ln -s /Volumes/THAWSPACE/SafeConnect.app /Applications/SafeConnect.app

  3. Freeze OS and reboot