Installing Silently on Windows

This procedure describes how to install the HyTrust DataControl Policy Agent silently on Windows using a command line script. For details about installing the Policy Agent through an interactive GUI, see Installing Silently on Windows.

Note: The Policy Agent can only be installed on the Windows system (C:) drive, not a data drive.

Before You Begin 

  • Make sure you have completed the prerequisites in Windows Installation Prerequisites.
  • Make sure you have the credentials for a Windows user account with Administrator privileges.
  • If you plan to download the Policy Agent installation file on Windows 10 from the Microsoft Edge browser while logged in with the BUILTIN\Administrator account, make sure that User Account Control (UAC) is enabled for the BUILTIN\Administrator account. Alternatively, you can set the integrity level for the installer to high after you have downloaded it. For details, see the Microsoft Windows 10 documentation.

Procedure 

  1. Log into the KeyControl webGUI using an account with Cloud Admin privileges.
  2. Click Cloud.
  3. Click Actions > Download Policy Agent.
  4. Click the Download link associated with the file hcs-client-agent-rel.number-build.number.exe. KeyControl downloads the file to your browser's default download location.
  5. Copy hcs-client-agent-rel.number-build.number.exe to the Windows system that you want to encrypt.

  6. If your system contains multiple network adapters and you want to specify the adapter that DataControl should use, do the following:

    1. Enter the command hcs-client-agent-rel.number-build.number.exe /NLIST. DataControl writes the list to the file HTIfaceList in the same directory as the installer executable.
    2. Open HTIfaceList and determine the index of the adapter you want to use.
    3. Specify that index using the /NET switch as described in the next step.

  7. Run hcs-client-agent-rel.number-build.number.exe using the following switches. All switches are case-sensitive and must be entered in upper-case. The installer ignores any unsupported switches.

    Switch

    Description

    /S

    Required. Tells Windows to run the installer silently.

    /NORB

    Do not reboot automatically. Required if you want to check the final state of installation, which is explained in the following step.

    Windows Bootloader Switches

    /NOBL

    Do not install the Windows Bootloader. The default is to install the Bootloader.

    /NLIST

    List of network adapters with an index that can be used with the /NET switch. This does not cause actual installation.

    /NET=n

    		 Use adapter n with its current settings as the primary network interface for the HyTrust Bootloader, where n is the DeviceID of any of the network adapters listed by /NLIST. If this switch is not specified, the first network adapter is used by default. This is equivalent to specifying /NET=1.

    /DRIVE=d

    Assign drive letter d to the Bootloader partition. The drive letter itself is case-insensitve.

    /NORM

    Do not delete HTBOOTLDR partition left by an older installation. By default, old HTBOOTLDR partitions are deleted.

    For example, if you want to run hcs-client-agent-5.2.1-12345.exe silently, assign the drive letter D to the Bootloader, and not reboot automatically after the install runs, you would enter:

    C:\hytrust\installer\dir> hcs-client-agent-5.2.1-12345.exe /S /DRIVE=D /NORB

  8. If you specified the /NORB switch and you want to check the success of the installation, look at the files generated by the installer. These files will be placed in the same directory as the .exe file. The files are:

    • HTDone — This indicates the installation ended. You should poll for creation of this file to ensure that the installer process finished. If no other file is created, it means that the installation completed successfully.

      Note: Boot drive encryption is not available until AFTER a successful installation and reboot.

    • HTError — The installation failed. This file contains the error string.
    • HTBLErrorHyTrust Bootloader installation failed, but the rest of the installation succeeded. This file contains the error string.
    • HTRetryOnReboot — If this file is present, the installation was not a failure, but it needs a reboot. To complete the installation, reboot and run the installer again.
  9. If you specified the /NORB switch, reboot the Windows system to complete the installation.

What to Do Next 

Register the VM with KeyControl as described in Registering the Policy Agent Using the HyTrust Policy Agent GUI or Registering the Policy Agent from the Windows Command Line.