Microsoft Endpoint Configuration Manager
Using the Microsoft Endpoint Configuration Manager, you can install the client on the endpoints without any user intervention. After the installation, the client can detect the logged in user's AD login name and download the branding information for the user from the Netskope cloud.
A branding file is a JSON file that contains user details (for example, email address), the addon server URL, and other configuration rules for this user.
Note
Application for devices running Windows
See the Netskope Command Line Reference for all supported
msiexecoptions.Starting in version 1910, Configuration Manager is now part of Microsoft Endpoint Manager. Reference - Microsoft Docs.
End-user environment: Microsoft Windows
Prerequisites to Deploying Client via SCCM
Install and configure Directory Importer to fetch email addresses and usernames from Active Directory. Use Directory Importer version 2.24 or above for importing AD users to Netskope system. This has the capability to capture the user’s principal name (UPN) along with the user's email ID.
Note
For details on installing and configuring Netskope Adapters, refer to the Netskope Adapters.
Download the Netskope Client installer file from the Netskope Support Portal . Download the MSI file for Windows.
When using SCCM, you will first create a installer package and then use that to install Netskope Clients on the end user devices.
Installing the Client
Execute the following command to install the client using the MSI file (the installation package).
msiexec /I NSClient.msi token=<token> host=<host> [mode=peruserconfig | installmode=IDP [userconfiglocation=<path>]] fail-close=[no-npa|all] [autoupdate=on|off]
Note
If multiple users do not share a system, Netskope recommends that you install the Client in single-user mode. In a multi-user system/devices, the client is installed for all users in that system that have an AD account. The client is not installed for local users and therefore traffic from apps used by a local user is not steered to the Netskope cloud. Also, if the mode is not specified, the Client is installed in single-user mode.
Parameter | Description |
|---|---|
mode=peruserconfig | Optional parameter. Use this parameter when installing in a multi-user system. |
installmode=IDP | Optional parameter. Use this parameter when provisioning users via IdP. |
userconfiglocation=<path> | Specifies the user-specific directory used for storing the user configuration. It is recommended to use default value unless user's home directories are hosted on external file servers or network shares. This is recommended to be used only for the multi-user environment. This is an optional parameter. By default the path is %AppData%\Netskope\STAgent. Note The path can be an absolute path, a network share, or a path having environment variables.
|
token=<token> | Specifies organization ID. To obtain your Organization ID (Token) from the Netskope Admin console:
|
host=<host> | Specifies the addon manager hostname. For example: if your URL is seiu.goskope.com, then host = addon-seiu.goskope.com |
fail-close=[no-npa|all] | Optional parameter. If fail-close is not present, the client will honor Web UI "fail close" client configuration.
|
autoupdate=on|off |
|
/qn | Silent installation |
/l*v %PUBLIC%\nscinstall.log | Specifies the log file path |
Installing Netskope Client in a Multi-User Environment
In addition to installing the Client for a single user, you can install it to provide user visibility for cases where multiple users are sharing the same system. Examples of this include:
Persistent and Non persistent VDI
Citrix Xenapp with Hosted Shared Desktop (HSD)
Windows Remote Desktop Services
Floating/Loaner Laptops, when loaner PCs that are given to employees on a temporary basis.
Kiosk Desktops, such as shared desktops in call centers, conference rooms, front desks.