Centrify DC Direct Manage Express Admin Guide

Centrify DirectManage Express
Deployment Manager Administrator’s Guide

August 2010
Centrify Corporation
Legal notice
This document and the software described in this document are furnished under and are subject to
the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in
such license agreement or non-disclosure agreement, Centrify Corporation provides this
document and the software described in this document “as is” without warranty of any kind, either
express or implied, including, but not limited to, the implied warranties of merchantability or
fitness for a particular purpose. Some states do not allow disclaimers of express or implied
warranties in certain transactions; therefore, this statement may not apply to you.
This document and the software described in this document may not be lent, sold, or given away
without the prior written permission of Centrify Corporation, except as otherwise permitted by
law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part
of this document or the software described in this document may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, electronic, mechanical, or
otherwise, without the prior written consent of Centrify Corporation. Some companies, names,
and data in this document are used for illustration purposes and may not represent real companies,
individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new editions
of this document. Centrify Corporation may make improvements in or changes to the software
described in this document at any time.
© 2004-2010 Centrify Corporation. All rights reserved. Portions of Centrify
DirectControl are derived from third party or open source software. Copyright and legal notices
for these sources are listed separately in the Acknowledgements.txt file included with the
software.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or
on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at
any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD)
acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s
rights in the software and documentation, including its rights to use, modify, reproduce, release,
perform, display or disclose the software or documentation, will be subject in all respects to the
commercial license rights and restrictions provided in the license agreement.
Centrify, DirectControl, and DirectAudit are registered trademarks and Centrify Suite,
DirectAuthorize, and DirectSecure are trademarks of Centrify Corporation in the United States
and/or other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows
Server are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries.
The names of any other companies and products mentioned in this document may be the
trademarks or registered trademarks of their respective owners. Unless otherwise noted, all of the
names used as examples of companies, organizations, domain names, people and events herein are
fictitious. No association with any real company, organization, domain name, person, or event is
intended or should be inferred.
Contents
About this guide 3

Intended audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Conventions used in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using online help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Full PDF Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Contacting Centrify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Chapter 1 Introducing and installing Deployment Manager 9

Understanding Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Preparing to install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing the Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Files installed for Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Uninstalling the Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2 Deploying Centrify software 15

Understanding the deployment-process . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Step 1 Building a computer list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Step 2 Downloading Centrify software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Step 3 Analyzing your environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Step 4 Deploying Centrify software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 3 Using the Deployment Manager 35

Navigating the Deployment Manager console. . . . . . . . . . . . . . . . . . . . . . 35
Viewing downloaded software packages . . . . . . . . . . . . . . . . . . . . . . . . . . 40
1
Connecting to a remote computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Finding and fixing open issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Refreshing computer information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Setting options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Importing the product catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2 Administrator’s Guide
About this guide
Deployment Manager enables you to identify non-Windows

systems within your environment, analyze the readiness of these
systems to integrate with DirectControl and Active Directory, and
deploy Centrify software to these systems.
This guide describes Centrify Deployment Manager Express, the
most basic version of Deployment Manager. With Deployment
Manager Express you can:
Identify UNIX or Linux systems in your environment.
Download the latest versions of Centrify software to deploy.
Determine the readiness of the UNIX and Linux systems to join
Active Directory.
Remotely access systems that are not ready and fix problems
that are affecting the ability to deploy Centrify software or join
Active Directory.
Deploy Centrify software to UNIX and Linux systems to join an
Active Directory environment.
Centrify Deployment Manager Express is part of Centrify Suite
2010 Express Edition.
Intended audience
This Deployment Manager Administrator’s Guide provides complete
information for deploying Centrify software to the machines in
your environment with Deployment Manager. This guide is
intended for administrators who are responsible for managing user
access to servers, workstations, enterprise applications, and
3
Using this guide
network resources. Because Deployment Manager deploys

software from the Centrify Suite, which includes components that
are installed in the Windows environment and on the Linux,
UNIX, or Mac OS X computers you intend to manage, this guide
assumes you have a working knowledge of performing
administrative tasks across these different environments. If you are
unfamiliar with any of the operating environments you need to
support, you may need to consult additional, operating
system-specific documentation to perform certain tasks or
understand certain concepts.
This guide also assumes basic, but not expert, knowledge of how to
perform common tasks. If you are an experienced administrator,
you may be able simplify or automate some tasks described in this
guide using platform-specific scripts or other tools.
Using this guide

Depending on your environment and role as an administrator or
user, you may want to read portions of this guide selectively. The
guide provides the following information:
Chapter 1, “Introducing and installing Deployment Manager,”
introduces Deployment Manager and provides detailed
instructions for installing Deployment Manager.
Chapter 2, “Deploying Centrify software,” explains how to
employ the four-step process for discovering computers and
deploying Centrify software to them.
Chapter 3, “Using the Deployment Manager,” explains how to
navigate the Deployment Manager interface and perform
essential tasks.
Conventions used in this guide

The following conventions are used in this guide:
4 Deployment Manager Administrator’s Guide

Fixed-width font is used for sample code, program names,
program output, file names, and commands that you type at the
command line. When italicized, the fixed-width font is used
to indicate variables. In addition, in command line reference
information, square brackets ([ ]) indicate optional arguments.
Bold text is used to emphasize commands, buttons, or user
interface text, and to introduce new terms.
Italics are used for book titles and to emphasize specific words or
terms.
For simplicity, UNIX is used generally in this guide to refer to
all supported versions of the UNIX, Linux, and
Macintosh OS X operating systems unless otherwise noted.
The variable release is used in place of a specific release
number in the file names for individual Deployment Manager
software packages. For example,
CentrifyDM-release-win64.exe refers to a 64-bit release of
Deployment Manager; the actual release number might be:
CentrifyDM-1.1.0-182-win32.exe. Deployment Manager is
available in 32-bit and 64-bit versions.
Using online help

Deployment Manager provides task-based, reference, and
context-sensitive online help.
To access task-based help or search for help topics, click Help on
the right-click menu in the Deployment Manager Administrator
Console. To view context-sensitive help within dialog boxes, press
F1.
• About this guide 5

Full PDF Search
Full PDF Search

In lieu of an index, the PDF version of the documentation offers a
comprehensive search capability. To access it, open the drop-down
list available to the right of the Find text box (..) and select Open
Full Reader Search. You can search multiple documents by putting
them in one folder and browsing to that folder for your search. The
page number appears if you let the cursor hover over a results line.
In addition, all of the documentation for the Centrify Suite,
Express Edition, is available in searchable Adobe Portable
Document Format (PDF).

