Configuration Security Troubleshooting Upgrade

Advanced Threat Analytics – Silent Installation “Adventure”

Documentation

Well I love to automate things a lot using PowerShell – really I do! The success of automation depends on two major things. First there are the detailed requirements and secondly technical documentation of your stuff you want to automate. In reality, most projects do not cover both parameters in a satisfying way at all. An example of such is providing Microsoft Smile.

I was asked to write a DSC resource to install Advanced Threat Analytics, a solution to discover threats in your environment. After ATA installation you can easily configure the Syslog integration and send the “alerts” to OMS. The issues / alerts  from ATA are nicely integrated into the Security and Audit OMS solution.

Ok, now back to the installation topic. Because I was using DSC to install Advanced Threat Analytics Center and the ATA Lightweight Gateway, I needed the silent installation switches / flags for the installer. The parameters are nicely documented here

image

…the problem is, that they do no match the latest version of ATA Center. If I execute the Microsoft ATA Center Setup.exe /help for Version 1.7.2 I receive the documented parameter set…

image

…if I execute the same command for the latest version 1.8.1, there are far less parameters…

image

The big question is now, what is the correct source, the installer help documentation or the online documentation. Well, I figured out that the switches Microsoft ATA Center Setup.exe /help are the ones we can rely on. The online documentation is simply wrong (I will notify Microsoft to fix it). There is even a weird case like this switch here, for version 1.7.2 the following switch works as documented online and installer help…

NetFrameworkCommandLineArguments=”/q”

In version 1.8.1 it works like documented in the installer help dialog window….

NetFrameworkCommandLineArguments=”\q”

This proofs that you can rely on the installer help menu Microsoft ATA Center Setup.exe /help.

What are the correct installation parameters for the latest version (1.8.1)? Here we go…

Flags
—–
/quiet
Displays no UI with no propmpts.


/uninstall
Uninstalls Microsoft ATA Center.


/norestart
Suppress any attempts to restart. By default, UI will prompt before restart.



Installation Parameters
———————–
LicenseAccepted:
Indicates that the license was read and approved. Must be set on silent installation.
Usage: –LicenseAccepted
Default: false.

NetFrameworkCommandLineArguments:
Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework.
Usage: NetFrameworkCommandLineArguments=”\q”
Default: .Net Framework installation will display minimal UI (passive mode).


EnableMicrosoftUpdate:
Enable Microsoft Update.
Usage: –EnableMicrosoftUpdate
Default: false.


InstallationPath:
Sets the installation path.
Usage: InstallationPath=”C:\Installation\Path”
Default: Microsoft ATA Center will be installed in “%ProgramFiles%” folder.


DatabaseDataPath:
Sets the path for the database data files.
Usage: DatabaseDataPath=”C:\Database\Data\Path”
Default: Database data will be set to be under the installation path folder.


CertificateThumbprint:
Sets the thumbprint for Microsoft ATA Center service certificate.
Usage: CertificateThumbprint=”e536799cbbb41a6f1c741ef23a136ca0e88aeb4c”
Default: A self-signed certificate will be generated.


Update Parameters
—————–
NetFrameworkCommandLineArguments:
Specifies the parameters for the .Net Framework installation. Must be set to enforce the silent installation of .Net Framework.
Usage: NetFrameworkCommandLineArguments=”\q”
Default: .Net Framework installation will display minimal UI (passive mode).


EnableMicrosoftUpdate:
Enable Microsoft Update.
Usage: –EnableMicrosoftUpdate
Default: false.


PartialDataMigration:
Previously captured network traffic and events will be deleted.
Usage: –PartialDataMigration
Default: false.

I experimented first to upgrade from version 1.7.2 to version 1.8.1, which works seamlessly. For an upgrade to version 1.8.1 you just need to run the following command and it will upgrade version 1.7.2…

“Microsoft ATA Center Setup.exe” /quiet [NetFrameworkCommandLineArguments=”\q”]

If you install version 1.7.2 using DSC you could run into an ugly issue. For some reason the ATA Center installation breaks the WSMan component, so that DSC cannot talk to the local WSMan service anymore and will show you something like this…

image

If you try to run another WSMan command like Winrm enumerate winrm/config/listener, you will likely receive an error like this…

image

…I tried to fix the issue but didn’t have any success. If you are installing version 1.8.1, this issue does not happen and WSMan stays in good condition.

If you are interested in the upgrade path there is an upgrade flow available here…ATA version upgrade matrix

Conclusion: Use the latest version for your silent installation deployment and rely on the installer help to figure out the proper switches and flags. The mandatory switches in the online documentation like CenterIPAddress, CenterPort and ConsoleIPAddress are not required for ATA Center version 1.8.1.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.