Synopsis
This step-by-step document will describe how to deploy the provided EvoCredentialProviderSetup.msi via a VBScript. The script can be used to deploy the installation at user logon or remotely using any RMM tool such as PDQDeploy, SCCM, etc.
Requirement
- Download the latest Evo Credential Provider agent from HERE, and save it to a network share.
- Network Share accessible by all users and workstations with read-only permissions set.
Steps
- Log on as domain administrator to the file server where the network share resides.
- Locate the shared network folder or create one.
- Verify your network share folder has the proper network share permissions for the Everyone group.
- Note: A hidden share can also be used. Append a $ at end of the Share name to hide it.
- Note: A hidden share can also be used. Append a $ at end of the Share name to hide it.
- Create a folder named Evo in the network share.
- Right-click the Evo folder and select Properties.
- On the Share Properties page, click on the Security tab and click on Edit.
- On the Permissions for Shares page, click on Add.
- On the Select Users, Computers, Service Accounts, or Groups dialog box, type in Domain Users and click OK.
- Set permissions for Domain Users to Read & execute, List folder contents, and Read.
- Once again, on the Permissions for Shares page, click on Add.
- On the Select Users, Computers, Service Accounts, or Groups dialog box, click on Object Types…
- On the Object Types page, select Computers and then click OK.
- On the Select Users, Computers, Service Accounts, or Groups dialog box, type in Domain Computers and click OK.
- Set permissions for Domain Computers to Read & execute, List folder contents, and Read. Then click OK twice.
- Copy the EvoCredentialProviderSetup.msi file to the Evo folder in the network share.
- Open a text editor like Notepad or Notepad++. Then, copy and paste the script below into Notepad++ and modify the variables to suit your environment.
- Save the script to your network share.
- Test script.
VBScript
The script variables MUST be modified for your environment.
''''''''''''''''''''''''''''''''''''''''
' Description: This script is used to
' silently install EvoCredentialProviderSetup.msi
'
' Author: Evo Security
'
'''''''''''''''''''''''''''''''''''''''''
' Declare Variables - Change these for your environment. The values provided are examples only!
Dim MSIobj, MSIfile, EvoDirectory, EnvUrl, FailSafeUser, CredMode, ApiKey, SoleProvider, MFATimeOut, DebugParams
'
' Enter the full UNC path to the network share
MSIfile = "\\servername.your.ADdomain\ShareName$\Evo\EvoCredentialProviderSetup.msi"
' Enter your Evo Directory name
EvoDirectory = "your_evo_directory"
' Enter your Environment URL provided by Evo Security
EnvUrl = "https://changeme.evosecurity.com"
' Enter your failsafeuser. Can be a domain user: "your.ADdomain\username" OR a local user "WORKGROUP\username or just a user "username"
FailSafeUser = "username"
' Enter your credential mode. 10 = Elevated Login, 90 = Secure Login, 100 = Secure + ElevatedLogin
CredMode = 100
' Enter your Secret/API key provided by Evo Security if using Elevated Login or Secure + ElevatedLogin
ApiKey = "abc123"
' Enter the Access Token provided by Evo Security
AccessToken = "youraccesstoken"
' Uncomment the following line to make Evo Credential Provider the sole credential provider on the system. It enforces login through Evo 2FA
'SoleProvider = True
' Change the following value to set an MFA grace period
MFATimeOut = 0 ' good values are from 0-1440 minutes, 0 means no grace period, 240 = 4 hours
' Uncomment following line to only display message box showing InstallerParams for debugging
' DebugParams = True
'''''''''''''''''''''''''''''''''''''''''
' Do not modify after this line
'''''''''''''''''''''''''''''''''''''''''
Dim InstallerParams
InstallerParams = "ACTION=ADMIN" & " DOMAIN=" & EvoDirectory & " ENVIRONMENTURL=" & EnvUrl & " ACCESSTOKEN=" & AccessToken & FAILSAFEUSER=" & FailSafeUser & " CREDENTIAL_MODE=" & CredMode & " MFATIMEOUT=" & MFATimeOut
If (CredMode = 100) OR (CredMode = 10) Then
InstallerParams = InstallerParams & " APIKEY=" & ApiKey
End If
If SoleProvider = True Then
InstallerParams = InstallerParams & " SOLEPROVIDER=1"
End If
If DebugParams Then
WScript.Echo InstallerParams
Else
Set MSIobj = CreateObject("WindowsInstaller.installer")
MSIobj.UILevel = 2 ' 2 is silent, 3 has a slight prompt
MSIobj.InstallProduct MSIfile, InstallerParams
End If
Conclusion
This concludes the setup guide. Please proceed to test the VBScript by deploying it to a test group of users and computers via your RMM tool of choice. It can also be used to deploy via GPO user logon script.