Follow

How can I Implement AuthAnvil Management Pack for LabTech?

Note: This integration is no longer supported or maintained by the AuthAnvil team. Please use at your own discretion. For assistance from Labtech please contact their support via https://support.labtechsoftware.com/#/

Note: This integration was designed to work with LabTech 2012.

Installing The AuthAnvil Management Pack For LabTech

  1. Download the AuthAnvil Management Pack for LabTech from the Scorpion Software website and unzip it.
  2. Download the AuthAnvil Logon MSI Kit from here. Unzip it and copy the MSI files to the “AuthAnvilManagementPack” directory of the AuthAnvil Management Pack, and copy LogonINIBuilder.exe to the “Management Tools” directory.
  3. Copy the AuthAnvil Management Pack folder to the LabTech “Transfer” folder. (Located by default at C:\LTShare\Transfer).
  4. Import all of the scripts in the “AuthAnvil Scripts” folder into LabTech by clicking on Tools -> Import -> LabTech XML Expansion and importing each script. Set the scripts to inherit permissions from an appropriate script. The scripts will create their own folder structure, similar to:



Deploying AuthAnvil Windows Logon Agents

Purpose: This script checks for prerequisites for the AuthAnvil Windows Logon Agent, installs them (both 32 and 64 bit), and installs either the AuthAnvil Windows Logon Agent (Windows XP/Server 2003) or the AuthAnvil Windows Credential Provider (Windows Vista/Server 2008/7/Server 2012/Server 2012 Essentials).

  1. As the AuthAnvil MSI packages are not designed to use the standard silent mode installation options, you need to create a special INI file that the MSI will read during installation. This INI file must be copied to the LabTech Server’s Transfer directory before the script is scheduled.To build this INI file, you can use the LogonINIBuilder.exe, which is located in the “Management Tools” directory of the
    management pack.

    Once you have configured the settings for the INI file, press the Create File button to create the ini file.
    Note: If you do not have a secondary AuthAnvil server configured for redundancy, set the secondary SAS URL to be the same as the first server.
  2. Copy the aalogon.ini file that the tool generates to the “AuthAnvil Management Pack” folder in the the LabTech “Transfer” folder. (Located by default at C:\LTShare\Transfer)
  3. Right click on the Client, Location, Computer or Group that you want to deploy AuthAnvil Agents to using these settings, and navigate to Scripts -> AuthAnvil Management Pack -> Deploy Windows logon Agent, and click.
  4. LabTech will deploy the agents for you. Any errors during deployment can be found in the device’s history. NOTE: You can only deploy using one aalogon.ini file at a time. Each group of computers that needs different AuthAnvil settings must be deployed to separately.

 

Managing AuthAnvil Windows Logon Agent settings

Purpose: The AuthAnvil agent settings are registry keys that can be edited by LabTech. This makes it easy to use a script to push out updated settings to a bunch of machines at once, or to change settings back by forcing a scheduled refresh.

Script-specific Information

Set AuthAnvil SAS: This script allows the user to set the AuthAnvil SAS used by the Windows Logon Agent. If you are not using redundant AuthAnvil servers, the primary and secondary SAS should be set to the same values.

Variables:

  • PrimarySAS: The fully-qualified URL of the AuthAnvil SAS service. Default value: http://localhost/AuthAnvil/SAS.asmx
  • PrimarySiteID: The SiteID associated with the Primary AuthAnvil site that the user is logging in to. Default Value: 1
  • SecondarySAS: The fully-qualified URL of the AuthAnvil SAS service to try is the primary service is not available. Default value: http://localhost/AuthAnvil/SAS.asmx
  • SecondarySiteID: The SiteID associated with the Secondary AuthAnvil site that the user is logging in to. Default Value: 1

Set Override Password: This script will write the desired override password to the specified machines. The override password is stored as a hash and must first be generated by running CreateOverridePassword.exe in the Management Tools folder. Usage: CreateOverridePassword.exe -g:<password> This will generate a hash and write it out to the console.