Contacting Centrify
If you have questions or comments, we look forward to hearing
from you. For information about contacting Centrify Corporation
with questions or suggestions, visit our Web site at
www.centrify.com. From the Web site, you can get the latest
news and information about Centrify Corporation products,
services, and upcoming events. For information about purchasing
or evaluating Centrify Corporation products, send email to
info@centrify.com.
• About this guide 7

Contacting Centrify

Chapter 1
Introducing and installing Deployment

Manager
This chapter introduces the Deployment Manager, a Microsoft
Management Console (MMC) application that provides centralized
deployment of Centrify products. It includes installation
instructions.
The following topics are covered:
Understanding Deployment Manager
Preparing to install
Installing the Deployment Manager
Files installed for Deployment Manager
Uninstalling the Deployment Manager
9

Deployment Manager enables you to identify non-Windows
systems within your environment, analyze the readiness of these
systems to integrate with DirectControl and Active Directory, and
deploy Centrify software to these systems.
The Deployment Manager provides the following major features:
System discovery and identification: You specify criteria
to find non-Windows computers in your environment, such as
an IP-address range or subnet, and the Deployment Manager
collects information, including OS type and version, and host
name to identify these computers.
Computer and environment analysis: The Deployment
Manager assesses the current state of each discovered computer
for its readiness to deploy Centrify software. This assessment
includes a check of the DNS and Active Directory
environments.
Software inventory: The Deployment Manager determines
whether each discovered machine has up-to-date Centrify
software installed.
Centrify software distribution: The Deployment Manager
enables you to download and install the Centrify Suite Express
or Standard Edition from the Centrify Download Center or a
user-specified location onto computers in your environment.
Integrated remote access: Allows you to access computers
remotely in order to execute administrative tasks as well as
perform in-depth issue analysis and resolution of any issues.
Preparing to install
You can install the Deployment Manager on one of the following
Windows platforms:

Windows XP (SP2 and higher)
Windows Vista
Windows 7
Windows Server 2003 or 2008
Centrify recommends the following hardware configuration:
1 GB RAM
1 GB free disc space
1 GHz processor
Deployment Manager is available in 32-bit and 64-bit packages.
Deployment Manager requires that the Windows machine is
running.NET Framework version 3.5 SP1 or greater, and if it is
not, the installer will exit with a warning message.
Be certain that you have network connectivity from the
Deployment Manager host machine to each of the UNIX, Linux,
and Mac OS X machines (henceforth referred to as UNIX
machines) to manage.
Installing the Deployment Manager

To install the Deployment Manager, complete the following steps:
1 Launch setup.exe; then click Next on the Welcome screen.
2 Accept the license agreement and click Next.
3 Accept the default location for the installation, or enter a new
location; then click Next.
4 Click Install to begin the installation, then Finish when done.
The installation includes a small Microsoft SQL Server Compact
Edition database that is embedded in the MMC application. The
database serves as a repository for the machine and environment
information that the Deployment Manager gathers.
Chapter 1 • Introducing and installing Deployment Manager 11

Deployment Manager launches automatically following installation

(if you leave the Launch Deployment Manager console box checked
on the Finish page of the installation), and opens to the Welcome
page, which contains the four-step process for discovering
computers in your environment and deploying Centrify software to
them:
See Deploying Centrify software.

You can also launch the Deployment Manager at any time with the
desktop icon
or by using the Start menu: Start > Centrify > Deployment

Manager > Deployment Manager.

The Deployment Manager installation program is a standard
windows installer, and by default installs files in the following
location:

C:\Program Files\Centrify\Deployment Manager.
In addition, the installer creates the following directory:

Pre-Vista operating systems:
C:\Documents and Settings\Administrator\Application
Data\Centrify\DeploymentManager
where Administrator is the user account for the person
installing Deployment Manager.
Vista and later operating systems:
C:\Users\User\AppData\Roaming\Centrify
\DeploymentManager
where User is the user account for the person installing

Deployment Manager.
This directory contains:
The database repository.
You do not have to manage the database in any way. Deployment
Manager handles all database tasks automatically.
A Log directory to contain log files if logging is enabled.
A Packages directory to contain software packages that you
download to deploy to your UNIX machines.

To uninstall the Deployment Manager, complete the following
steps:
1 Click Start > Control Panel > Add or Remove Programs.
2 Scroll to Centrify Deployment Manager versionNumber
and click Remove.
3 Click Yes to confirm removal when you see the message:
Are you sure you want to remove Centrify Deployment Manager
versionNumber from your computer?
Chapter 1 • Introducing and installing Deployment Manager 13

Notes Uninstalling the Deployment Manager MMC application does

not remove the Microsoft SQL Server Compact Edition database
that contains the machine and environment information gathered by
the Deployment Manager. If you install a new version of the
Deployment Manager, you will see the same machine and
environment information as in the previous version.
On the other hand, if you want to install a new version of
Deployment Manager without any exiting machine and
environment data, or if you simply want to remove this
information from your computer, you can delete the database,
which is located at:
Data\Centrify\DeploymentManager\datastore.sdf
\DeploymentManager\datastore.sdf
You should also delete the contents of the Packages directory,

which contains any software packages you downloaded for
deployment.

