Previous Topic: Install SilentlyNext Topic: Upgrade a Windows Endpoint


setup Command—Install CA ControlMinder for Windows

Use the setup command to install CA ControlMinder for Windows with preset custom defaults or when performing a silent installation.

Note: For more information about the command line syntax, see the Windows Installer SDK documentation that is available at the Microsoft Developer Network Library.

This command has the following format:

setup [/s] [/L] [/v"<insert_params_here>"]
/s

Hides the setup initialization dialog.

/L

Defines the CA ControlMinder installation language.

Note: For more information about the CA ControlMinder installation languages that are supported in this release, see the Release Notes.

/v "<insert_params_here>"

Defines the parameters to pass to the installation program.

Note: All parameters must be placed within the quotes ("").

The following parameters are passed to the installation program through the /v parameter:

/l[mask] log_file

Defines the full path and name of the installation log file. Use the mask *v to log all available information.

/forcerestart

Specifies to force the computer to restart after the installation is complete if the installer requires a reboot.

/norestart

Specifies not to restart the computer after the installation is complete.

/qn

Specifies a silent installation, with the /s option.

Important! Use the COMMAND parameter to execute a silent installation.

AC_API={1 | 0}

Specifies whether to install SDK libraries and samples (1).

Default: 0 (not installed).

ADMIN_USERS_LIST=\"users\"

Defines a space-separated list of users with administrative access to the CA ControlMinder database.

Default: User performing the installation.

Important! Do not define the NT Authority\System user in the list. Define a local administrative user account.

ADV_POLICY_MNGT_CLIENT={1 | 0}

Configures the local computer for advanced policy management (1).

Default: 1

If this option is set to 1, specify the following:

  • APMS_HOST_NAME=\"name\"

    Defines the name of the server where the advanced policy management components are installed.

COMMAND=keyword

Defines the command required for accepting the license agreement and silently installing the CA ControlMinder. The actual keyword is found at the bottom of the license agreement that is available when running the graphical installation program.

Default: none

DIST_SERVER_NAME=\"name\"

Defines the fully qualified name of the Distribution Server host that the SAM Agent and Report Agent communicate with (for example, test.company.com).

Default: none

DIST_SERVER_PORT=\"port\"

Defines the port number that the SAM Agent and Report Agent use for communication with the Distribution Server.

Default: 7243

DOMAIN_LIST=\"domains\"

Defines a space-separated list of your network DNS domain names for CA ControlMinder to add to host names.

Default: none

ENABLE_STOP={1 | 0}

Specifies whether the stack overflow protection (STOP) feature is enabled (1).

Default: 0 (disabled).

Note: STOP support is applicable to x86 and x64 installations only.

HOSTS_LIST=\"hosts\"

Defines a space-separated list of computers from which administrators can administer the CA ControlMinder database (CA ControlMinder terminals).

Default: The current computer.

IMPORT_NT={Y | N}

Specifies whether to support primary (enterprise) user stores. If you specify N, primary user stores are supported. If you specify Y, primary user stores are not supported and you can specify one or more of the following options to import Windows users and groups into the CA ControlMinder database:

  • IMPORT_USERS={1 | 0}

    Specifies whether to import Windows users to the database.

  • IMPORT_GROUPS={1 | 0}

    Specifies whether to import Windows groups to the database.

  • IMPORT_CONNECT_USERS={1 | 0}

    Specifies whether to add the imported users to the appropriate imported groups in the database.

  • IMPORT_CHANGE_OWNER={1 | 0} NEW_OWNER_NAME=name

    Specifies someone other than you as an owner of the imported data.

  • IMPORT_FROM_DOMAIN={1 | 0} IMPORT_DOMAIN_NAME=name

    Specifies whether to import the accessor data from the defined domain.

Note: By default, all of these options are not specified (equivalent to a value of 0).

INSTALLDIR=\"location\"

Defines the location where CA ControlMinder installs.

Default: C:\Program Files\CA\Access Control

MAINFRAME_PWD_SYNC={1 | 0}

Specifies whether the mainframe password synchronization feature is installed (1).

Default: 0 (not installed)

NEW_KEY=\"name\"

Defines the SSL key that authenticates communication between the Distribution Server and the SAM Agent and Report Agent.

PMDB_CLIENT={1 | 0}

Specifies whether the local CA ControlMinder database is subscribed to a parent Policy Model database.

Default: 0 (no)

If you specify this option and set it to 1, specify the following:

  • PMDB_PARENTS_STR=\"parents\"

    Defines a comma-separated list of parent Policy Model databases the local CA ControlMinder database is subscribed to. Specify _NO_MASTER_ as a parent PMDB to indicate that the local database accepts updates from any PMDB.

    Default: none

  • PWD_POLICY_NAME=\"name\"

    Defines the name of the password Policy Model.

    Default: none

PMDB_PARENT={1 | 0}

Specifies whether a Policy Model parent database is created. If you specify this option and set it to 1, specify the following:

  • PMDB_NAME=\"name\"

    Defines the name of the PMDB to create.

    Default: pmdb

  • PMDB_SUBSCRIBERS_STR=\"subs\"

    Defines a space-separated list of subscriber databases to which the PMDB specified with the PMDB_NAME option propagates changes to. Essentially, these are the subscriber databases for the installed PMDB parent.

PUPM_INTEGRATION={1 | 0}

Specifies whether the SAM Agent is installed (1).

Default: 0 (not installed)

If you specify this option and set it to 1, specify DIST_SERVER_NAME, DIST_SERVER_PORT, and USE_SECURE_COMM.

