Identity Finder - Creating a Custom Identity Finder Installer for Windows
Guide on how to create a custom Identity Finder client installer for Windows using IdentityFinderMSIBuilder.
IT Security can create custom Windows and Mac Identity Finder clients for your department. If you would prefer to create your own clients, follow the steps outlined below. Please note that the provided template files assume you are using the shared IT Security Identity Finder Console. If you are creating clients for your own installation of the Console, additional edits will be required in ClientSettings.reg.
Creating a Custom Identity Finder Installer for Windows
- Obtain the necessary files to create the installer
- SpirionMSIBuilder.zip NOTE: This file is also available on Box if you cannot download it directly from Spirion (Identity Finder).
NOTE: The following files are hosted on Box.com and require an invitation to download. If you do not have access to the Box folder, please contact the Help Desk for assistance.
- Open ClientSettings.reg in Notepad or another text editor
- Locate the following lines at the bottom of the file:
[HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service]
"defaultTag"=""Insert the name of the Simple Tag provided to you in the "Welcome to Identity Finder" email in between the two quotation marks on the right side of the equals sign. For advanced default tagging options, see Default Tag Syntax.
- Save. NOTE: Do not save the file as a Text Document (.txt). In Notepad, ensure that the "Save as type" control is set to "All Files" and that the file extension is set to ".reg".
- Client Installer Exe
- Choose the previously downloaded IdentityFinderSetup.exe. NOTE: Do not use the "Download Client" button to obtain the installer, as it requires Identity Finder Customer login information.
- Output File
- Navigate to the folder the output file will be written to, and using the "File name" text field in the Open window, enter a file name for the custom installer. NOTE: The file name must end with the extension ".msi".
- License File
- Choose the previously downloaded identityfinder.lic
- Registry File
- Choose the edited ClientSettings.reg file that contains your default tag
- Install Endpoint Service - This box must remain checked for the client to communicate with the Identity Finder Console.
- Install Endpoint Watcher Service - The Endpoint Watcher Service monitors the endpoint for the insertion of removable drives and, based on your policy's settings, either prompts the user to initiate a scan or launches a scan in the background. Scanning of removable media can optionally be disabled from the Identity Finder Console by setting the key EndpointWatcher\NotificationType in your policy to Disable. Uncheck this box to completely remove the Endpoint Watcher Service from your installer. NOTE: If the Endpoint Watcher Service is not included in your installer, removable media will not be scanned on insertion, regardless of the setting in your policy.
- Install Services Monitor Service - The Services Monitor service watches other Identity Finder services and ensures that they are restarted if they ever become stopped. If the Endpoint Service stops and the Services Monitor service is not installed, the endpoint will not be able to communicate with the Console until the client is restarted. As such, this service should generally be installed.
- Suppress user configuration on installation - Check this box to disallow user configuration during installation. If checked, the installer will perform a "Typical" installation and require no user interaction.
- Installation Modes - If "Suppress user configuration on installation" is not checked, this drop down menu can be used to disable certain installation modes. Available options are: "Allow All", "Disable Typical" and "Disable Custom".
- Display Endpoint Service feature - Give the user a choice during installation to install the Endpoint Service. The Endpoint Service must be installed for the client to communicate with the Identity Finder Console, so users should not be given the choice to install it or not. This option is unavailable if the "Install Endpoint Service" and "Suppress user configuration on installation" options are checked.
- Uninstall user settings - This drop down menu can be used to forcibly preserve or remove user settings when the client is uninstalled. Available options are: "Prompt", "Force Save" and "Force Removal".
- Add Start Menu Shortcuts - Uncheck this box to prevent Start Menu shortcuts from being created
- Manage - The "Manage" button will open a window allowing you to select which Start Menu shortcuts are added. Available options are: "Identity Finder client application", "Password Vault" and "Online Help".
- Add Desktop Shortcuts - Uncheck this box to prevent Desktop shortcuts from being created
- File Associations - Adds Windows file associations for ".idf" and ".idfvault" files, allowing the user to double-click files of these types and have them open in Identity Finder.
- Application Integration - Installs add-ins to enable data classification directly within certain supported applications (Microsoft Office, Outlook, and Adobe Acrobat). Clicking the manage button will allow you to select which add-ins you wish to enable.
- Explorer Integration - Add a right-click menu for files, folders and drives that allows the user to Search, Secure and Shred without using the Identity Finder client. These options can be customized in the application's settings.
- Launch Identity Finder After Installation - Forcibly launch the application after installation or allow user selection. Available options are: "Allow User Selection" and "Force Launch". NOTE: If "Suppress user configuration on installation" is checked and "Launch Identity Finder After Installation" is set to "Allow User Selection", the Identity Finder client will not launch after installation.
- Apply command line options to - Additional command line options can be supplied to change the behavior of the application. For more information on available command line options, please refer to: Enterprise Client Command Line Switches. Available options are: "Do Not Apply", "Initial Launch Only", "Shortcuts Only" and "Initial Launch and Shortcuts".
- Job Mode - Check this box to provide the /jobmode command line switch.
- Configuration File - Check this box to provide the /configurationfile command line switch. NOTE: This setting is not recommended for Console users.
- Password Vault - Check this box to cause the Password Vault to open on launch.
- Merge existing administrative registry settings on upgrade - Enabling this option will backup any settings in HKLM on the endpoint and restore them after the upgrade. If a setting is specified in both HKLM as well as the .reg file of the msi, the value in the .reg file of the msi will be used.
- Additional Files - Additional files can be added to the location of IdentityFinder.exe. The only file that affects the application is "activation.txt" which is not needed for UW-Madison clients. For more information on additional files, please see: Activation Information.
IdentityFinderMSIBuilder Settings Used By IT Security
Below are screenshots of the settings used by IT Security when creating custom clients for other departments:
It is possible to specify additional tagging parameters for nested default tags, as well as define multiple default tags.
- Nested tags - To use a nested tag as a default tag, enter the tag names in the form parentTag->childTag. Spacing around the arrow (->) symbol is ignored.
- Multiple default tags - To add an endpoint to multiple tags by default, enter the tag names in the form firstTag||secondTag. Spacing around the vertical bars (||) is ignored.
- Single nested tag:
- Two top-level tags:
"defaultTag"="CompSci || DoIT"
- One nested tag and one top-level tag:
"defaultTag"="DoIT->ITSecurity || CompSci"