Chapter 2
Deploying Centrify software
This chapter explains how to use the deployment-process on the

Welcome page of the Deployment Manager to discover and analyze
the computers in your environment, and deploy Centrify software
to them to connect to an Active Directory domain. The Welcome
page appears in the right pane when you open the Deployment
Manager or when you select the root node in the left pane.
Understanding the deployment-process
Step 1 Building a computer list
Step 2 Downloading Centrify software
Step 3 Analyzing your environment
Step 4 Deploying Centrify software
15

The Deployment Manager employs a four-step process to facilitate
the deployment of Centrify software in your environment.
Generally, you can complete this process once, then manage your
deployment through the Deployment Manager nodes. However, at
any time, you can repeat any, or all of the steps, for example, if you
have added computers to your network, or if newer Centrify
software is available for deployment.
The deployment-process (Welcome) page opens automatically in
the right pane when you start the Deployment Manager, or if you
click the root, Centrify Deployment Manager node, in the left
pane.
The four steps in the deployment process are as follows:

Based on user-specified criteria, such as a subnet or IP-address
range, Deployment Manager identifies the computers it finds
with information such as OS type and version, and hostname.

Deployment Manager downloads Centrify software from the
Centrify Download Center or from a network drive to make it
available for deployment.
Deployment Manager analyzes the computers found in Step 2 for
suitability and saves a list of issues.
Deploy Centrify software for joining an Active Directory
domain to any or all of the computers found and analyzed.
After completing any of the steps, Deployment Manager saves the
results on the Welcome page as well as in the appropriate nodes of
the left pane.

The first step in the deployment process is identifying the
computers in your environment on which to deploy Centrify
software to join an Active Directory domain. You input criteria,
such as a subnet address, to the Add Computers Wizard to identify
UNIX computers in your environment. From the list that the
Wizard returns, you can choose the ones to keep.
Before you begin, make sure of the following:
To gather information, Deployment Manager requires access to
each computer that it finds, so be certain all computers are
accessible by telnet or ssh (on Mac OS X computers, for
example, the telnet/ssh daemon is not enabled by default),
and that you have account information on hand for each
computer in your environment. If you have a single master
account and password for all machines in your environment, the
Deployment Manager allows you to provide this account name
and password once.
Chapter 2 • Deploying Centrify software 17

Decide which method to use for discovering computers:

If you are using a specific subnet or IP-address range, you need
to know the subnet address or range to search. If you are using
the local subnet, Deployment Manager supplies it for you.
If you are using a list to identify computers, create a text file
in the proper format; see “Creating a computer list file” on
page 25.
You might want to set some of the Deployment Manager
options, such as supplying account information for downloading
software; see Setting options. In particular, you might want to
read about how the Add Computers Wizard discovers
computers (see Specifying whether to ping before connecting to
a computer), then decide, whether to change the Network
option.
To build a list of computers:
1 In the left pane, select the Centrify Deployment Manager
node. In the right-pane, under Step 1 Build Computer List,
click the Add Computers button.
Note You can run the Add Computers Wizard again at any time,
either from the Welcome page or from the left pane. After you
have run it one time, Deployment Manager maintains a list of
computers in the left pane. Select the Computers node, then
select Action > Add computers to launch the wizard.

2 Select one of the radio buttons for how to specify the computers
to add, then click Next and go to the appropriate step as shown
in the table for the choice you made.
Select this To do this Then go here

Discover computers Enable Deployment Manager to Click Next, then go to
from the network search for computers in the local Step 3.
subnet, in a specified subnet, or in
a range of IP address.
Import a computer Use a text file that you have Click Next, then go to
list from a text file created to identify the computers Step 4.
to import.
Note Before selecting this option,
create the text file to use; see
Creating a computer list
file.
Add a single Add a single computer by name Enter a name or IP
computer or IP address. address, click Next, then
go to Step 5

3 If you selected Discover computers from the network on

the first Add Computers Wizard screen, select one of the
following options for how to specify the network:
Select this To do this

Discover local subnet Enable Deployment Manager to search for computers
in the local subnet.
The Wizard automatically fills in the local subnet
address and mask. For example:
192.168.108.129/255.255.255.0
The Wizard returns a list of every address in the
specified subnet. You can choose which computers in
the list to keep.
Discover computers in Specify an IP address and mask for a specific subnet to
subnet search.
IP address: 192.168.108.129
Subnet mask: 255.255.255.0
The Wizard returns a list of every address in the
specified subnet. You can choose which computers in
the list to keep.
Discover computers in the Enter start and end addresses for a range of IP
range of IP addresses addresses to search.
After entering the required information (or to accept the

displayed information) click Next and the Deployment Manager
attempts to find computers based on the specified IP-address
information.
Go to Step 5.
4 If you selected Import a computer list from a text file on
the previous Add Computers Wizard screen, enter the path
to your computer list file, or click Browse to navigate to the
file.
The Wizard screen shows a sample of the required format for the
list file. You can also look at “Creating a computer list file” on
page 25 for more information.

Click Next and the Deployment Manager attempts to find the
computers specified in the file.
Go to the next step.
5 Select the accessible computers for which you will provide
account information.
Depending on the computers it finds, the Deployment Manager
may return the computers it has found on two separate pages.
On the first page, it shows the computers that it has been able to
connect to with ssh or telnet.
All the computers are selected by default. Decide on the

computers for which to gather information. On a later screen,
you must provide account information for these machines to give
Deployment Manager the necessary permissions to gather
information.
Click Next.
6 Select the unreachable computers to keep in the repository.