Variables:

  • OverridePassword: The hashed value of the Override Password. Generated by CreateOverridePassword.exe
    Default Value: [Enter Hash Value Here]

Set Override Group: This script allows you to set the AuthAnvilOverride group used by a machine.

Variables:

  • OverrideGroup: The Override Group that you would like to apply to the specified machines. Default Value: AuthAnvilOverride

Enable Cached Credentials: This script enables cached credentials for the AuthAnvil Windows Logon Agent.

Variables: None. Just needs to be run.

Disable Cached Credentials: This script disables cached credentials for the AuthAnvil Windows Logon Agent.

Variables: None. Just needs to be run.


General Steps for All Scripts

  1. Log in to the LabTech Management Console, expand, “Scripts”, then “AuthAnvil Management Pack”.
  2. Double-click on one of the settings scripts.
  3. Double-click on the variable that you want to edit.
  4. Replace the parameter with the parameter appropriate to your system.
  5. Click “Save Step”.
  6. Repeat steps 3 – 5 to edit any other parameters that you need to edit.
  7. Click Save.
  8. Schedule the script to run on your target machine, location, client or group by right clicking on the target, navigating to your chosen script and clicking.
  9. Choose your schedule options and click “Create.”

Monitoring against tampering with the AuthAnvil Logon Agents

Purpose: The Windows Logon Agent Tamper Check script checks all of the settings used by the Windows Logon Agent and Credential Provider, and checks for the existence of the Windows Logon Agent and Credential Provider core files and registry settings to make sure that they have not been tampered with.

NOTE: If the Windows Logon Agent is not installed, this script will report that the agent has been removed, and that all of the settings are wrong.

  1. Log in to the LabTech Management Console, expand, “Scripts”, then “AuthAnvil Management Pack”.
  2. Double-click on the “Windows Logon Agent Tamper Check” script.
  3. Double-click on the variable that you want to edit.
  4. Replace the parameter with the parameter appropriate to your system.
  5. Click “Save Step”.
  6. Repeat steps 3 – 5 to edit any other parameters that you need to edit.
  7. Click Save.
  8. Schedule the script to run on your target machine, location, client or group by right clicking on the target, navigating to your chosen script and clicking.
  9. Choose your schedule options and click “Create.”

Monitoring AuthAnvil Services

An AuthAnvil server depends on 3 services, the AuthAnvil Licensing Manager (LicensingManagerService), the World Wide Web Publishing Service (W3SVC), and the SQL Server Service for the SQL Server that hosts the AuthAnvil Database (MSSQL$SQLEXPRESS or similar). Any of these services can be monitored by setting up a LabTech monitor on the AuthAnvil server.

  1. Navigate to the computer and expand it, right-click on “Monitors”, go to “Monitors”, and click on “Add New Monitor”.
  2. Click “Yes” to go through the wizard.
  3. Click “Monitor Services and Processes” and click “Next”.
  4. Choose the Service Name and click “Next”.
  5. Select where you would like to run the Monitor and click “Next”.
  6. Select how often you want the monitor to run and click “Next”.
  7. Select your contact settings and click “Next”.
  8. Set your alert message and click “Next”.
  9. Give the monitor a name and click “Finish”.

Monitoring AuthAnvil Agent Event Logs

The AuthAnvil Windows Logon Agent and Credential Provider 3.5 and later write a series of status messages to the Application event log when a user logs on under certain conditions, such as if the user is a member of the AuthAnvil Override Group, or if they log on using the Override Password. LabTech Event Log Monitors can be configured to watch for these events and report to an administrator.

