At sites that have a large number of K2 client installs to perform, manually running the client installer on each computer may be impractical. This document references some techniques, tools, and documentation that facilitates large scale deployment.
Note: deployment of the K2 client on file servers (for the purpose of auditing only) is covered in the Server Audits document.
The customization utility, k2clientconfig, is in the full image archive, in Installers/Macintosh Installers/Misc. Consult the documentation, k2clientconfig (Mac), for instructions on how to access this utility and how to set up customized installer preferences. The package can then be installed through Apple Remote Desktop.
k2clientconfig.exe is a command line utility found in the Installers\Windows Installers\Misc\ folder of the K2 image archive — or download the latest version from the Sassafras web site.
The simplest way to customize and deploy is first to customize a copy of the installer using a command line like:
k2clientconfig -s 3 -h keyserver_host K2Client.exeThen do the same thing for the 64-bit client:
k2clientconfig -s 3 -h keyserver_host K2Client-x64.exe
Then to use GPO to set up a shutdown script that calls the customized installers with the -gpo option, e.g.:
\\server\share\K2Client.exe -platform 32 -gpo \\server\share\K2Client-x64.exe -platform 64 -gpoFor details about this process, and other possible variations, read on.
The k2clientconfig.exe utility program lets you customize the Windows client installers, K2Client.exe and K2Client-x64.exe, with pre-configured KeyServer DNS name (or IP address) and other settings. Using this customized installer, computers supporting Microsoft's "MSI" installer service can be silently updated with K2 client components when logging onto the network.
The example steps below illustrate the use of k2clientconfig to create a "silent" MSI install package that can be used as a Group Policy Object or with a logon script to transparently deploy the K2 client with default settings:
k2clientconfig -s 3 -h keyserver_host K2Client.exe
Now when you launch the customized K2Client.exe on a client computer with MSI support, it will automatically use the pre-configured KeyServer host address. Further customization options for the client installers (or for the extracted MSI package) are described in the built in command line help (type k2clientconfig.exe) and also in the documentation for k2clientconfig.
In addition to pre-configuring various options for computers supporting MSI, the k2clientconfig.exe utility can also extract the stand-alone MSI install package, KSClient.msi from the K2Client.exe installer:
k2clientconfig -e K2Client.exe
Note that it is ok to change the name of a customized exe installer, but if you extract the MSI, you should NEVER change the name - it should ALWAYS be “KSClient.msi”.
This stand-alone MSI install package can be used as a "Group Policy Object" to automate client deployment. Microsoft's documentation at the following link may be helpful:
One potential problem with using the .msi instead of the .exe is that you will not be able to install a minor upgrade over an existing installation using the .msi (e.g. 220.127.116.11 followed by 18.104.22.168). Instead of simply double-clicking the msi, or running msiexec with just the /i option, you should use the command line:
msiexec /i KSClient.msi REINSTALL=ALL REINSTALLMODE=vamus
Instead of using the MSI with GPOs, it might be better to create a script that simply calls K2Client.exe, and use GPO to execute the script. That way you will get the benefit of the logic that is built into the exe, with the ease of deployment which GPO provides.
K2Client.exe Command Line Options:
You should only specify one of the first three options (-gpo, -new, -upg). The following table might help understand these options:
|no KeyAccess installed||install||install||install||install|
|older KeyAccess installed||do not install||install||install||install|
|same KeyAccess installed||do not install||do not install||do not install||install|
|newer KeyAccess installed||do not install||do not install||install||install|
Our recommendation is to always install the same bitness as the OS. While the 32 bit client will run under a 64 bit OS, it will be limited in functionality for tracking certain obscure applications. The simplest method of deployment is to customize the K2Client.exe and K2Client-x64.exe installers and then have a script run periodically. Since the script will do an install, it must run as Administrator, so it should be a startup or shutdown script. It may be simplest to use a shutdown script. The script should look something like:
\\server\share\K2Client.exe -platform 32 -gpo \\server\share\K2Client-x64.exe -platform 64 -gpo