On this page, Deployment Manager displays a list of computers

that match the search criteria but that are inaccessible for any
number of reasons, such as the computer is behind a firewall, SSH
daemon is down, the IP address hosts a resource other than a
computer, such as a printer, and so on. You can decide to keep
any or all of these machines and resolve the connection issues and
provide account information later, or simply remove them from
the list now by leaving them deselected.
Click Next.

7 Enter account information:

Login account Specify a username and password with
permission to log in to the specified computer.
Note If you selected multiple computers on the
previous Wizard page, the computer to which
this information applies is the first computer in
the list. The title bar shows the name and IP
address for this computer.
Privileged command execution Specify the method to allow the Deployment
Manager to execute privileged commands
during deployment.
Use the login account Use the login account credentials.
Execute using sudo Use sudo; depending on the sudoer policy
settings, you may need to provide a root
password, or simply your own password.
Execute using su Use su; you must provide a root password.
Apply the same user name and Select this option if you have a common user
password to other computers name and password that applies to multiple
computers in the list.
Click Next.
8 Enter account information for other machines:
If you selected the option to apply the same user name and
password to other computers, select those computers now,
then go to Step 9.
If you are not using the same account and password, the
wizard displays the next machine in the list; enter account
information for this machine (and subsequent machines by
repeating Step 7 for each machine).
Click Next.

9 Choose how to provide account information.
Select this To do this Then go here

Use the existing Use an account applied to Click Next, then go to
account information another computer. On the next Step 10.
applied to another screen, you are prompted for the
computer name of the machine.
Specify a new set of Supply new account information. Click Next, then go to
account information Step 7.
10 Specify the machine whose account to use, if you selected Use

the existing account information applied to another
computer in the previous step.
Click Next.
11 Click Finish to exit the wizard and retrieve information for the
specified computers.
Deployment Manager displays the results in a graphic format,
organized by platform:
Click on any category to see a list of computers in the left pane. For
example, click Unknown to see computers that were inaccessible
by Deployment Manager. You can then look at the Open Issues
node for that machine to see why the computer is inaccessible.
Next Step
The next step is to download Centrify software for the computers
you just added to the repository. Go to “Step 2 Downloading
Centrify software” on page 25 for detailed information.

Creating a computer list file
When building a computer list, one of the methods to use for
discovering computers in your environment, is to create a text file
with a list of computers. This section describes the format of this
file.
You can specify hostnames by hostname or by IP addresses. You
may also provide optional login information. Place each hostname
or IP address on a separate line. You can also add comments by
using the pound (#) symbol, either at the beginning of a line or
after a host name. Everything after the # sign is ignored.
The following shows a sample computer-import file:
# This is a sample file for computer import.
#
# This file contains a list of IP addresses or host names, and # optionally, their
login information.
#
# The IP address/host name should be placed in the first column. If login
# information is provided, it should follow the host entry, separated by a
# comma.
#
# If the user name or password contains non-alphanumeric characters, they
# should be enclosed in double-quotes, such as "user1 %!". A double-quote
# character in a user name or password should be escaped as follows: "a""bc".
#
# Each entry should be kept on an individual line.
#
# Format:
# <ip|host>,<user>,<passwd>,<privilege command type>[,<privilege passwd>]
#
# Privilege command type can be none, sudo or su.
# If the privilege type is su, a password must be provided. Otherwise it
# is regarded as invalid.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name or IP address denoted by a '#' symbol.
#
10.0.0.1
host1
10.0.0.2,user1,password1,none
host2,user2,password2,sudo,privpass2
You can save the file in any well-known location. When you run the
Add Computers Wizard, you enter the path to this file.

In order to deploy Centrify software to computers in your
environment and join these computers to Active Directory, you
must first download the software packages to the Deployment

Manager. In addition, you must download the analysis tools that the
Deployment Manager runs.
Generally, you will download packages from the Centrify
Download Center, which guarantees that you are getting the latest
and most appropriate packages for the systems in your
environment. However, if you are working within an isolated
network, you can copy the packages to a network location
beforehand, then download them to Deployment Manager from
that location (see the Copy from network option in Step 1).
Notes If you are not certain of the operating-system platform and

version, and architecture for each computer on which you intend to
deploy Centrify software, you can look in the left pane by expanding
the following nodes:
Centrify Deployment Manager\Computers\All
Computers (Group by OS)
To download Centrify software:

node. In the right-pane, under Step 2. Download Centrify
Software, click the Download Software button.
Note You can also download software by using menus in the left
pane. Select the Software node, then click Action >
Download from Centrify.

Select one of the radio buttons and enter any required information:

Download from the Centrify Enable Deployment Manager to obtain the
Download Center latest software packages from the Centrify
Download Center.
If you do not have a centrify.com account,
you can set up a free account (for example, to
download Centrify Suite Express Edition) by
clicking the link:
http://www.centrify.com/join
Username Enter the username for a centrify.com
account (which will have access to the Centrify
Download Center).
Note You can also specify the account name and
password by using the Options menu (select
and right-click the Deployment Manager node
in the left pane, then select the Options tab), in
which case you will not be required to enter a
username and password each time you use the
Download Center.
Password Enter the password for the account.
Remember my username and Enable Deployment Manager to periodically
password check for and download software updates from
the Centrify Download Center.
Copy from network or local drive If Centrify Corporation software packages reside
on a local or network drive (for example, you are
working in an isolated network and pre-copied
the installation packages to a network location),
use this option to download the packages to
Deployment Manager. Type the path or browse
to the folder that contains the packages to
install.
For this option, you might want to import the
Centrify Product Catalog to guarantee that you
have the latest package information; see
Importing the product catalog.
2 Click Next, then do one of the following:

