Chat now with support
Chat with Support

InTrust 11.3.1 - Installing Agents Manually

Finding Out the Servers that an Agent Responds to

To find out which InTrust server or servers an agent responds to, log on to the computer where the agent is installed using an administrative account (Microsoft Windows computers) or the root account (Unix computers) and run one of the following commands:

adcscm.nt_intel -list

for Microsoft Windows computers

 

./adcscm -list

for Unix computers

The output should look similar to the following:

Name: 10.30.39.254

Port: 900

Name: s8050-w2k3.testorg.local

Port: 900

Name: gz.testorg.local

Port: 900

Name: 10.30.46.108

Port: 900

on Microsoft Windows computers

 

Name: 10.30.37.49

Port: 900

Name: 10.30.37.128

Port: 900

on Unix computers

Setting Up Authentication

The authentication process is two-sided (both server-side and agent-side) and based on the Secure Remote Password (SRP) protocol. In addition to authenticating clients to the server securely, the SRP exchanges a cryptographically-strong symmetric key as a byproduct of successful authentication, which enables the two parties to communicate steadily. After initial authentication is successfully performed, the authentication password will automatically be changed every week to secure communication between server and agents. The symmetric key is changed every hour.

For manually installed agents, you first have to specify the password on the server. By default, this is the organization password you specified during setup. The authentication mechanism will use this password only when establishing connection for the first time; then this password will be changed regularly.

If you want to use a password other than the default, take the following steps:

  1. In Quest InTrust Manager | Configuration | Servers, right-click the server name and select Properties.
  2. On the Agent tab, select Use authentication and supply a new password for initial authentication.
  3. Now provide this password to the agent. For that, on the target computer, run:

    adcscm.nt_intel -add ServerName Port Password

    for Microsoft Windows computers

    ./adcscm -add ServerName Port Password

    for Unix computers

    Replace Password with the password that you specified in Step 2.

Setting Up Encryption

You can select to encrypt data communicated between the agent and the server (encryption uses 3DES with a 168-bit key). By default, encryption is enabled.

To enable or disable encryption manually

  1. In Quest InTrust Manager | Configuration | Servers, right-click the server name and select Properties.
  2. On the Agent tab, select or clear the Use encryption check box.
  3. Click Apply and close the dialog box.

Registering an Agent Alias on the Server

After the connection is established, you can register the agent access name (alias) that the server will use to communicate with the agent. On the computer where the agent is installed, run:

adcscm.nt_intel -register ServerName Port Alias

for Microsoft Windows computers

./adcscm -register ServerName Port Alias

for Unix computers

Replace Alias with the agent name to be used by the server for communication with the agent.

Note: Agent names must be unique within the scope of an InTrust server.

If you want to change the alias, first run the following command on the computer where the agent resides:

adcscm.nt_intel -unregister ServerName Port Alias

for Microsoft Windows computers

./adcscm -unregister ServerName Port Alias

for Unix computers where Alias is the current agent name, and then register the new name as described above.

You can view agent names and aliases in an agent's properties dialog box in InTrust Manager.

Related Documents