Add Windows Hybrid Workstation, on Domain via ACSC Always

To add a Windows workstation that is already part of your Active Directory domain, and will sometimes be on the LAN, but sometimes be remote – and you want it to always use domain services through ACSC (regardless of remote vs local) – you must first add a domain controller to the ACSC network. See the Add Windows Local Domain Controller documentation to add a domain controller (DC).

Once a DC is serving your domain through the ACSC network, follow these steps to add a remote Windows workstation:

Set Up Host in Management UI

Follow the steps from the Add Test Connection documentation until you get to the Tunnel page of the Add Endpoint Wizard. On this page, do the following:

  1. Adjust the IP address ranges listed in the Except for field on left side of the page to include the networks or hosts at the remote workstation’s site that the workstation needs to access. For example, for a workstation that needs to connect to a network printer at a remote site, make sure the IP address of the printer is included in the networks listed in the Except for field.

    Do not add any local LAN address to the Except for field – all access to your LAN will be routed through ACSC.

  2. Adjust the IP addresses listed in the WireGuard Address fields on the right side of the page if you have selected a specific set of addresses for the workstation, or if you have already assigned the suggested addresses to some other computer.

  3. Click the Next button. This will take you to the Extras page of the Add Endpoint Wizard.

  4. Select Domain for the Firewall Zone dropdown.

  5. Select the Use custom DNS settings when tunnel is up option, and make sure the DNS Server list includes the ACSC IP address of all your ACSC DCs before any local DCs or other DNS resolvers.

  6. Click the Next button. This will take you to the Review page of the Add Endpoint Wizard.

  7. Click the Apply button. This will add the workstation to the ACSC network.

  8. Click the Set Up Agent icon on the Point panel on the right side of the page. This will take you to the Set Up page for the workstation.

  9. Click the acsc.conf and acsc-setup.conf links. This will download the unique acsc.conf and acsc-setup.conf files for the workstation.

Install Agent on Host

To install the ACSC agent on the workstation, perform the following steps on the workstation as an Administrator user:

  1. Create a new C:\Program Files\Anti-Cloud\Secure Connect\agent\cnf\ directory on the workstation.
  2. Copy the workstation’s unique acsc.conf and acsc-setup.conf files you downloaded above into this directory on the workstation.
  3. Copy the agent’s MSI (Microsoft Installer) package to the workstation, and execute it.
  4. If the PowerShell execution policy on the workstation is Restricted, change its policy to RemoteSigned (or AllSigned) via GPO (specifically, the Computer Configuration\Policies\Administrative Templates\Windows Components\Windows PowerShell\Turn on Script Execution setting).

Automation

To automate the process of installing the ACSC agent on hybrid workstations whenever they next join AD through the LAN, use the same automation techniques as recommended by the Add Windows Local Workstation documentation.