If you selected Copy from network or local drive, verify

the package name, then click Finish to download the
specified package to the Deployment Manager.
If you selected Download from Centrify Download
Center, go to the next step.
3 Expand the category nodes (for example, Analysis tools,
Centrify Suite 20xx) to see packages for specific platforms.
Click the category box to select or deselect all packages in the
category. For example:

You can filter which package categories to show:

Show only the latest software Show only the current packages. If you
deselect this option, Deployment Manager
shows previous packages as well, but they
are deselected by default.
Show only software for managed Only show packages for the computers that
computers Deployment Manager has discovered for
your environment. For example, if you only
have Red Hat and Debian Linux machines in
your environment, you will not see
packages for HP-UX, Mac OS X, Solaris, and
so on.
Note Expand Analysis tools or Centrify Suite
20xx to see platform-specific packages.
Generally, you should keep this option
selected to avoid downloading irrelevant
packages. However, if you intend to add
systems with different platforms at a later
date, and want to download packages for
them now, you can deselect this option,
then select the individual packages you
need.
4 Select one or more packages to install, then click Next.

5 Confirm the package names, then click Finish to begin
downloading the packages, or click Back to go to the previous
page and choose different packages, or Cancel to cancel the
download.
Next Step
Go to “Step 3 Analyzing your environment” on page 30 to analyze
your environment for compatibility with Centrify software.


Before deploying Centrify software to computers in your
environment, first analyze the operating system, network, and
Active Directory settings on the domain you intend to join for
compatibility with Centrify software.
To analyze your environment:
node. In the right-pane, under Step 3. Analyze Your
Environment, click the Analyze button.
Note You can also analyze your environment by using menus in
the left pane. Select a computer in the left pane, then click
Action > Analyze Environment.
2 Enter or accept the name of the domain to analyze. This is the
domain you intend to join with the machine or machines on
which you are deploying Centrify software.
Optionally, change the limit on the number of domain
controllers to check. The default limit is 10.
3 Click OK to begin analysis.
Deployment Manager analyzes each machine in your list with
regard to its compatibility with Centrify software and its ability to
join Active Directory. When the analysis is complete, the

Deployment Manager displays the results under Step 3, similar to
the following example:
Deployment Manager categorizes the results in terms of Centrify

software (Installed or not, ready to upgrade (with or without
warnings) or not, and so on.
Next Step
Resolve the errors and warnings that were found:
1 Expand one of the categories with errors or warnings; for
example, in the figure, under Computers with no Centrify
software installed click the expansion arrow for Ready
to install with Warnings:
2 Click on the warning or error message link and Deployment

Manager displays the Open Issues node for the computer in
question in the left pane:

See Finding and fixing open issues for more information on

fixing errors.
You can also locate issues in the left pane; for example:
To see issues for all machines, expand the Centrify
Deployment Manager node and select the Open Issues
node.
To see issues for a particular machine, expand nodes such as:
Centrify Deployment Manager\Computers with no
Centrify software\Ready to install with Warnings,
double click a machine in that category and open its Open
Issues node.
3 When you have resolved all critical issues, go to “Step 4
Deploying Centrify software” on page 32.

After analyzing your environment, you can deploy Centrify
software.
To deploy Centrify software:
node. In the right-pane, under Step 4. Deploy Software,
select the computers to deploy.
Note If no computers are visible, click the expansion button in
the right corner of the step heading:
You can also deploy software by using menus in the left pane.For
example, to deploy to a specific computer, navigate to that
computer and select it. Then click Action > Add Software.

2 Select the computers on which to deploy software. You can
select the check box in the heading bar to select all computers,
or select computers individually:
Deployment Manager only shows machines that have passed the

analysis step (with warnings, but not errors), do not already have
Centrify software installed, and for which packages have been
downloaded to Deployment Manager. You can select machines
from a variety of platforms — Deployment Manager will install
the proper package on each machine.
3 Click the Deploy button.
4 Select the version of the suite to install:
Centrify Suite Standard Edition — includes a
fully-featured DirectControl — as well as Centrify-enabled
OpenSSH.
Centrify Suite Express Edition — includes a limited
version of DirectControl that provides the ability to join a
domain and authenticate users — as well as Centrify-enabled
OpenSSH.
5 Click Next.
If you selected Standard Edition, verify the package and
click Finish. After installation, you must manually join the
machine to a domain using the adjoin command.
If you selected Express Edition, you must provide Active
Directory credentials because Deployment Manager joins the
machine to a domain. The machine is joined to Auto Zone —
DirectControl Express does not support the creation of
individual zones; see the DirectControl Express Edition
Administrator’s Guide for more information about Auto Zone
and Express Edition.

Click Next, verify the packages to be installed, and click

Finish.
When deployment is complete, you see a screen similar to the
following, with a check mark placed by each computer on which
software was successfully deployed:

Chapter 3
Using the Deployment Manager
This chapter explains how to navigate Deployment Manager and

perform essential Deployment Manager tasks.
Navigating the Deployment Manager console
Viewing downloaded software packages
Connecting to a remote computer
Finding and fixing open issues
Refreshing computer information
Setting options
Importing the product catalog

Deployment Manager is a standard MMC console, with a tree, or
scope (left), pane, and a results (right) pane.
Note When you first launch the Deployment Manager, the left pane
is actually empty, except for the root, Deployment Manager, node
until you use the build step of the deployment process to add
computers from your environment to the Deployment Manager
repository.
The left pane has nodes for:

Computers — Contains all the computers you have added to
the repository, organized with sub-nodes, such as All
Computers, Computers without Centrify Software Installed,
35
and so on, that enable you to see at a glance the state of your
deployment.
Software — Contains the Centrify suite and analysis tools
packages that you have downloaded.
Open Issues — Identifies issues that Deployment Manager has
found for the computers added to the repository.
History — A list of actions you have taken with Deployment
Manager.
Using the Computers node

The Computers node enables you to view, in a number of different
categories, the computers that the Deployment Manager has
discovered. Each category has further sub-categories. For example,
to see only the computers that are ready to upgrade with Centrify
Corporation software, you can expand Computers >
Computers with No Centrify Corporation Software
Installed > Ready to Install or ... Ready to Install with
Warnings.
When you select a node, such as All Computers, in the left pane,
Deployment Manager displays a list of computers in the right pane.
The list includes details about the computer, such as operating
system, platform, DirectControl version (if installed) and so on.
If Deployment Manager is unable to access a machine, it shows the
hostname as <Unknown>.
The categories for Computers are:
All Computers
All Computers (Grouped by OS)
All Computers (Grouped by Zone)
Computers with Centrify Corporation Software Installed
Computers with No Centrify Corporation Software Installed
Computers Identified But Not Analyzed

Adding and deleting computers
You can add computers at any time by using the Action menu or
the right-click menu of the Computers node.
To add computers:
1 Select the Computers node.
2 Click Action > Add Computers and follow the steps in the
Add Computers Wizard.
To delete a computer from the display, expand any category that
contains the computer, select the computer, then right-click and
select Delete. The computer will be removed from every category
in which it appears.
Working with a specific computer

Selecting a computer name in the left pane allows you to view the
information that the Deployment Manager has discovered about the
computer. It also provides a context menu that allows you to
perform specific operations, such as connecting to the computer
remotely or resolving open issues
Note The information described in this section is available only for
computers that Deployment Manager has been able to connect to
using a remote terminal application. For inaccessible computers,
the context-menu items are greyed-out, except for Remote
Session and the only node in the right-pane is Open Issues.
Viewing information about a computer

To view information about a computer, select one of the sub-nodes:
Groups — Shows a list of the UNIX groups on the computer.
Users — Shows a list of the UNIX users on the computer.
Open Issues — Shows a list of issues related to installation of
Centrify software on the computer. You can select an issue, then
right-click and select Properties to see more information
about the issue, right-click and choose to ignore or re-analyze
Chapter 3 • Using the Deployment Manager 37

the issue, or connect to the computer remotely to resolve the

issue; see Finding and fixing open issues.
Note Each individual computer has its own Open Issues node for
issues specific to that computer. The Open Issues node under the
root node lists issues for all computers.
History — Shows a list of all the actions performed on the
computer, such as discovery, analysis, deployment, and so on,
and whether the action was successful. For each item, you can
select the item, then right-click and select Properties (or click
Action > Properties) to see more details about the action.
Note Each individual computer has its own History node with a
list of actions specific to that computer. The History node under
the root node lists actions for all computers.
You can also delete items by selecting one or more items, then
right-clicking and selecting Delete.
Performing actions on a computer

To perform an action, right-click the computer name or click
Action and select one of the following:
Analyze Environment — Analyze the operating system,
network, and Active Directory settings on the selected
computer for compatibility with Centrify software. Enter the
name of a domain to check. Deployment Manager returns any
issues in the Open Issues node. This action is the same as using
Step 3 of the deployment process — See Step 3 Analyzing your
environment for more information.
Refresh Computer Information — Update information on
the selected computer. Deployment Manager will connect to
the selected machine and regenerate the information for it,
including domain, zone, computer name, and installed Centrify
software. Because an administrator can perform operations on
machines without using the Deployment Manager Console, it is

possible that the view of the Deployment Manager Console may
be inaccurate vis-a-vis any given machine. For example, an
administrator may log on remotely to a machine and delete
Centrify DirectControl, but the Console will show it as
installed. Periodically refreshing the computer information
ensures that you have an accurate view of your environment.
Add/Remove Software — This menu item shows either
Add or Remove Software depending on whether Centrify
software is installed on the machine. If Centrify software is
already installed on this computer, you can click Remove
Software to remove it. If Centrify software is not installed on
the computer, you can click Add Software to install it. The Add
Software menu is greyed-out if you have not downloaded
Centrify software packages to the Deployment Manager.
Remote Session — Enables you to connect to the selected
machine through a remote terminal application. See Connecting
to a remote computer for more information.
Properties — Shows details about the computer, such as
operating system, domain, and zone.
This page also allows you to edit the credentials for remote
access. Click Credentials and do one of the following:
Enter a username and password.
Select Use different UNIX account to run privileged
commands, then select one of the options and enter a
password for the sudo or su account.
Click OK to accept the changes and OK again to exit the
Properties page.
Viewing history
The History node shows a list of all the actions that have been
performed by Deployment Manager, including discovery, analysis,

deployment, refresh, and so on, and whether the action was

successful.
To see more details about an item, select History in the left pane,
then select an item in the right pane and right-click and select
Properties (or click Action > Properties). After opening a
history item, you can use the up and down arrows to scroll through
all items in the category.
Note Each individual computer has its own History node with a list
of actions specific to that computer. The History node under the
root node lists actions for all computers.
You can delete items from History by selecting one or more items,
then right-clicking and selecting Delete.

The Software node shows the software packages that have been
downloaded to the Deployment Manager for installation.
To get a list of individual packages, select one of the categories, for
example, Centrify Suite 2010 Update X.
Select a package from the list, then right-click and select

Properties to see the platforms that the package supports.
Expand one of the platforms, such as Red Hat, to see the specific
versions that the package supports:

If the Properties page has a Warning tab, it provides additional
information, such as the availability of an updated package.
Connecting to a remote computer

Deployment Manager allows you to connect to computers in your
environment by using a remote terminal application.
To connect remotely to a computer:
1 Navigate to the computer in the left pane.
2 Select the computer, then right-click and select Remote
Session > appName.
where appName is a remote terminal application, such as telnet,
SSH, WinSCP, and so on. You may have to make further
selections, depending on the application you selected. For
example, for telnet and SSH, you need to select whether to
login as the stored user or a different user.
Once connected to the machine, you can run UNIX commands
in a terminal window, including DirectControl commands such
as adjoin to join a domain, or adinfo to get information about
the Active Directory configuration.

