Install or upgrade Login Assistant from the command line

SKA

Parent feature, installs the Login Assistant SKA (secure kiosk account).

CREDPROV

Installs the Bravura Pass Credential Provider for Windows clients.

INSTALLDIR

The directory in which Login Assistant will be installed. The default is C:\Program Files\Bravura Security\Login Assistant\.

INSTALLLEVEL

This parameter is used in a silent installation and is mutually exclusive with ADDLOCAL. Set to a value of 1 or more (up to 32767) for a complete install: SKA+CREDPROV.

ADMIN_USERNAME

Specify the username of a privileged administrator. When you need to launch the installer from an account with insufficient privileges, use this and ADMIN_PASSWORD to specify a more privileged account to perform the installation.

ADMIN_PASSWORD

Specify the password of a privileged administrator. When you need to launch the installer from an account with insufficient privileges, use this and ADMIN_USERNAME to specify a more privileged account to perform the installation.

SKATIMEOUT

The maximum amount of minutes the Login Assistant secure kiosk account will stay open before it automatically closes. Default is 15 minutes.

URL

The full path to the Front-end (psf) on the Bravura Pass server; for example, https://server:443/instance/ .

USEVPN

0|1 If set to 1, use a VPN connect program.

HELPADMINENABLED

0|1 No longer used.

HELPACCOUNT

The name of the Login Assistant "help" account (default is help).

HELPPASSWORD

The password for the help account specified by HELPACCOUNT. If this option is not set, you must set RANDOM_HELPPASSWORD to generate a random password. If neither option is set, a blank password is created.

RANDOM_HELPPASSWORD

0|1 Set to 1 to create a random password for HELPACCOUNT. This setting is off by default.

This setting defaults to 0 for Login Assistant SKA-only installations and to 1 for CREDPROV installs – it is not recommended to use a random password in Login Assistant SKA-only installations.

Note that when HELPPASSWORD and RANDOM_HELPPASSWORD are both specified, the RANDOM_HELPPASSWORD setting is ignored.

IMAGEFILE

Fully-qualified file name for the bitmap file used to replace the the Credential Provider tile for CREDPROV installations.

The MSI can also be modified, using an msi editing tool, to add an "ImgFile" entry into the Binary table, where the binary file is the bitmap to use.

LANGUAGEFILES

Specifies a pipe-separated list of gina.z files to use as additional languages for the secure kiosk account and Credential Provider. These must be fully-qualified file names. The gina.z files are generated in the 12.3.0 language packs. The list must be enclosed in double quotes.

The MSI can also be modified, using an msi editing tool, to add an entry into the Binary table, of the form Lang_<language>-Rest of World, where the binary file is the gina.z file for the corresponding language. For example, Lang_fr-ca can be added with the contents of the gina.z file from the fr-ca skin.

EN_US,

<LANGUAGE>_Rest of World

0|1 Indicates whether the specified language is enabled for use. EN_US is installed by default. Additional languages are specified with the LANGUAGEFILES setting.

SHELLOPTIONS

Command-line options for the runurl command, used when invoking the web browser. The default is "-kiosk -no_icw -logoff -trapsesslock".

RUNURLCFG

Provide any additional options that may be required for runurl. This replaces the shell options with "-cfg runurl.cfg", and generates a runurl.cfg file that includes the shell options and any additional options specified by this property. The default is no value.

HIDEERRORS

This setting applies only to Bravura Security Fabric 12.4 or older.

REMOTESKAACCESSENABLED

0|1 Enable or disable remote access to the SKA.

VPN_CONNECT_PROGRAM

Name and full path of the VPN connect program to run in order to establish a VPN connection.

VPN_CONNECT_CMDLINE

Command-line arguments for VPN connect program; for example -u %USERID% -p %PASSWORD% . This value cannot be blank.

VPN_DISCONNECT_PROGRAM

Name of the VPN disconnect program to run to disconnect from the VPN.

VPN_DISCONNECT_CMDLINE

Command-line arguments for VPN disconnect program; for example -u %USERID% -p %PASSWORD%.

VPN_USER

VPN user ID to be used with the VPN connect and disconnect programs.

VPN_PASSWORD

Password to be used with the VPN user ID.

VPN_TIMEOUT

The number of seconds to wait between retries. The default is 30.

VPN_RETRIES

The number of VPN retries to test for connectivity. If this value is blank, there will only be one retry attempt. The default is 3.

VPN_CONNECT_STDINPUT

Standard input lines for Cisco anyConnect connections. See Command-line Cisco AnyConnect APN parameters for details.

VPN_CONNECT_TERMINATE

For Cisco anyConnect, terminate any running programs before trying to launch the VPN client.

VPN_HIDE_WINDOW

For Cisco anyConnect, hide the pop-up console window that vpncli.exe starts.

VPN_URL

Set this to a URL to use as a test page for the SKA. If this page cannot be accessed by the SKA, then a VPN connection will be established to access it.

VPN_URL_SEARCH

Set this to a marker in the HTML code to search for in the page set by VPN_URL.

RUNURL_EXTERNAL_URL

This will be the URL of a website that used to determine if the computer is connected to the Internet, or still behind a registration screen or captive portal. This defaults to http://www.msftncsi.com/ncsi.txt.

Other options for the external URL are http://detectportal.firefox.com/success.txt with RUNURL_EXTERNAL_URL_EXPECTED_DATA set to success

Or http://captive.apple.com/hotspot-detect.html with RUNURL_EXTERNAL_URL_EXPECTED_DATA set to Success

RUNURL_EXTERNAL_URL_EXPECTED_DATA

This is a string that is expected from the above website. It should be unique enough to ensure that a registration page will not have the data, but always present on the external URL. The default is Microsoft NCSI.

RUNURL_EXTERNAL_CONNECT_PROGRAM

If users will be using an AirCard or Internet stick, this is the name of the program to run in order to connect. This program will be run from the SKA to allow the user to connect.

RUNURL_EXTERNAL_CONNECT_PROGRAM_TITLE

If the Program to use to create a connection is used, this is the main window title of the program when run. In AirCard, this is listed under the Task column on the Applications tab.

RUNURL_PORTAL_TIMEOUT

The number of seconds to wait for a captive portal connection. The default is 300.

RUNURL_REMOTE_HOST

The address of the VPN server to test if the server is reachable.

RUNURL_REMOTE_PORT

The port that the VPN server is listening on to test if the server is reachable.

PROXY_ENABLE

0|1 Enable or disable the installer to modify proxy configuration.

PROXY_AUTODETECT

0|1 Enable or disable proxy to use "Automatically detect settings".

PROXY_AUTOCONFIGURATION_ENABLE

0|1 Enable or disable proxy to use "Use automatically configuration script".

PROXY_AUTOCONFIGURATION_URL

Use this to set the URL of an automatic configuration script.

PROXY_URL

Use this to set the proxy server’s address.

PROXY_PORT

Use this to set the proxy server’s port number.

HIDEFASTUSERSWITCHING

0|1 Hides Fast User Switching on this machine, preventing multiple concurrent logins. The default is 1. This property is no longer used and will be removed in future releases. Fast User Switching must be enabled.

USECLASSICLOGON

0|1 Provides a more traditional interface for login (rather than individual tiles) for users. It prompts for a user ID and a password.

The default is 1.