Dome Shield Install Via Script

Automation Scripts - Library - (ITarian will write
1

Hi,

Would like a script to download and install dome shield the same way we can activate CIS on all the machines. I am happy to manually create the agent companies in the panel but we need to be able to install on remote machines as well as static ones.

2

@monster-it ,

We have forwarded your request to our Script Developers. We will provide you an update via support email. Should there be any additional information that we will need for modifying your requested procedure we will make sure to keep you updated.

3

Hi @monster-it

Refer the following script to install comodo shield agent. Let us know your feedback to us.

https://scripts.comodo.com/frontend/web/topic/enroll-comodo-dome-shield-roaming-agent

Thank you.

4

I stilkl have to manually install the module. I’m wanting a script to completly do all this for me. I have around 40 laptops to do. So you can understand if there was a script to auto download and install then this would be far better than me manually doing it.

Plus enroll users who have static and dynamic addresses.

5

Hi @monster-it

We have noted your comment, will update you shortly.

Thank you

6

Hi @monster-it

The customer would be able to push Dome shield agent from ITSM without scripts. But requires few manual works before pushing it though.

  1. Add device network as specified here https://help.comodo.com/topic-434-1-840-11351-Adding-Networks-to-Dome-Shield.html
  2. Download Dome shield agent. Please refer details here https://help.comodo.com/topic-434-1-840-11352-adding-roaming-endpoints-to-dome-shield.html
  3. Push Dome shield agent through ITSM. Please refer details here https://help.comodo.com/topic-399-1-786-10139-Remotely-Install-and-Update-Packages-on-Windows-Devices.html

As of now enrollment procedures for Dome shield are not same as Comodo Client security.

In order to add roaming devices to the Dome shield using script procedure, Customer has to following instructions and same has been updated in the script link.

https://scripts.comodo.com/frontend/web/topic/enroll-comodo-dome-shield-roaming-agent

Roaming devices will not connect to Comodo Dome shield without proper network configuration in the Cdome shield interface.

Please refer https://help.comodo.com/topic-434-1-840-11351-Adding-Networks-to-Dome-Shield.html to configure device network before running the device.

A roaming device cannot connect to internal hosts when inside the office network hence ‘Host File Configuration’ need to be configured additionally in the network interface.

Refer below script to enroll Comodo Dome shield roaming agent using ITSM script procedure,

The script will do following functions one by one in order viz

  1. Download cDomeAgent (Roaming agent) from provided URL(Get the download link from Download agent > “ITSM Agent Download link”)
  2. install it in the Windows devices
  3. reboot the device

Note - no security rules will be applied to the roaming device(s) by default. You can create and apply the device specific policies according to your requirements.

Please refer https://help.comodo.com/topic-434-1-840-10766-apply-policies-to-networks,-roaming-and-mobile-devices.html

For advising on how to configure and deploy security policies to roaming devices.

If Roaming device that is subject to provisioning have a network that is already added to shield,

In this case, all you have to do is to run the script and you’re done.

After the network enrollment process, please also make sure all endpoints in protected networks are configured to use Shield DNS:

Preferred DNS server – 8.26.56.10

Alternate DNS server – 8.20.247.10

Thank you.

7

Hi @monster-it

The customer would be able to push Dome shield agent from ITSM without scripts. But requires few manual works before pushing it though.

  1. Add device network as specified here https://help.comodo.com/topic-434-1-840-11351-Adding-Networks-to-Dome-Shield.html
  2. Download Dome shield agent. Please refer details here https://help.comodo.com/topic-434-1-840-11352-adding-roaming-endpoints-to-dome-shield.html
  3. Push Dome shield agent through ITSM. Please refer details here https://help.comodo.com/topic-399-1-786-10139-Remotely-Install-and-Update-Packages-on-Windows-Devices.html

As of now enrollment procedures for Dome shield are not same as Comodo Client security.

In order to add roaming devices to the Dome shield using script procedure, Customer has to following instructions and same has been updated in the script link.

https://scripts.comodo.com/frontend/web/topic/enroll-comodo-dome-shield-roaming-agent

Roaming devices will not connect to Comodo Dome shield without proper network configuration in the Cdome shield interface.

Please refer https://help.comodo.com/topic-434-1-840-11351-Adding-Networks-to-Dome-Shield.html to configure device network before running the device.

A roaming device cannot connect to internal hosts when inside the office network hence ‘Host File Configuration’ need to be configured additionally in the network interface.

Refer below script to enroll Comodo Dome shield roaming agent using ITSM script procedure,

The script will do following functions one by one in order viz

  1. Download cDomeAgent (Roaming agent) from provided URL(Get the download link from Download agent > “ITSM Agent Download link”)
  2. install it in the Windows devices
  3. reboot the device

Note - no security rules will be applied to the roaming device(s) by default. You can create and apply the device specific policies according to your requirements.

Please refer https://help.comodo.com/topic-434-1-840-10766-apply-policies-to-networks,-roaming-and-mobile-devices.html

For advising on how to configure and deploy security policies to roaming devices.

If Roaming device that is subject to provisioning have a network that is already added to shield,

In this case, all you have to do is to run the script and you’re done.

After the network enrollment process, please also make sure all endpoints in protected networks are configured to use Shield DNS:

Preferred DNS server – 8.26.56.10

Alternate DNS server – 8.20.247.10

Thank You.

8

Is it possible to install Domo Shield remotly through a script?

9

Hi @soporte2

Refer the following script to install Comodo Dome Shield Agent in your endpoint,

https://scripts.itarian.com/frontend/web/topic/enroll-comodo-dome-shield-roaming-agent

Let us provide your valuable feedback to us.

Thanks

10

Hi @Preethi

Thanks for answer my message.

I follow the instructions from the URL the same day. But, today I confirmed that none of the workstation inside a network where added to Comodo Dome Shield portal. Let me share more information about my scenario to allow others like you guide me here.

  • At the moment the organization network is already created on Comodo Domo Shield
  • Because the network has a dynamic public IP, I add a standalone workstation with the Comodo Dome Shield agent to update the network IP
  • I copy the Comodo Domo Shield agent URL into the script and create a new procedure in the ITSM portal
  • I execute the new procedure for all the workstation inside a device group that I created for the organization
Thoughts about what I should check to determine what is not working?

Regards,

11

Hi @soporte2
Please make sure to run the script as a ‘LocalSystem User’ for elevated permissions / privileges.

Test the script on one endpoint and check the log results. If it is successful, then it should be no problem to deploy the script on the other endpoints. If it fails, share with us the log result (make sure to remove any sensitive information in the results).

12

@Rick_C
I tested with another endpoint and it was installed correctly. I don’t know why it works this time, if when I submitted the procedure in the past it was for an entire endpoint group/org.

I’ll do this manually, to avoid delays on my objectives. I appreciate your time and thanks also to @Preethi .

[Update]
BTW, is there a method to execute the script once the endpoint turns ON? I don’t want to chance all the endpoint to install Domo Shield.

Regards,

13

Hi @soporte2

Refer the following wiki topic to schedule the script to skip when the device is offline,

https://wiki.itarian.com/frontend/web/topic/how-to-skip-procedure-if-the-device-is-offline

Thanks