Using ConfigMgr to Deploy the Proxy Installer is pretty easy, and can be done in a few different ways. If you need to deploy the Recast Management Server’s self-signed Cert, you can write a small installer script in PowerShell to do it all at once. If you have PKI, or used a trusted authority for your Cert, then you don’t need to worry about the extra steps and can do a single command line install. We’ll cover both options.
- Command Line Options
- Device Proxy
- Service Account Proxy
- PowerShell “Wrapper” to include Certificate.
- Uses Same info as above, but you add whatever else you need to include to customize the installation.
Device Proxy (Silent Install)
- MSIEXEC /i “Recast Proxy.MSI” /qn PROXYTYPE=DeviceProxy RCTENTERPRISESERVER = HTTPS://RECASTSERVER.FQDN:444
- Requires URL of Server in FQDN Format with the Port of your Server (Default is 444)
- Example: MSIEXEC /i “Recast Proxy.MSI” /qn PROXYTYPE=DeviceProxy RCTENTERPRISESERVER = HTTPS://RECASTMS.CORP.VIAMONSTRA.COM:444
Service Account Proxy**
- MSIEXEC /i “Recast Proxy.MSI” /qn PROXYTYPE=ServiceAccountProxy RCTENTERPRISESERVER = HTTPS://RECASTSERVER.FQDN:444 SERVICEACCOUNTDOMAIN=CORP.RECASTVILLE.COM SERVICEACCOUNTDOMAIN=RECASTSERVICE SERVICEACCOUNTPASSWORD=PASSWORD
- Requires URL of Server in FQDN Format with the Port of your Server (Default is 444), and your Service Account Information.
- Example: MSIEXEC /i “Recast Proxy.MSI” /qn PROXYTYPE=ServiceAccount RCTENTERPRISESERVER = HTTPS://RECASTSERVER.FQDN:444 SERVICEACCOUNTDOMAIN=CORP.RECASTVILLE.COM SERVICEACCOUNTDOMAIN=RECASTSERVICE SERVICEACCOUNTPASSWORD=P@ssw0rd
- ** I would strong encourage you to look into ways to deploy this securely and NOT have plain text passwords in your scripts or install command lines. While deploying it this way is possible, you’ll probably do it very infrequently, and you’ll probably just do it manually and type in the username / password.
ConfigMgr Application Model:
The AppEnforce Log shows the exact install command, including the password of the Service Account, this is why we’d advice against doing this.
But, you can see that it works. The Recast Proxy Service is installed and using the Service Account to run, it’s pointing towards the Recast Management Server, as shown in the Registry.
Now for the Device Proxy, using a PowerShell Script to both Install the Proxy software in Device Proxy mode & Importing the Cert:
#Make sure the Proxy MSI installer & the Self-Signed Cert (Or CA Cert) if you need the cert on the machine you’re installing the Proxy on.
#This installs the Proxy in DEVICE Proxy Mode – NOT Service Account Mode.
#Import the Self-Signed Cert
$CertStore = “cert:LocalMachine\Root”
Import-Certificate -FilePath $PSScriptRoot\RecastCert1.cer -CertStoreLocation $CertStore
#Get the Full Path & Name of the Proxy MSI Installer
$Installer = “$($PSScriptRoot)\$((Get-ChildItem $PSScriptRoot\*.msi).Name)”
#Run the Installer: Device Proxy Mode
Start-Process msiexec.exe -Wait -ArgumentList “/I “”$($installer)”” /passive PROXYTYPE=DeviceProxy RCTENTERPRISESERVER=HTTPS://RECASTMS.CORP.VIAMONSTRA.COM:444″
Uninstall Command – Nice for Testing
msiexec -x “$Installer” /qb!
You can see the Proxy Service is running as Local System and the PowerShell script installed the Self-Signed Certificate we need (since we don’t have PKI setup).
If you want to 1/2 automate the install, you can use ConfigMgr to kick off the installer, and pre-populate some of the information in the command line:
Even though we have the info command line, it doesn’t pre-populate this in the dialog, but it does get applied during the install.
It does pre-populate these fields, we’re using a fake password, then just updating it manually.
You can see that the Recast Server info was populated into the registry and that all was well.