REPORT_AGENT={1 | 0}

Specifies whether the Report Agent is installed (1).

Default: 0 (not installed)

If you specify this option and set it to 1, specify DIST_SERVER_NAME, DIST_SERVER_PORT, USE_SECURE_COMM, and the following parameters:

  • AUDIT_ROUTING={1 | 0}

    Specifies whether the Audit Routing feature is installed (1).

    Default: 0 (not installed)

  • REPORT_DAYS_SCHEDULE=days

    Defines a comma-separated list of days on which the Report Agent runs.

    Values: Sun, Mon, Tue, Wed, Thu, Fri, Sat

    Default: none

  • REPORT_TIME_SCHEDULE={hh:mm}

    Defines the time at which the Report Agent runs on designated days (for example, 14:30).

    Limits: hh is a number in the range 0-23 and mm is a number in the range 0-59

    Default: none

TASK_DELEGATION={1 | 0}

Specifies whether the task delegation feature is enabled.

Default: 1 (enabled).

UNICENTER_INTEGRATION={1 | 0}

Specifies whether the Unicenter Integration feature is enabled (1). This feature is only available if you have Unicenter NSM installed on this computer.

Default: 0 (not enabled)

If you specify this option and set it to 1, specify the following:

  • SEND_DATA_TO_TNG={1 | 0}

    Specifies if audit data is sent to Unicenter NSM (1).

    Default: 1 (data is sent)

  • OTHER_TNG_HOST_NAME=\"name\"

    Defines the host to which the audit data is sent to.

    Default: Host name specified in Unicenter NSM

  • SUPPORT_TNG_CALENDAR= {1 | 0}

    Specifies if the Unicenter NSM calendar is supported (1).

    Default: 1 (supported)

  • TNG_REFRESH_INTERVAL=\"mm\"

    Defines the refresh interval in minutes. Verify that you also set SUPPORT_TNG_CALENDAR=1.

    Default: 10

  • UNICENTER_MIGRATION={1 | 0}

    Specifies if Unicenter security data is migrated to CA ControlMinder (1).

    Default: 1 (migrated)

USE_SECURE_COMM={1 | 0}

Specifies whether the SAM Agent and the Report Agent use secure communication (1).

Default: 0 (no)

If you specify this option and set it to 1, then specify the value of the SSL key in NEW_KEY.

USE_SSL={1 | 0}

Specifies whether to set up SSL for communication encryption.

Default: 0 (no)

If you specify this option and set it to 1, then specify the following:

  • CERT_OPTION={1 | 2}

    Specifies which certification option to use.

    Values: 1—Generate CA ControlMinder certificate; 2—Use an existing installed certificate.

    Default: 1

  • GENERATE_OPTION={1 | 2}

    Specifies how to generate the CA ControlMinder certificate. Verify that you set CERT_OPTION=1.

    Values: 1—Use default root certificate; 2—Specify root certificate.

  • SERVER_PRIV_KEY_PWD=\"password\"

    Defines the password for the private key for the generated CA ControlMinder certificate. Verify that you set CERT_OPTION=1.

  • GEN_ROOT_CERT=\"file\"

    Defines the fully qualified file name of the root certificate file (.pem). Verify that you set CERT_OPTION=1 and GENERATE_OPTION=2.

  • GEN_ROOT_PRIVATE=\"file\"

    Defines the fully qualified file name of the root private key file (.key). Verify that you set CERT_OPTION=1 and GENERATE_OPTION=2.

  • ROOT_PRIV_KEY_PWD=\"password\"

    Defines the password for the root private key. Verify that you set CERT_OPTION=1 and GENERATE_OPTION=2.

  • EXIST_ROOT_CERT=\"file\"

    Defines the fully qualified file name of the root certificate file (.pem). Verify that you set CERT_OPTION=2.

  • EXIST_SERVER_CERT=\"file\"

    Defines the fully qualified file name of the server certificate file (.pem). Verify that you set CERT_OPTION=2.

  • EXIST_PRIVATE_KEY=\"file\"

    Defines the fully qualified file name of the server private key file (.key). Verify that you set CERT_OPTION=2.

  • EXIST_PRIV_KEY_PWD=\"password\"

    Defines the password for the server private key. Verify that you set CERT_OPTION=2.

USE_SYMT_KEY={1 | 0}

Specifies whether to set up symmetric key encryption for communication. If USE_SSL=0, this parameter is set to 1.

Default: 1

If you specify this option and set it to 1, then you also specify the following:

  • ENCRYPTION_METHOD={Default | DES | 3DES | 256AES | 192AES | 128AES}

    Specifies the encryption method to use for communications.

    Default: 256AES

  • CHANGE_ENC_KEY={1 | 0}

    Specifies to change the default encryption key (1).

    Default: 1 (yes)

  • NEW_ENCRYPT_KEY=\"key\"

    Defines the encryption key if you select to change the default encryption key. Also set CHANGE_ENC_KEY=1.

Example: Use the setup Command to Set Installation Defaults

The following example sets the installation directory, defines installation log file defaults for the CA ControlMinder installation, then opens the graphical installation program.

setup.exe /s /v"INSTALLDIR="C:\Program Files\CA\Access Control" /L*v %SystemRoot%\eACInstall.log"

Examples: Use the setup Command to Specify Encryption Settings

The following examples install CA ControlMinder in silent mode with various encryption settings. In each example, the command also installs CA ControlMinder, installs the default Report Agent and Task Delegation features, enables SSL, and defines the path and name of the installation log file:

More information:

Communication Encryption