Installing the Windows target

The trc_target_setup.exe file is required to install the BigFix® Remote Control target component on a Windows system.

Before you begin

For details of how to obtain the Windows component installation files see, Install the BigFix Remote Control components. Choose the appropriate method for obtaining the file.

About this task

Procedure

  1. Run the trc_target_setup.exe file.
  2. Click Next at the welcome screen.
  3. Accept the license agreement. Click Next.
  4. Accept the default location for the installation files, or click Change to select a different location.
  5. Specify the host name of the BigFix® Remote Control server that the target connects to.
    For example, trcserver.example.com.
    Note: Select Use secure connections (https) if you selected to use HTTPS during the server installation.
  6. On the Server Address window, for secure target registration, enter or paste the Registration token.
    Ensure that Use secure connections (https) is also selected. For more information about secure target registration, see Add a token for secure target registration
  7. For advanced settings, click Advanced settings
    Server port
    The port must match the value that is entered for the Server port on Webserver parameter during the server installation.
    Server Context
    The server context is used as part of the URL for contacting the server. It must match the value that is entered after the '/' in the Path to URL field, on the Web server parameters screen during the server installation.
    Use a FIPS certified cryptographic provider
    Select this option to enable FIPS compliance on the target. For more information about enabling FIPS compliance, see Enable FIPS compliance on the target.
    Enable NIST SP800-131A compliance (Enables FIPS)
    Select this option to enable NIST SP800-131A compliance on the target. For more information about enabling NIST SP800-131A compliance, see NIST SP800-131A compliance in BigFix Remote Control.
  8. Click Next.
  9. On the Proxy settings screen if you are not using a proxy server, click Next.
    • To use a Proxy, select Use a proxy server or a Remote Control Gateway.
      1. Type in the IP address or host name for the Proxy server.
      2. Type in the port that proxy server is listening on.
      3. Select whether you are using an HTTP proxy or a Remote Control Gateway.
      4. Select Proxy requires authentication if you must authenticate with the proxy server. Enter the ID and password for authenticating to the proxy server. The user ID and password are automatically encrypted when the target starts. For more information about the automatic passphrase encryption, see the BigFix® Remote Control Administrator's Guide.
        Note: When you rerun the target installer and select Modify after the user ID and password are encrypted, the encrypted user ID and password combination is displayed in the user ID field. The password field remains empty.
      5. Click Next.
  10. Accept or change the port value to be used to listen for incoming remote control sessions. Click Next
    Note: Your operating system might have a firewall that is installed by default. The inbound firewall rule for target port defaults to 888. Incoming TCP connections to that port must be open. If another port is configured instead for the BigFix® Remote Control sessions, the same applies. Also, traffic on the localhost loopback address 127.0.0.1 between trc_base, trc_gui, and trc_dsp on arbitrary ports must be allowed.
  11. To enable failover to peer-to-peer mode, select one of the following options:
    Regardless of server status
    A peer to peer session can be established between a controller and this target directly if the server is available or not. Click Peer to Peer policies to set the local policies for the target to use during a peer to peer session. Click Next to move through the peer to peer policies screens.
    Only when server is down or unreachable
    A peer to peer session can be established only if the server is down or the target cannot connect to the server. Click Peer to Peer policies to set the local policies for the target to use during a peer to peer session. Click Next to move through the peer to peer policies screens.
    Never
    A peer to peer session is not allowed directly between a controller and this target. If you select this option, continue from step 12.
    Peer to Peer policies
    For the definition and more information about the properties, see Properties that can be set in the target configuration.

    Session policies options

    Table 1. Session policies options.

    Installation
    option.

    		 Target Property. Default Value.
    Active AllowActive Selected.
    Guidance AllowGuidance Selected.
    Monitor AllowMonitor Selected.
    Enable high quality colors EnableTrueColor Not selected.
    Lock color quality LockColorDepth Not selected.
    Remove desktop background RemoveBackground Not selected.
    Stop screen saver updates when screen saver is active NoScreenSaver Not selected.

    Policies options

    Table 2. Policy descriptions -

    Installer screen
    names.

    		 Target property. Default value.
    Disable chat DisableChat Not selected.
    Save chat messagess AutoSaveChat Not selected.
    Disable file transfer from target to controller DisableFilePull Not selected.
    Disable file transfer from controller to target DisableFilePush Not selected.
    Disable clipboard transfer DisableClipboard Not selected.
    Allow local recording AllowRecording Selected.
    Allow collaboration AllowCollaboration Selected.
    Allow session handover AllowHandover Selected.
    Allow requests to disconnect existing session AllowForceDisconnect Not selected.
    Disconnect grace time ForceDisconnectTimeout 45
    Audit to Application Event Log AuditToSystem Selected.

    Security policies

    Table 3. Security policies.
    Installer screen names. Target property. Default Value.
    Authenticate by using Windows logon CheckUserLogin Selected.
    Must be a member of these Windows groups CheckUserGroup See description.
    Allow privacy AllowPrivacy Selected.
    Allow input lock AllowInputLock Selected.
    Enable privacy when session starts EnablePrivacy Not selected.
    Enable input lock when session starts EnableInputLock Not selected.
    Enable on-screen session notification EnableOSSN Not selected.
    Disable Panic Key DisablePanicKey Not selected.
    Inactivity timeout IdleTimeout 360

    User acceptance policies

    Table 4. User acceptance policies.
    Installer screen names. Target property. Default Value.
    Take over session ConfirmTakeOver Selected.
    Change session mode ConfirmModeChange Selected.
    File transfers ConfirmFileTransfer Selected.
    System information ConfirmSysInfo Selected.
    Local recording ConfirmRecording Selected.
    Collaboration ConfirmCollaboration Selected.
    User acceptance grace time AcceptanceGraceTime 45
    Proceed on acceptance timeout AcceptanceProceed Not selected.
    Do not prompt for user acceptance when user is not logged on. AutoWinLogon Selected.
    Enable Hide windows HideWindows Not selected.

    Session scripts

    Table 5. Session scripts policies.
    Installer screen names. Target property. Default Value.
    Run pre-session script RunPreScript Not selected.
    Run post-session script RunPostScript Not selected.
    Proceed with session when script fails ProceedOnScriptFail Not selected.
    Additional Features
    Select Install device driver for Virtual Smart Card Reader to install the virtual smart card reader driver. For more information about the smart card reader driver, see Install a driver to support smart card authentication in the target.
  12. Click Install to begin the installation.
  13. When the installation is complete, click Finish.