Deploy Code42 apps silently with local authentication

Last updated
Save as PDF
Share
1. Share
2. Tweet

Overview

For Code42 environments that control users with Code42 local authentication, this article describes how to configure deployment packages that install Code42 apps and start backups automatically, silently, with no user intervention.

Considerations

This article assumes you understand the introduction to deployment provided by the article Prepare to deploy Code42 client apps.

These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
To use these deployment tools, you need to sign in to your Code42 console as a user with the Customer Cloud Admin role.
In the Code42 federal environment, app installations must be deployed with a deployment policy to ensure the use of FIPS encryption in the Code42 app. Users cannot download the installation package from the Code42 console or an email message.

Usernames must be addresses
In the Code42 cloud, usernames must be email addresses. In your Code42 deployment policy, you need to modify the default user detection script. The script needs to take in device usernames and output email addresses. See Step 2, below.

Users cannot access the Code42 app or the Code42 console
The process described here generates Code42 passwords automatically. Those passwords are not available to users or administrators. To grant a user access to the Code42 app or the Code42 console, an administrator needs to sign in to the Code42 console and edit the user data to set a new password.

Step 1: Identify the deployment organization

In your Code42 console, create or identify an organization that:

Uses local authentication
Has at least one destination where backups can auto-start.

To verify the organization's configuration:

Sign in to the Code42 console.
Select Administration > Organizations > Active.
Select an organization.
Note the organization name; you will need it later.
On the organization details page, scroll down to ORG INFO, and select Security.
- The Authentication must be Local.
- The Directory service must be blank.
Scroll down to DEVICE BACKUP DEFAULTS, and select Backup.
- DESTINATIONS must list at least one destination name and Yes.
- The other possible value, DESTINATIONS ... Auto-start, is not acceptable. It means silent deployment is not possible.
- To set a destination to Yes, go to the organization's action menu and select Device Backup Defaults, then click Backup and scroll to Destinations.
In the DEVICE BACKUP DEFAULTS section, select Network. Note whether PROXY is enabled; you will need that information later.
If necessary, change organization configuration. In the action menu in the upper-right, select Edit.

Step 2: Create the deployment policy

Define the deployment policy for the organization you identified in Step 1.

In the Code42 console, select Administration > Client Management > Deployment.
Select Create New Deployment Policy or Create New Policy.
The prompt differs depending on whether you see the initial welcome screen or your list of existing policies.
Enter a Policy Name to describe this policy.
At How should new users register select the organization you identified in Step 1 above.
If your organization's name is dimmed in the menu, that organization already has a policy. You can edit or delete that existing policy.
At Do you want to automatically register users, select Yes.
At Which operating systems, select the systems you will deploy Code42 apps to.
For each operating system you select, select Add a custom batch/bash script
Provide a script that identifies the username and home directory that the Code42 app will provide when it registers with your Code42 environment. For details, see the script reference. The script must end by echoing the username and user home directory:
```
echo C42_USERNAME=<email@address.tld>
echo C42_USER_HOME=<value>
```
At Do your clients need a proxy URL, select No or Yes, depending on what you determined in Step 1: Identify the deployment organization.
At Launch desktop app after initial install, select No for silent deployment.
Click Save.
The Policy Saved dialog appears.
Click Done.
You can return to the policy and copy the installation properties at any time.

Example username detection scripts for the Code42 cloud

Note the lines in the scripts that modify a username in order to match an email-address for the Code42 cloud. In those lines, replace @<yourcompany>.com with the suffix for your addresses.