Note You can add or edit the remote terminal applications that
are available in the Remote Access context menu, by configuring
the Terminal option; see “Specifying terminal applications” on
page 45.

The left pane includes an Open Issues node under the root node
that contains issues for all computers that have been added to the
repository.
In addition, each computer has its own Open Issues node that
makes it easy to find open issues specific to a particular computer.
Just expand the computer’s node in the left pane, double-click it’s
Open Issues sub-node, and individual issues are displayed in the
right pane.
To resolve an open issue:
1 Navigate to the issue.
For example, select a computer of interest, then double-click

Open Issues to see a list of issues.
2 Take one of the following steps:
Right-click an issue, and click Properties to get more
information about the issue, including tips on how to fix it.
(Warning) Right-click an issue and select Ignore. The issue
is not fatal to begin with, and you can still deploy software
without doing anything, but selecting Ignore removes the
issue from the list.
(Warning) Right-click an issue and select Re-analyze if you
have fixed the issue since the last time you analyzed the

computer. For example, if the computer was offline, and is
now online, the new analysis should resolve connection
issues.
(Error | Warning) Right-click an issue and select SSH or
telnet to log into the computer and fix the issue.
(Error) Right-click an issue and select a specific solution; for

example, if the username or password is empty, the menu has
a selection: Set username and password.
Refreshing computer information

In general, the Deployment Manager Console shows an up-to-date
view of the machines in your environment. When the Deployment
Manager performs an operation in the background, it updates the
view appropriately. However, if an administrator performs an
action on an a machine without using the Deployment Manager
Console, the view will not be updated. For example, if an
administrator connects to a machine through putty and uninstalls
Centrify DirectContorl, the Console will still show the software as
installed.
For situations such as these, periodically refreshing the computer
information ensures that you have an accurate view of your
environment.
To refresh computer information:
1 Open a particular category of computers and select one or more
computers in the category.
2 Right-click and select Refresh Computer Information.
While Deployment Manager is connecting to one or more

computers to update information, it displays the busy icon for
the selected computers and for all the nodes that contain them:

Setting options
Deployment Manager will connect to the selected machines and

regenerate the information for them, including domain, zone,
computer name, and installed Centrify software.
Note Deployment Manager is multi-threaded and performs its
operations in the background.
Setting options
The Deployment Manager allows you to set the following options:
Specifying a Download account
Specifying terminal applications
Specifying log settings
Specifying time out values
Specifying whether to ping before connecting to a computer
Specifying a Download account

For convenience, you can specify a default account for downloading
Centrify software packages from the Centrify Download Center.
You can also specify a default location for the packages you
download.
By specifying a default account, you will not be required to enter
account information each time you download Centrify software.
To specify a default account:
1 In the left pane, select the root, Deployment Manager node,
then right-click and select Options.
2 Select the Download tab.
3 Enter a valid centrify.com account and password. Enter a local
or network path, or browse to a location to store the package.
4 Click OK to save the information you entered.

Note The username and password you enter are securely stored in
the Deployment Manager repository and are available only to the
user who creates them. When you create a password, it is encrypted
with the access token of the currently logged on Windows user.
Therefore, even if other users have access to the Deployment
Manager repository, because they do not have access to another
user’s Windows account password, they cannot decrypt the stored
password.
Specifying terminal applications

The Deployment Manager enables you to remotely access the
machines that it has discovered. You can use the Terminal tab of the
Options menu to add new terminal applications or edit existing
ones with access to managed machines. The applications on this tab
are available in the Remote Sessions context menu for each
computer under the Computers node in the left pane.
To identify or modify terminal applications for the Remote
Sessions context menu:
2 Select the Terminal tab. Then do any of the following:
To change an application’s location in the context menu, select
it in the list and click Move Up or Move Down.
To remove an application, select it in the list and click Remove.
To change the details for an application, select it in the list and
click Edit. See the fields for adding an application for
information on what to enter for each field.

Setting options
To add a terminal application, click Add and enter the

following information:
Field Value
Name The name of the application as it appears in the
Remote Session context menu.
You can use the vertical bar (|) to create a
submenu. For example:
SSH|Kerberos Login
creates the following menu:
Remote Session —> SSH —>Kerberos Login.
Location The location for the terminal application
executable file.
The Deployment Manager uses the following
variable:
${InstallDir}
to identify its base directory:
C:\Program Files
\Centrify\Deployment Manager
By default, terminal applications are stored in the
External directory below this directory. If you
enter the path to the application, use the variable
to specify the base path; for example, for Kerberos:
${InstallDir}\External\putty.exe
You can also click Browse to browse to the location
of the executable.
Arguments The arguments for the terminal application. For
example, for Kerberos Login for putty:
-ssh -k ${ip}
Only available upon joining to Select this box to require an Active Directory
Active Directory account and password in order to execute the
command.
Click OK to save any changes you make.
Specifying log settings

You can specify whether logging is enabled and also change the
location of the log file.

