Script to install CDome Shield Roaming Agent and tie it to a customer profile in CDome Shield would be great.
Hi @indieserve
Please refer attached procedure for your request,
Script will do following functions one by one in order viz
- Download cDomeAgent (Roaming agent) from url=“https://shield.dome.comodo.com/api/agent/download”
- install it in the windows devices
- Get client id(jey) from “C:\Program Files (x86)\COMODO\Shield Agent\client.id” or “C:\Program Files (x86)\COMODO\Shield Agent\client.id”
There are two cases which affect script efficiency,
- PC that is subject to provisioning have network that is already added to shield
In this case, all you have to do is to run the script and you’re done
2.PC that is subject to provisioning have network that is not added to shield
After running the script on the device, you have to put in a client ID (key) that you obtained from script execution log, into shield portal manually, then you’re done.
tie it to a customer profile in CDome Shield
After enrollment default profile will be auto applied. Please ensure desired profile set as default.
It is preferable to add the network before running the script in devices.
Please refer below help guide section for more information
https://help.comodo.com/topic-434-1-…me-Shield.html
Let us know your feedback.
sample output:
20170417-Automate-cdome–shield-roaming-agent-installation.json (2.77 KB)
Thanks!
So to confirm: If I’m using this script to install a roaming agent on a PC at a site that already has CDome Shield in use (it’s public IP is listed in the Networks section in cDome shield) - I don’t need to specify the client.id? It will register somehow automatically to the client’s profile in cdome shield? (and then work, say on a laptop, if they leave the building)?
Then any policies I create specific to the roaming agent(s) should supersede/take precedence over the site-wide network rule? (so I can give the HR computer access to linkedin, but block social media for the rest of the site?)
Hi @indieserve
If I’m using this script to install a roaming agent on a PC at a site that already has CDome Shield in use (it’s public IP is listed in the Networks section in cDome shield) - I don’t need to specify the client.id? It will register somehow automatically to the client’s profile in cdome shield? (and then work, say on a laptop, if they leave the building)?
yes, if network listed in cDome Shield, adding roaming agents will be automated completely using the script.
Then any policies I create specific to the roaming agent(s) should supersede/take precedence over the site-wide network rule? (so I can give the HR computer access to linkedin, but block social media for the rest of the site?)
yes, applied policies will override site-wide network rule.
After the network enrollment process, please also make sure all endpoints in protected networks are configured to use Shield DNS:
Preferred DNS server – 8.26.56.10
Alternate DNS server – 8.20.247.10
Thanks,
kannan
Thanks MKannan, we block DNS requests in the firewall OTHER than to the Comodo IPs, then the domain control/main DNS server points to Comodo. I assume the agents have a way to identify themselves to get different DNS resolution results? The agents first query the local DNS server for local hosts in the internal network/domain I assume also? I’ll try to get a user to leave their PC on tonight and try it out. Thanks again.
Install worked great - show up in Shield roaming agents right away. I haven’t tested the policy precedence thing but will shortly, thanks again! Should include this script for everyone! 
Ok, I just set the site policy to be very strict, and then an installed agent at the site to only block malware and ads – and it worked perfectly. Still seems to resolve internal hosts ok as well. This is great work guys!!
great to hear!