Windows

@echo off
rem Use sysnative when running 32-bit on a 64-bit processor
if "%PROCESSOR_ARCHITEW6432%"=="" goto native
   %SystemRoot%\Sysnative\cmd.exe /c %0 %*
   exit
:native
rem Change code page to UTF-8
CHCP 65001
for /f "TOKENS=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUser') do set current_domain_user=%%b
echo current_domain_user = %current_domain_user%
for /f "TOKENS=1,2 DELIMS=\" %%a in ("%current_domain_user%") do set current_domain=%%a& set current_user=%%b
echo current_domain = %current_domain%
echo current_user = %current_user%
if "%current_user%" == "" (
   set current_user=%current_domain%
   echo current_user = %current_user%
)
if NOT "%current_user%" == "" (
   echo C42_USERNAME=%current_user%@<yourcompany>.com
   echo C42_USER_HOME=C:\Users\%current_user%
)

Mac

function main() {
    local user=$(last | egrep 'console.*still' | egrep -v 'root|admin|reboot|shutdown|local|_mbsetupuser' | awk '{print $1}' | sort -u | head -n1)
    echo "C42_USERNAME=${user}@<yourcompany>.com"
    echo "C42_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)"
}
main "$@"

Step 3: Deploy Code42 apps to user devices

Retrieve installation properties from your deployment policy as follows:

Sign in to the Code42 console.
Select Administration > Client Management > Deployment.
In the list of policies, click on the name of the policy you want to use.
Copy deployment properties from the policy:
- Windows or Linux: Copy the properties and paste them into your deployment software.
- Mac: Download the deploy.properties file and provide it to your deployment process.

Distribute installation properties and Code42 app installers to your target devices. Then run the installers.
Details for those two tasks depend on your device management tool and endpoint operating systems:

Consult the vendor's documentation for your device management tool.
For deployment to Mac devices, see details about placing the deploy.properties file.
For details about Code42 app install commands, see the Deployment script and command reference.

Step 4: Verify success

Review device data in Code42 console

Check that deployments succeed by reviewing the number of devices signed in to your organization and backing up data.

Sign in to the Code42 console.
Select Administration > Organizations > Active.
Select the organization you deployed to.
At the top of the window, click the value under Devices.
The number of devices listed for your org should match the number of devices you deployed Code42 apps to. The quantity of data stored for each device should be greater than zero.

Review client logs

At your test devices, or a selection of your production devices, check the Code42 app service.log.0

Find service.log.0 in one of these locations:
- Windows: C:\ProgramData\CrashPlan\log
  To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
- Mac: /Library/Logs/CrashPlan
  If you installed per user, see the file and folder hierarchy.
- Linux: /usr/local/crashplan/log
Open service.log.0 with a text editor.

Search for CP_ARGS=DEPLOYMENT
Find a line like the following and verify that the installer arguments are correct.

CP_ARGS=DEPLOYMENT_URL=https://authority.example.com:4285&DEPLOYMENT_POLICY_TOKEN=e675f3e1-ebb3-496e-9cef-c669db6ffac6&SSL_WHITELIST=7746278a857f64717094c44eeb2bbc32357ece44

Search for Results of running user script.
Find lines like the following that verify the Code42 app retrieved the deployment policy and ran the detection script without error.
```
Deploy:: Successfully retrieved deployment package
Results of running user script: UserScriptExecutionResults [username=exampleUser, userHomeDirectory=/home/exampleUser]
```

Search for LoginRequest
Find lines like the following that verify that the Code42 app logged in and is authorized to backup data.

UserActionRequest: LoginRequestMessage[809641607873065038] LOGIN: username=exampleUser, password=****, serverAddress=authority.example.com:4287
AUTH:: CPC session is LOGGED_IN

Troubleshooting

If a user opens the desktop UI for a newly deployed Code42 app, but the UI never progresses beyond the message Connecting... , then the deployment has probably failed.

Confirm the error as follows:

Find service.log.0 in one of these locations:
- Windows: C:\ProgramData\CrashPlan\log
  To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
- Mac: /Library/Logs/CrashPlan
  If you installed per user, see the file and folder hierarchy.
- Linux: /usr/local/crashplan/log
Open service.log.0 with a text editor.

Find deployment errors by searching for Deploy::, for example:

deploy:: Unable to make request

Deploy:: Unable to process deployment package, USERNAME_NOT_IN_OUTPUT