Note Centrify recommends that you enable logging only if
instructed to do so by Centrify Technical Support for
troubleshooting purposes.
To turn logging on or off:

2 Select the Log Settings tab.
3 Select or deselect Enable logging.
4 Optionally, type a path name or browse to a location for the log
file. By default, it’s stored in:
Data\Centrify\DeploymentManager\log
where Administrator is the user account for the person
installing Deployment Manager.
\DeploymentManager\log
where User is the user account for the person installing

Deployment Manager.
Specifying time out values

You can change the time out values for the following tasks:
Task Default Value

Discover computer task 30 seconds
Analyze computer task 30 seconds
Refresh computer task 30 seconds
Fix issue task 30 seconds

Setting options
Task Default Value

Install software task 120 seconds
Uninstall software task 60 seconds
To change time out values:

2 Select the Time Out tab.
3 Use the arrow keys or type a new value for one or more tasks,
then click OK or Apply.
Note If you make changes, you can click Restore Defaults at any
time to restore the default values for all tasks.
Specifying whether to ping before connecting to a computer

Deployment Manager provides an option to specify whether to
ping computers during operations that require connecting to a
computer, such as building a computer list or refreshing computer
information.
For these kinds of operations, Deployment Manager employs a
two-step process. The first step is to ping each specified IP address
to verify that the machine is reachable. The next step is to connect
to each reachable machine (via telnet or SSH) to gather
information; each unreachable machine is skipped. Pinging each
machine is a relatively lightweight operation and saves the overhead
of attempting to connect to machines that are unreachable.
In certain cases, however, such as machines hosted in a cloud
environment, or behind corporate firewalls, machines may not be
pingable but can still be accessed via SSH or telnet. For situations
such as these, Deployment Manager allows you to turn off the ping
step so Deployment Manager will not skip machines that might
actually be reachable.
To set this option:

2 Select the Network tab.
To enable the ping step, select Enable ping in computer
connection. You may also change the ping timeout value,
which defaults to 1. This is the default setting and timeout
value.
This setting speeds up the discovery process but may miss
computers that are accessible via SSH or telnet, but not
pingable.
To skip the ping step, deselect Enable ping in computer
connection. When pinging is disabled, Deployment
Manager attempts to connect to every computer at the
specified IP addresses. The operation may obtain information
from computers it wouldn’t with ping enabled, but will take
much longer than with ping on.

When you download Centrify software from the Centrify
Download Center, Deployment Manager reads a manifest, or
product catalog file, to determine which packages are available and
appropriate to download for your particular machines. The
manifest is stored locally in the Deployment Manager repository
and the most current copy is stored on the Centrify Support site.
To be certain that it is reading the latest manifest, Deployment
Manager compares the time stamp of its local copy with that on the
Support site (and downloads the newer one when necessary) at the
following intervals:
Whenever Deployment Manager first launches.
Once per day if Deployment Manager is left running.
Whenever you download Centrify software.

If you are using Deployment Manager within an isolated network

and have the latest Centrify software on a disk for installation
(rather than through the download center), the manifest that
installs with the program may or may not be up-to-date. To update
to the latest manifest, you can download a copy of the manifest
from a machine with internet access, copy it to a location accessible
by the Deployment Manager, and then import it.
To import a copy of the Centrify Product Catalog:
1 On a machine with internet access, go to:
http://www.centrify.com/support/product-catalog-offline.asp
2 When the dialog appears, click Save to save the file. Specify a
location that is accessible by the machine running Deployment
Manager, or save locally, then copy it to a Deployment
Manager-accessible location.
3 In Deployment Manager, select the root node, then click
Action > Import Centrify Product Catalog. Navigate to
the location in which you saved the product catalog file, select
the file, centrify-product-catalog-offline.xml, and click
Open.
4 Click OK when you see the confirmation message.

Centrify DC Direct Manage Express Admin Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Centrify DC Direct Manage Express Admin Guide

Uploaded by

Copyright:

Available Formats

Centrify DirectManage Express

Deployment Manager Administrator’s Guide

About this guide 3

Chapter 1 Introducing and installing Deployment Manager 9

Chapter 2 Deploying Centrify software 15

Chapter 3 Using the Deployment Manager 35

Deployment Manager enables you to identify non-Windows

network resources. Because Deployment Manager deploys

Using this guide

Conventions used in this guide

4 Deployment Manager Administrator’s Guide

Using online help

• About this guide 5

Full PDF Search

6 Deployment Manager Administrator’s Guide

• About this guide 7

8 Deployment Manager Administrator’s Guide

Introducing and installing Deployment

Understanding Deployment Manager

10 Deployment Manager Administrator’s Guide

Installing the Deployment Manager

Chapter 1 • Introducing and installing Deployment Manager 11

Deployment Manager launches automatically following installation

See Deploying Centrify software.

or by using the Start menu: Start > Centrify > Deployment

Files installed for Deployment Manager

12 Deployment Manager Administrator’s Guide

In addition, the installer creates the following directory:

where User is the user account for the person installing

Uninstalling the Deployment Manager

Chapter 1 • Introducing and installing Deployment Manager 13

Notes Uninstalling the Deployment Manager MMC application does

You should also delete the contents of the Packages directory,

14 Deployment Manager Administrator’s Guide

Deploying Centrify software

This chapter explains how to use the deployment-process on the

Understanding the deployment-process

The four steps in the deployment process are as follows:

16 Deployment Manager Administrator’s Guide

Step 1 Building a computer list

Chapter 2 • Deploying Centrify software 17

Decide which method to use for discovering computers:

18 Deployment Manager Administrator’s Guide

Select this To do this Then go here

Chapter 2 • Deploying Centrify software 19

3 If you selected Discover computers from the network on

Select this To do this

After entering the required information (or to accept the

20 Deployment Manager Administrator’s Guide

All the computers are selected by default. Decide on the

Chapter 2 • Deploying Centrify software 21

On this page, Deployment Manager displays a list of computers

22 Deployment Manager Administrator’s Guide

Select this To do this

Chapter 2 • Deploying Centrify software 23

9 Choose how to provide account information.

Select this To do this Then go here

10 Specify the machine whose account to use, if you selected Use

24 Deployment Manager Administrator’s Guide

Step 2 Downloading Centrify software

Chapter 2 • Deploying Centrify software 25

Notes If you are not certain of the operating-system platform and