STLink Client Management

Deploying STLink Entrypoints on client machines can be a cumbersome task. Each Entrypoint requires a unique activation code　during initial installation.

The Xiid Enterprise Management Executable allows you to bulk-create Entrypoints for all machines within a specified Security Group and automatically add their STLink Activation Codes to a provided Active Directory Attribute, which can be consumed by the XiidEnterpriseManagement.ps1 Powershell script to automatically install the STLink software on all client machines.

Prerequisites

The following prerequisites must be satisfied prior to using the Xiid Enterprise Management Executable.

Xiid IM Agent installed on, or adjacent to, your Domain Controller.
SealedTunnel activated in the Agent Configuration Portal

Active Directory Configuration

There are three ways in which the Active Directory must be configured for the Enterprise Management executable:

AD Computers must be in a Security Group
AD Attribute for STLink Activation Code identified
Service Account for AD interactions created

AD Computer Security Group

TIP

STLink only works with AD Computers (not AD Users) as the STLink is machine-level software. Any other objects besides AD Computers in the Security Group will be ignored.

The first task is to configure a Security Group for all client computers that you intend to set up Entrypoints for.

If you already have all Active Directory Computers included in a Security Group, move on to the next step.

Open Active Directory Users and Computers on the Domain Controller.
Right click a Container or an Organizational Unit (OU) and under New select Group.
Ensure that the Group Type is set to Security and provide a Group Name.
Click OK to create the Security Group.

Next, add the relevant computers to the new Security Group.

Right-click the new Security Group and select Properties.
Click the Members tab and click the Add button to add the relevant AD Computers to the group.

Identify AD Attribute

The second task is to identify an AD Attribute that can be used to store the STLink Activation Code.

The STLink Activation Code is a unique code provided to each STLink during the installation phase and is used to discern STLink-enabled machines from one another.

Open Active Directory Users and Computers on the Domain Controller.
Click the View tab at the top and check on Advanced Features.
Right-click an AD Computer object and select Properties.
Select the Attribute Editor tab at the top of the Properties dialog box and scroll through the attributes.
Identify an attribute that is unused by your organization and has a String datatype.
- You can tell if an attribute uses the String type by double-clicking the attribute and checking if it says "String Attribute Editor" in the opened dialog.

Ensure that you keep track of the exact name of the attribute, including case sensitivity. The attribute name will be used by the Xiid Enterprise Management Executable.

Create AD Service Account

The third step is to create a service account that will be used to update the directory attribute with the STLink activation code.

The service account can exist inside any Container or OU within the directory's domain.

The service account must have Domain Admin privileges in order to update attributes.

Keep track of the username and password of the service account to use with the Xiid Enterprise Management Executable.

Xiid Enterprise Management Executable

The Xiid Enterprise Management Executable is used to dynamically create STLink Entrypoints for all client computers within a security group on a domain. The Entrypoints will be named after the Common Name designated to the Computer in Active Directory Users and Computers.

Download the Enterprise Management Tool

Obtain the Enterprise Management Tool from Xiid. The Enterprise Management Tool is only available for Windows and for Active Directory.

Using the Enterprise Management Tool

After downloading the tool, open an Administrative Command Prompt and navigate to the folder where you placed the Enterprise Management Tool.

You can run the executable with the -h flag for full information on the command line arguments available for the program.

Run the command with the following command line arguments provided:

Windows x86

batch

Enterprise_Management.exe -u {im_user} -p {im_pass} -g {ad_security_group} -a {ad_attribute} -l {ldap_server} -o {ad_user} -f {ad_pass}`

substituting the bracketed text with the actual data.

The Command Line arguments are:

Flag	Required/Optional	Description
`-u` or `--username`	Required	The admin username for the Agent Configuration Portal (`localhost:10458`)
`-p` or `--password`	Required	The admin password for the Agent Configuration Portal (`localhost:10458`)
`-g` or `--group`	Required	The Active Directory Security Group containing the computers to add Entrypoints for
`-a` or `--attribute`	Required	The Active Directory Attribute used to store the STLink Activation Code. The Attribute must already exist
`-l` or `--ldapserver`	Required	The LDAP Server domain name for the Active Directory Domain Services, e.g. `example.com`
`-o` or `--aduser`	Required	The Active Directory account username used to query the directory and update attributes
`-f` or `--adpass`	Required	The Active Directory account password used to query the directory and update attributes

Note: The Active Directory account used in the --aduser parameter above must have Domain Admin privileges.

After running the command, you should the STLink Entrypoints available in the Agent Configuration Portal and the Active Directory attribute provided in the command should have been updated with the STLink Activation Codes for all Computers within the provided Security Group.

STLink Client Management ​

Prerequisites ​

Active Directory Configuration ​

AD Computer Security Group ​

Identify AD Attribute ​

Create AD Service Account ​

Xiid Enterprise Management Executable ​

Download the Enterprise Management Tool ​

Using the Enterprise Management Tool ​