MSI arguments
Several arguments can be used when using the .MSI installer either as a Logon script or Installation task.
Launch the .MSI installer to see all available arguments with an explanation and examples.
To install or remove ESA components without a Domain Admin user, use NO_DOMAIN_ADMIN_MODE=1. Then check the installation logs for further instructions marked as "Manual configuration needed".
Examples when deploying ESA components via ESET PROTECT
Partial list of ESA .MSI arguments
To specify ESA components to be installed, the ADDLOCAL argument is used. Possible values include the following:
•Core_Service - Authentication Server
•Reports_Elasticsearch - Reporting Engine (Elasticsearch)
•Win_Credential_Provider - Windows Login
•Radius_Server - RADIUS Server for VPN Protection
•Credential_Provider - Remote Desktop
•Web_Exchange - Microsoft Exchange Server
•Web_SharePoint - Microsoft SharePoint Server
•Web_RemoteDesktop - Remote Desktop Web Access
•Web_Dynamics - Microsoft Dynamics CRM
•Web_RemoteAccess - Remote Web Access
•ADFS3 - AD FS 3 or later
•Identity_Provider_Connector - Identity Provider Connector
To install more features, separate them by comma, for example:
ADDLOCAL="Credential_Provider,Win_Credential_Provider"
To specify a deployment type, the ESA_COMPUTER_CONFIG_INTEGRATION_MODE argument is used. Possible values include the following:
•1 = Active Directory Integration (default value)
•2 = Standalone
If value number 2 is used, the following arguments must be configured also, unless you are installing ESA components on the same machine where the Authentication Server is installed:
•ESA_COMPUTER_CONFIG_AUTHENTICATION_SERVER_ADDRESS - IP address of Authentication Server to be used in invitations.
•ESA_COMPUTER_CONFIG_AUTHENTICATION_SERVER_ACCESS - invitation code.
•TRUSTED_CERT_HASH - hash of trusted Certificate to be added to certificate store.
To set an initial username and password for the ESA Web Console when installing the Authentication Server (Core_service), use:
•ESA_CONFIG_WEB_CONSOLE_USER
•ESA_CONFIG_WEB_CONSOLE_PASSWORD
Core_Service (Authentication Server) advanced configuration arguments:
•ESA_CONFIG_DB_TYPE (database type, Standalone mode only, use "sqlite", "postgresql", or "mssql")
•ESA_CONFIG_DB_CONNECTION_STRING (database connection string, Standalone mode only)
•ESA_CONFIG_PROXY_ENABLED (use value true to enable custom HTTP proxy settings)
•ESA_CONFIG_PROXY_SERVER (leave blank to not use proxy)
•ESA_CONFIG_PROXY_PORT
•ESA_CONFIG_PROXY_USER
•ESA_CONFIG_PROXY_PASSWORD
To set a custom RADIUS port, use ESA_CONFIG_RADIUS_PORT.
For complete removal of the ESA Authentication Server, including configuration data, use AUTHENTICATION_SERVER_CLEAN_DATA=1.
Examples of using ESA .MSI arguments when deploying ESA components through ESET PROTECT
Example - Install Windows Login and Remote Desktop (Standalone mode)
ADDLOCAL="Win_Credential_Provider,Credential_Provider" ESA_COMPUTER_CONFIG_INTEGRATION_MODE=2 ESA_COMPUTER_CONFIG_AUTHENTICATION_SERVER_ADDRESS=192.168.0.15:8001 ESA_COMPUTER_CONFIG_AUTHENTICATION_SERVER_ACCESS=DKNO-XESE-WXUA-QNXW-JAEI TRUSTED_CERT_HASH=2CD61594DDE3E63E6BEBB9BF3DC95B85550FD5D8 EULA_ACCEPTED=1 |
Example - Install Windows Login and Remote Desktop as a no domain admin user (Active Directory Integration mode)
ADDLOCAL="Win_Credential_Provider,Credential_Provider" NO_DOMAIN_ADMIN_MODE=1 |
Do not forget to add the computer(s) to EsaServices manually.