.png){kind=logo}
The Windows Agent can be installed in a CLI configuration called Server Mode.
Notes about Server Mode
-
As of Signum 4.30.1, it is possible to select which store to install certificates into either the User or Machine store in windows.
-
Only the Local Users is supported as the Domain type at this time.
-
Login with certificate is supported.
Install the Server Agent
-
Download the Signum Windows Agent
.msifrom the Signum SaaS Portal. -
In the same directory as the
.msi, create a new plain text file with the extension.bat, for examplesignum-agent-config.bat. -
Copy and paste the following, replacing the placeholder values to match the environment. Ensure the file name of the agent matches the file name of the
.msithat was downloaded.
msiexec /i kf-agent-x64-4.30.1-456b2f45-MS-WO_Trust.msi /qb ^
RTPRIMARY="Deployment URL" RTSECONDARY="Deployment URL" ^
CLIENTID="The ClientID from the SaaS Portal" ^
AuthMode="LocalUsers" AGENTMODE="SERVER" ^
Language="en-US" ^
echo Exit Code is %errorlevel%
-
With both the
.batfile and.msiin the same directory, run the.batfile by double clicking in Windows Explorer, and this will launch the Installer.
$env:PATH = "C:\Program Files\KeyFactor\;" + $env:PATH
Configure the Server Agent
To configure the agent, you can optionally set parameters, set log in option, and select certificate store.
Server Mode Parameters
The Server Mode has the following parameter:
|
Parameter |
Setting |
Function |
|---|---|---|
|
|
1 |
Optional parameter that can be included when running the MSI installer to stop the Service from automatically starting. This can be useful in situations where the Agent is included in a base VM Image to prevent the same AgentID from being generated and duplicated across different images. |
Use the Setup Tool
With the Agent msi installed, the CLI tool for authenticating users to the service can be found in C:\Program Files\KeyFactor\rtsetup.exe.
To run the setup tool in PowerShell, set to PATH for the current terminal:
$env:PATH = "C:\Program Files\KeyFactor\;" + $env:PATH
Log In
You can optionally add a password with a -password parameter or, if not supplied, there will be a prompt where it can be entered via STDIN.
rtsetup.exe -authMode=LocalUsers -username="test@domain"
Returns:
password:
RTService currently has status Running, the service is stopping
Starting RTService
RTService currently has status Running
RTService restarted.
Warning! Applications that are currently open must be restarted in order to refresh certificates from Signum.
Select the Certificate Store
The Signum Agent needs to be 4.30.1 or higher.
Using the -targetStore flag, either the User Certificate Store “MY” can be used or the Local Machine Certificate Store “LocalMachine”. The -targetStore flag places the certificates from Signum in the selected store which can be useful for certain Microsoft Development tools that require the certificates to be stored in a specific location.
Example using the User Certificate Store:
rtsetup.exe -authMode=LocalUsers -username="test@domain" -targetStore=My
Example using the Local Machine Store:
rtsetup.exe -authMode=LocalUsers -"username=test@domain" -targetStore=LocalMachine
Authenticate With Certificate
To enable certificate-based login, set the -authMode flag to Certificate and provide the required certificate thumbprint using the -thumbprint flag. This configuration can be applied using the rtsetup tool. When configured this way, the Windows agent in Server Mode authenticates using the specified certificate.
rtsetup.exe -authMode=Certificate -thumbprint=[certificate thumbprint] store=[My|LocalMachine]
For more information about logging in with certificates, see Use Certificate-based Authentication.
Logout
To log out, run the following command:
rtsetup.exe logout