Windows Logon Agent Events:

Event Source Event ID Event Type Quick Description
aalogon 1 Info User successfully logged on with an AuthAnvil credential. (Only reported if Cached Credentials are enabled)
aalogon 2 Info User successfully logged on with a cached AuthAnvil credential. (Only reported if Cached Credentials are enabled)
aalogon 3 Error User provided an invalid AuthAnvil Credential.
aalogon 4 Warning There are fewer then 3 cached AuthAnvil passcodes left for the current user. (Only reported if Cached Credentials are enabled)
aalogon 5 Warning The user logged on using the Override Password.
aalogon 6 Error User provided an invalid Windows Credential.
aalogon 7 Warning The user who just logged on is a member of the Override Group.

Credential Provider Events:

Event Source Event ID Event Type Quick Description
AAWinLogonCP 1 Info User successfully logged on with an AuthAnvil credential. (Only reported if Cached Credentials are enabled)
AAWinLogonCP 2 Info User successfully logged on with a cached AuthAnvil credential. (Only reported if Cached Credentials are enabled)
AAWinLogonCP 3 Error User provided an invalid AuthAnvil Credential.
AAWinLogonCP 4 Warning There are fewer then 3 cached AuthAnvil passcodes left for the current user. (Only reported if Cached Credentials are enabled)
AAWinLogonCP 5 Warning The user logged on using the Override Password.
AAWinLogonCP 6 Error User provided an invalid Windows Credential.
AAWinLogonCP 7 Warning The user who just logged on is a member of the Override Group.

You can configure an event log monitor by completing the following steps:

  1. Navigate to the computer and expand it, right-click on “Monitors”, go to “Monitors”, and click on “Add New Monitor”.
  2. Click “Yes” to go through the wizard.
  3. Select “Monitor Event Logs” and click “Next”.
  4. Select the appropriate settings for the event that you want to monitor and click “Next”.
  5. Select where you would like to run the Monitor and click “Next”.
  6. Select how often you would like to run the monitor and click “Next.”
  7. Select your contact settings and click “Next”.
  8. Set your alert message and click “Next”.
  9. Give the monitor a name and click “Finish”.

Monitoring Changes To The AuthAnvil Override Group

You can use a LabTech Monitor to monitor for changes to the membership of the AuthAnvil Override group by monitoring for certain events in the security log. To use this functionality, security auditing must be turned on. A screencast on configuring security auditing can be found at: http://silverstr.ufies.org/AccountAuditing/AccountAuditing.htm. These event monitors should be applied to the domain controller in a domain environment, or to every machine that has an AuthAnvil Override Group in a workgroup environment.

Windows Server 2003:

Event Source Event ID Event Type Quick Description
Security 632 Success Audit Global Group Member Added
Security 633 Success Audit Global Group Member Removed
Security 636 Success Audit Local Group Member Added
Security 637 Success Audit Local Group Member Removed
Security 660 Success Audit Universal Group Member Added
Security 661 Success Audit Universal Group Member Removed

Windows Server 2008 and later:

Event Source Event ID Event Type Quick Description
Microsoft Windows security auditing. 4728 Success Audit Global Group Member Added
Microsoft Windows security auditing. 4729 Success Audit Global Group Member Removed
Microsoft Windows security auditing. 4732 Success Audit Local Group Member Added
Microsoft Windows security auditing. 4733 Success Audit Local Group Member Removed
Microsoft Windows security auditing. 4756 Success Audit Universal Group Member Added
Microsoft Windows security auditing. 4757 Success Audit Universal Group Member Removed

You can configure an event log monitor by completing the following steps:

  1. Navigate to the computer and expand it, right-click on “Monitors”, go to “Monitors”, and click on “Add New Monitor”.
  2. Click “Yes” to go through the wizard.
  3. Select “Monitor Event Logs” and click “Next”.
  4. Select the appropriate settings for the event that you want to monitor and click “Next”. NOTE: Put the name of your AuthAnvil Override Group in the event message field.
  5. Select where you would like to run the Monitor and click “Next”.
  6. Select how often you would like to run the monitor and click “Next.”
  7. Select your contact settings and click “Next”.
  8. Set your alert message and click “Next”.
  9. Give the monitor a name and click “Finish”.

 

 

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk