Topics Map > Information Security > Tools and Software > Identity Finder

Spirion (Identity Finder) - Creating a Custom Identity Finder Installer

Guide on how to create a custom Identity Finder client installer for Windows using IdentityFinderMSIBuilder.

IT Security can create custom Windows and Mac Identity Finder clients for your department. If you would prefer to create your own clients, follow the steps outlined below. Please note that the provided template files assume you are using the shared IT Security Identity Finder Console. If you are creating clients for your own installation of the Console, additional edits will be required in ClientSettings.reg or the com.identityfinder.macedition.xml file.


  • Creating a Custom Identity Finder Installer for Windows
      1. Obtain the necessary files to create the installer
        • SpirionMSIBuilder.zip NOTE: This file is also available on Box if you cannot download it directly from Spirion (Identity Finder).

          NOTE: The following files are hosted on Box.com and require an invitation to download. If you do not have access to the Box folder, please contact the Help Desk for assistance.

        • IdentityFinderSetup-XXXX.exe

        • identityfinder.lic

        • ClientSettings.reg

      2. Edit ClientSettings.reg to include a default tag

        1. Open ClientSettings.reg in Notepad or another text editor

        2. Locate the following lines at the bottom of the file:
          [HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service]
          "defaultTag"=""
          Insert the name of the Simple Tag provided to you in the "Welcome to Identity Finder" email in between the two quotation marks on the right side of the equals sign. For advanced default tagging options, see Default Tag Syntax.

        3. Save. NOTE: Do not save the file as a Text Document (.txt). In Notepad, ensure that the "Save as type" control is set to "All Files" and that the file extension is set to ".reg".

      3. Unzip IdentityFinderMSIBuilder.zip and run IdentityFinderMSIBuilder.exe

      4. Using the ellipsis controls, complete the required fields in IdentityFinderMSIBuilder.exe

        • Client Installer Exe

          • Choose the previously downloaded IdentityFinderSetup.exe. NOTE: Do not use the "Download Client" button to obtain the installer, as it requires Identity Finder Customer login information.

        • Output File

          • Navigate to the folder the output file will be written to, and using the "File name" text field in the Open window, enter a file name for the custom installer. NOTE: The file name must end with the extension ".msi".

        • License File

          • Choose the previously downloaded identityfinder.lic

        • Registry File
          • Choose the edited ClientSettings.reg file that contains your default tag
      5. Using the associated check boxes, choose to install Identity Finder services

        • Install Endpoint Service - This box must remain checked for the client to communicate with the Identity Finder Console.

        • Install Endpoint Watcher Service - The Endpoint Watcher Service monitors the endpoint for the insertion of removable drives and, based on your policy's settings, either prompts the user to initiate a scan or launches a scan in the background. Scanning of removable media can optionally be disabled from the Identity Finder Console by setting the key EndpointWatcher\NotificationType in your policy to Disable. Uncheck this box to completely remove the Endpoint Watcher Service from your installer. NOTE: If the Endpoint Watcher Service is not included in your installer, removable media will not be scanned on insertion, regardless of the setting in your policy.

        • Install Services Monitor Service - The Services Monitor service watches other Identity Finder services and ensures that they are restarted if they ever become stopped. If the Endpoint Service stops and the Services Monitor service is not installed, the endpoint will not be able to communicate with the Console until the client is restarted. As such, this service should generally be installed.

      6. Choose "NONE (If not licensed to OCR, select to reduce file size)" for "OCR module version(s) to install". UW-Madison is currently not licensed for OCR image search.

      7. (Optional) Edit Advanced Options by pressing the "Configure" button in Advanced Options. The advanced options are explained below:

        • Suppress user configuration on installation - Check this box to disallow user configuration during installation. If checked, the installer will perform a "Typical" installation and require no user interaction.

          • Installation Modes - If "Suppress user configuration on installation" is not checked, this drop down menu can be used to disable certain installation modes. Available options are: "Allow All", "Disable Typical" and "Disable Custom".

        • Display Endpoint Service feature - Give the user a choice during installation to install the Endpoint Service. The Endpoint Service must be installed for the client to communicate with the Identity Finder Console, so users should not be given the choice to install it or not. This option is unavailable if the "Install Endpoint Service" and "Suppress user configuration on installation" options are checked.

          • Uninstall user settings - This drop down menu can be used to forcibly preserve or remove user settings when the client is uninstalled. Available options are: "Prompt", "Force Save" and "Force Removal".

        • Add Start Menu Shortcuts - Uncheck this box to prevent Start Menu shortcuts from being created

          • Manage - The "Manage" button will open a window allowing you to select which Start Menu shortcuts are added. Available options are: "Identity Finder client application", "Password Vault" and "Online Help".

        • Add Desktop Shortcuts - Uncheck this box to prevent Desktop shortcuts from being created

        • File Associations - Adds Windows file associations for ".idf" and ".idfvault" files, allowing the user to double-click files of these types and have them open in Identity Finder.

        • Application Integration - Installs add-ins to enable data classification directly within certain supported applications (Microsoft Office, Outlook, and Adobe Acrobat). Clicking the manage button will allow you to select which add-ins you wish to enable.

        • Explorer Integration - Add a right-click menu for files, folders and drives that allows the user to Search, Secure and Shred without using the Identity Finder client. These options can be customized in the application's settings.

        • Launch Identity Finder After Installation - Forcibly launch the application after installation or allow user selection. Available options are: "Allow User Selection" and "Force Launch". NOTE: If "Suppress user configuration on installation" is checked and "Launch Identity Finder After Installation" is set to "Allow User Selection", the Identity Finder client will not launch after installation.

