To assist with mass deployment of the LucidLink Client across a large quantity of domain joined machines you can use an MSI image. This example uses group policy, however it could be extended by using System Center Configuration Manager or any other Windows deployment tool.
- The LucidLink installer download for 32-bit and 64-bit Windows contain an MSI packages. To extract this you can use
darkas part of the Wix Toolset. To achieve this, for example, run
dark lucid-1.x.x-x.exe -x c:\temp\lucid-1.x.x-x. You can find the resulting Windows Installer packages (MSI) in the AttachedContainer folder.
- The LucidLink Client on Windows uses a filter driver by Callback Technologies. To ensure this driver installs appropriately you need to import a Trusted Publisher certificate. To acquire this certificate you could run an interactive install on a test machine and select 'Always trust software from 'Callback Technologies, Inc.''. After this the certificate for Callback Technologies will show up in the certificate store. Export this to a certificate file (.CER). Note that this prompt may not show up on newer versions of Windows. If you are unable to export the certificate you can request this from support.
- Place both the latest Windows Installer packages (MSI) and the certificate on a file share that is accessible across the domain.
- By default the MSI packages will create a LucidAppStartup shortcut, in
%programdata%\Microsoft\Windows\Start Menu\Programs\Startup. As you may wish to use login scripts to control LucidLink Client behavior, such as drive mapping, etc, it is recommended that you disable this shortcut creation, creating a seamless end-user experience. To do this use Orca, which is part of the Windows SDK. In the 'Shortcut' Table, delete the 'LucidAppStartup' row and save the package.
- To roll these out via Group Policy, open up the Group Policy Management Console and create a new Group Policy Object (GPO). Ensure that the 'Security Filtering' under the 'Scope' tab for this GPO is set to not apply to any users. By default this would be set to Authenticated Users. Under the 'Delegation' tab ensure Authenticated Users only have 'Read' permissions. Now you can link your Group Policy to a specific organizational unit. Once fully configured you can set the 'Security Filtering' to a group of computer objects or a single test computer object to ensure it works as expected.
- As part of this GPO, ensure the certificate we exported is rolled out with the Windows Installer package. Import the certificate file under 'Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Public Key Policies \ Trusted Publishers'.
- In the same GPO, select 'Computer Configuration \ Policies \ Software Settings \ Software Installation' and create a new package. If you are deploying this on both 32-bit and 64-bit Windows, select both the x86 and x64 installation packages. You may wish to change the package name to LucidLink (x64) and LucidLink (x86) respectively.
- You also need to set 'Computer Configuration \ Policies \ Administrative Templates \ System \ Group Policy \ Configure software installation policy processing' to enable 'Allow processing across a slow network connection', but leave 'Process even if the group policy objects have not changed' disabled.
- Ensure that 'Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Installer \ Always install with elevated priveleges' is enabled. For logging data on installation progress you can enable 'Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows Installer \ Specify the types of events Windows Installer records in its transaction log' and set this to
Note: You can also set 'Computer Configuration \ Policies \ Administrative Templates \ System \ Logon \ Always wait for the network at computer startup and logon' if appropriate and machines are always expected to be connected to a domain network. Do not set this if you expect users to go offsite with their laptop.
After successfully configuring this and applying this Group Policy Object to a group of computer objects you will see that the LucidLink Client is automatically installed the next time these machines reboot. Should you have any questions, or need help with LucidLink Client deployment in large environments please contact support.