Gatekeeper Script-based Installation
To get started with Specops Authentication, you will need to install the Gatekeeper component in your Active Directory.
The recommended installation is to download the self-extracting installer package, and complete the steps in the installation wizard, see Gatekeeper Standard Installation. Alternatively, if your organization uses Windows Server Core (without GUI), you can use the PowerShell script based installation procedure. This guide will walkthrough the script based installation procedure.
Download the Gatekeeper setup
On the Gatekeeper download page, use the Download script based installation (.zip) option. Remember to write down or save the Activation code. The code is only valid for 24 hours after creating your customer account.
- Unblock the downloaded zip file after download. From Windows Explorer, right-click the file, Properties, General tab, and click Unblock.
- Copy/extract the zip to the Gatekeeper computer’s C:\TempGatekeeper folder, or another folder you select.
Install the Gatekeeper
The script-based installation can be started from a PowerShell remote session or from the Hyper-V console.
Note
when installing using a remote session initiated with the Enter-PsSession command, it is likely that you will run into an ‘Access Denied’ error. This can be resolved by using CredSSP instead: Enter-PsSession -Authentication CredSSP. If CredSSP has not been enabled on your client and server, it can be enabled by issuing the following commands:
On the client
Enable-WSManCredSSP -Role Client -DelegateComputer server
where server designates the server’s fully qualified machine name
On the server
`Enable-WSManCredSSP -Role Server`
-
To start the installation, start PowerShell (either remotely or from the console), run Install.ps1 with the proper parameters, depending on your installation type. See example usages below:
-
Managed Service Account:
C:\TempGatekeeper\Install.ps1 -ManagedServiceAccount -ActivationCode:'12345678'Optional Parameters:
Parameter: -ScopeDn
Example: -ScopeDn:’DC=test,DC=acme,DC=org’
Notes: To restrict Gatekeeper permission to a specific organization unit, and its children in Active Directory, use the “-ScopeDn” parameter. If “-ScopeDn” is not provided, users from the entire Active Directory domain can use Specops Authentication.
Parameter: -DelegationRoot
Example: -DelegationRoot:’DC=contoso,DC=com’
Notes: The path in Active Directory under which you wish to manage Specops Authentication. The provided example is the default location. If not provided, the default will be used.
Parameter: -SettingsRoot
Example: -SettingsRoot:’CN=System,DC=contoso,DC=com’
Notes: The path in Active Directory under which you wish to store the Specops Authentication settings. The provided example is the default location. If not provided, the default will be used.
-
Domain Account: The installation script will prompt for the provided account’s password, so have it available when running the script.
C:\TempGatekeeper\Install.ps1 -DomainServiceAccount -DomainServiceAccountName:'Gatekeeper' -ActivationCode:'12345678'Optional Parameters:
Parameter: -ScopeDn
Example: -ScopeDn:’DC=test,DC=acme,DC=org’
Notes: To restrict Gatekeeper permission to a specific organization unit, and its children in Active Directory, use the “-ScopeDn” parameter. If “-ScopeDn” is not provided, users from the entire Active Directory domain can use Specops Authentication.
Parameter: -DelegationRoot
Example: -DelegationRoot:’DC=contoso,DC=com’
Notes: The path in Active Directory under which you wish to manage Specops Authentication. The provided example is the default location. If not provided, the default will be used.
Parameter: -SettingsRoot
Example: -SettingsRoot:’CN=System,DC=contoso,DC=com’
Notes: The path in Active Directory under which you wish to store the Specops Authentication settings. The provided example is the default location. If not provided, the default will be used.
-
-
Once the installation procedure is ready, start the Gatekeeper Admin Tool, and remotely connect to the Gatekeeper. The admin tool installation MSI is available in the downloaded zip file, under MSISpecopssoft.Authentication.Gatekeeper.Admin-x64.msi.