Write-Host "Starting DSA Scripts..." cd "C:\Program Files\Trend Micro\Deep Security Agent" cmd /c "dsa_control.cmd -r" Write-Host "Waiting for 30 seconds before attempting to activate agent..." sleep 30 cmd /c "dsa_control -a dsm://<IP or FQDN of the DSM Server>:4120" Write-Host "Waiting for 10 seconds before attempting heartbeat to manager.." sleep 10 cmd /c "dsa_control.cmd -m" Write-Host "Completed..." Write-Host "Setting Powershell execution policy to Restricted..." Set-ExecutionPolicy Restricted

Activating non-persistent Deep Security Agent via Task Scheduler and PowerShell

Product / Version includes:

Deep Security20.0

Last updated:

Solution ID: KA-0016960

Category: Configure

Summary

Virtual Desktop Infrastructure (VDI) Golden Image is configured with Deep Security Agent (DSA) already been installed but not yet activated. This article explains how to use a combination of Windows PowerShell and Windows Task Scheduler to automatically activate non-persistent VDIs.

Prerequisites

In the VDI golden image of PowerShell, make sure the Set-ExecutionPolicy is set to "RemoteSigned" to allow the script execution.
Set up the Deep Security Manager (DSM) to allow re-activation from known computers.
1. On the DSM console, navigate to Administration > System Settings.
2. Click the Agents tab.
3. Tick Allow Agent-Initiated Activation checkbox and select For Any Computers radio button.
4. Enable Allow Agent to specify hostname checkbox.
5. For the section If a computer with the same name already exists, choose Re-activate the existing computer.
6. Tick Allow re-activation of cloned VMs checkbox.

Create a PowerShell file (.ps1) and input the following. Make sure to edit the DSM location accordingly.

Write-Host "Starting DSA Scripts..."
cd "C:\Program Files\Trend Micro\Deep Security Agent"
cmd /c "dsa_control.cmd -r"
Write-Host "Waiting for 30 seconds before attempting to activate agent..."
sleep 30
cmd /c "dsa_control -a dsm://<IP or FQDN of the DSM Server>:4120"
Write-Host "Waiting for 10 seconds before attempting heartbeat to manager.."
sleep 10
cmd /c "dsa_control.cmd -m"
Write-Host "Completed..."
Write-Host "Setting Powershell execution policy to Restricted..."
Set-ExecutionPolicy Restricted

If the golden image's PowerShell settings Set-ExecutionPolicy is already configured to RemoteSigned by default in the client's environment, just delete the last two lines of the PowerShell script to avoid restricting the Set-ExecutionPolicy before saving the file.

Procedure

Go to the Control Panel.
Open the Windows Task Scheduler and go to Administrative section.
On the Task Scheduler window, highlight the Task Scheduler Library and create a new task by doing either of the following:
- On the top menu, click Actions > Create Task…
- On the left section, right-click Task Schedule Library and select Create Task…
On the Create Task window under the General tab, label the DSA activation task accordingly and enable the following options:
- Run whether the user is logged in or not
- Run with highest privileges
Under the Trigger tab, set a trigger At startup.
Select the Actions tab and click New...
On the New Action window, set the following:
Action: Start a Program
Settings
Program/Script: powershell.exe
Add arguments (optional): -f "<full path of the PowerShell .ps1 file location>"

"-f" means file.
Click OK. When the new VDIs are generated from the golden image, the start-process should automatically execute the PowerShell script to activate the agent protection.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Activating non-persistent Deep Security Agent via Task Scheduler and PowerShell

Activating non-persistent Deep Security Agent via Task Scheduler and PowerShell

Product / Version includes:

Summary