Enzoic for Active Directory

Automated Deployments


Setup with Configuration File


Starting with version 2.9, Enzoic for Active Directory can be installed and configured headlessly using a YAML configuration file. All of the Enzoic for AD settings can be specified via settings in this file. To get started, download the sample enzoic-config.yml file below and open in a text editor. The settings in the file are documented with comments, but we recommend familiarizing yourself with the product in a test environment first to better understand the various options.

Download the sample configuration file:

enzoic-config.yml

To specify the configuration file during installation, use the MSI version of the installer and pass in two properties:

ENZ_IMPORT_CONFIG_FILE – the full path to your YAML configuration file
ENZ_PRODUCT_KEY – your Enzoic for Active Directory product key

Sample MSI command line:

msiexec.exe /i "c:\EnzoicForAD.msi" ENZ_IMPORT_CONFIG_FILE="c:\path\to\enzoic-config.yml" ENZ_PRODUCT_KEY=”your-product-key”

Deploying Enzoic for Active Directory via GPO


You can use GPO push installs to easily install Enzoic for Active Directory across multiple domain controllers in your environment.  Note that Enzoic for Active Directory requires .NET Framework 4.5, which does not get installed automatically when running the MSI installer.  If you are deploying to Windows Server 2008R2, you will need to deploy .NET Framework 4.5 prior to deploying Enzoic for Active Directory.

Create an MST file with your product key and YML config path embedded
(note this step is optional – you have the option to configure Enzoic for Active Directory manually using the console and push it to your organization’s other domain controllers via GPO)

  1. Download Microsoft’s Windows Installer SDK – Download
  2. Install the SDK, Find and Run the Orca install (installs to C:\Program Files (x86)\Windows Installer 4.5 SDK\TOOLS by default)
  3. Run Orca
  4. Open the Enzoic for AD MSI in Orca
  5. Open the Transform menu and select “New Transform”
  6. Navigate to the Property table in the left pane and edit the values for the following properties in the right hand pane:
    • ENZ_IMPORT_CONFIG_FILE – enter the UNC network patch to your enzoic-config.yml file (this will be the network share distribution point for the GPO)
    • ENZ_PRODUCT_KEY – enter your product key
  7. Open the Transform menu and select “Generate Transform”, save the MST file
  8. Copy the MSI, MST and YML file to your distribution point in the next step.

Create a distribution point:

  1. Log on to a server as an administrator.
  2. Create a shared network folder to distribute the files from.
  3. Give the “Domain Controllers” security group read access to the share, and limit write access to authorized personnel only.
  4. Copy EnzoicForAD.msi (and optionally the MST and YML file from step 1 above) into the distribution point
  5. Give the “Domain Controllers” security group read access to the EnzoicForAD.msi
    file in the distribution point.
  6. Click Finish.

Create a Group Policy Object:

  1. Start the Group Policy Management Console (gpmc.msc).
  2. Expand the forest and domain items in the left pane.
  3. Right-click the Domain Controllers OU in the left pane, and then click Create a GPO in this domain, and Link it here…
  4. Type “Enzoic for Active Directory” and then press ENTER.

Prepare the Group Policy Object:

  1. Right-click the ” Enzoic for Active Directory” GPO, and then click Edit…
  2. Expand the Computer Configuration, Policies, and Software Settings
  3. Right-click the Software installation item, and then select New > Package…
  4. Type the full UNC path to EnzoicForAD.msi in the Open dialog box. You must enter a UNC path so that other computers can access this file over the network. For example, \\file server\distribution point share\EnzoicForAD.msi
  5. Click Open.
  6. Select the Assigned deployment method, and then click OK.
  7. Close the Group Policy Management Editor.

Complete the Installation:

Windows installs Enzoic for Active Directory during startup, and then immediately requires a manual restart to load the Password Filter. Restart each Domain Controller to complete the installation.