        • Apply command line options to - Additional command line options can be supplied to change the behavior of the application. For more information on available command line options, please refer to: Enterprise Client Command Line Switches. Available options are: "Do Not Apply", "Initial Launch Only", "Shortcuts Only" and "Initial Launch and Shortcuts".

          • Job Mode - Check this box to provide the /jobmode command line switch.

          • Configuration File - Check this box to provide the /configurationfile command line switch. NOTE: This setting is not recommended for Console users.

          • Password Vault - Check this box to cause the Password Vault to open on launch.

        • Merge existing administrative registry settings on upgrade - Enabling this option will backup any settings in HKLM on the endpoint and restore them after the upgrade. If a setting is specified in both HKLM as well as the .reg file of the msi, the value in the .reg file of the msi will be used.

        • Additional Files - Additional files can be added to the location of IdentityFinder.exe. The only file that affects the application is "activation.txt" which is not needed for UW-Madison clients. For more information on additional files, please see: Activation Information.

      8. Click on the "Build MSI" button in the bottom right corner of the window. When the installer has finished building, "Finished!" will appear next to this button.

      IdentityFinderMSIBuilder Settings Used By IT Security

      Below are screenshots of the settings used by IT Security when creating custom clients for other departments:


      Default Tag Syntax

      It is possible to specify additional tagging parameters for nested default tags, as well as define multiple default tags.

      • Nested tags - To use a nested tag as a default tag, enter the tag names in the form parentTag->childTag. Spacing around the arrow (->) symbol is ignored.

      • Multiple default tags - To add an endpoint to multiple tags by default, enter the tag names in the form firstTag||secondTag. Spacing around the vertical bars (||) is ignored.
      Examples:
      • Single nested tag:
        "defaultTag"="DoIT->ITSecurity"
      • Two top-level tags:
        "defaultTag"="CompSci || DoIT"
      • One nested tag and one top-level tag:
        "defaultTag"="DoIT->ITSecurity || CompSci"




  • Creating a custom Spirion installer for Mac (OS X 10.7 & LATER)
      1. Obtaining the Installation Files - You will need to obtain the following files to create a custom installer:

        • IdentityFinderPackageBuilder.zip - NOTE: This file will be available on Box if you cannot download it directly from Identity Finder.

        • IdentityFinderMacSetup.dmg - NOTE: This file will be named IdentityFinderMacSetup-XXXX.dmg on Box, where "XXXX" indicates the specific version of the installer package. 

        • Identityfinder.lic which is available on Box.

        • com.identityfinder.macedition.xml which is available on Box.

        • ca.pem file which is available on Box.

      2. Modifying the Identity Finder xml file

        • Open the com.identityfinder.macedition.xml file in a text editor.
        • Locate the following lines towards the bottom of the file:
          <Category name="Endpoint Service">
          <Setting Multi="false" Name="defaultTag" Type="String">
          <Value></Value>
          </Setting>
          </Category>

        • Insert the name of the Simple Tag provided to you in the "Welcome to Identity Finder" email in between the two Value tags. For advanced default tagging options, see Default Tag Syntax.

        • Save, making sure the file is saved as an XML file.

      3. Installing the Package Builder

        • Extract the identityfinderclientcustomPKGBuilder.zip to a temporary location.

        • Drag the Identify Finder Client Custom PKG Builder app icon into the Applications folder to install the application.

        • Launch the application from the Applications folder.

      4. Using the Package Builder, do the following:

        • Source dmg: select the most recent SpirionMacSetup-XXXX.dmg file (downloaded from Box).

        • Output location: select the file path for where you’d like the new Package to be installed.

        • License File: select the .lic file (downloaded from Box).

        • XML Settings file: Select the custom XML settings file edited in step 2.

        • Certificate file: Select the ca.pem file (downloaded from Box).

        • Check Boxes: Only check “Install Endpoint Service”, do not check “Use existing certificate from System Keychain” or “Copy Certificate File to System Keychain.”

        • Signing ID: Leave this blank.

        • Build Installer: Select the “Build Installer” button to build the installer.

      5. Extracting the PKG

        • Navigate to the file path selected for the “Output location” and unzip the zip file that was created.

        • The Installer PKG file will be within the unzipped folder, ready for use.

      Testing The Package

      Testing of the client should be done before deployment, and at a minimum you should verify that the following files are being installed to their correct locations. They are:

      • ~/Applications/Spirion.app
      • /Library/Application Support/Identity Finder/identityfinder.lic
      • /Library/Application Support/Identity Finder/ca.pem
      • /Library/Application Support/Identity Finder/EndpointService
      • /Library/Preferences/com.identityfinder.macedition.xml
      • /Library/Launch Daemons/com.identityfinder.launchdaemon.plist

      Installation log output is appended to the file /var/log/install.log and is often helpful for troubleshooting installation failures.

      Default Tag Syntax

      It is possible to specify additional tagging parameters for nested default tags, as well as define multiple default tags.

      • Nested tags - To use a nested tag as a default tag, enter the tag names in the form parentTag->childTag. Spacing around the arrow (->) symbol is ignored.
      • Multiple default tags - To add an endpoint to multiple tags by default, enter the tag names in the form firstTag||secondTag. Spacing around the vertical bars (||) is ignored.
      Examples:
      • Single nested tag:
        "defaultTag"="DoIT->ITSecurity"
      • Two top-level tags:
        "defaultTag"="CompSci || DoIT"
      • One nested tag and one top-level tag:
        "defaultTag"="DoIT->ITSecurity || CompSci"





Keywords:"identity finder" identity finder windows installer custom client console doit   Doc ID:43538
Owner:Oakes D.Group:Office of Cybersecurity
Created:2014-09-15 10:56 CSTUpdated:2019-05-28 10:00 CST
Sites:DoIT Help Desk, Office of Cybersecurity
Feedback:  0   1