Add Windows Local Workstation

To add a local Windows workstation that is already part of your Active Directory domain, and never leaves the LAN, follow the steps below:

Set Up Host in Management UI

Follow the steps from the Add Test Connection documentation until you get to the Tunnel page of the Add Endpoint Wizard. On this page, do the following:

  1. Adjust the IP address ranges listed in the Except for field on left side of the page to include the workstation’s LAN networks (eg “192.168.123.0/24, 192.168.234.0/24”).
  2. Adjust the IP addresses listed in the WireGuard Address fields on the right side of the page if you have selected a specific set of addresses for the workstation, or if you have already assigned the suggested addresses to some other computer.
  3. Click the Next button. This will take you to the Extras page of the Add Endpoint Wizard.
  4. Select Domain for the Firewall Zone dropdown.
  5. Select the No changes to DNS settings when tunnel is up option.
  6. Click the Next button. This will take you to the Review page of the Add Endpoint Wizard.
  7. Click the Apply button. This will add the workstation to the ACSC network.
  8. Click the Set Up Agent icon on the Point panel on the right side of the page. This will take you to the Set Up page for the workstation.
  9. Click the acsc.conf and acsc-setup.conf links. This will download the unique acsc.conf and acsc-setup.conf files for the workstation.

Install Agent on Host

To install the ACSC agent on the workstation, perform the following steps on the workstation as an Administrator user:

  1. Create a new C:\Program Files\Anti-Cloud\Secure Connect\agent\cnf\ directory on the workstation.
  2. Copy the workstation’s unique acsc.conf and acsc-setup.conf files you downloaded above into this directory on the workstation.
  3. Copy the agent’s MSI (Microsoft Installer) package to the workstation, and execute it.
  4. If the PowerShell execution policy on the workstation is Restricted, change its policy to RemoteSigned (or AllSigned) via GPO (specifically, the Computer Configuration\Policies\Administrative Templates\Windows Components\Windows PowerShell\Turn on Script Execution setting).

Automation

To automate the process of installing the ACSC agent on a host, set up an Active Directory (AD) Group Policy Object (GPO) to the perform the install steps via a computer Startup script (or user Logon script). Keep in mind that you will need to download the acsc.conf and acsc-setup.conf files ahead of time, and that you must download and apply a unique acsc.conf and acsc-setup.conf pair for each computer or user.

Also note that the unique setup code in the acsc-setup.conf file expires after three days. If you need to download a new setup code, follow these steps:

  1. Log into the ACSC management UI, and switch to the appropriate organization.
  2. Click the Hosts link in the page header. This will take you to the Hosts page.
  3. Click the name of the workstation. If you don’t see this workstation in the list, use the Filter by name… input at the top of the page to search for it by name. This will take you to the main host page for the workstation.
  4. Click the Set Up icon on the Agent panel. This will take you to the Set Up page for the workstation.
  5. Click the acsc.conf and acsc-setup.conf links. This will download the unique acsc.conf and acsc-setup.conf files for the workstation.

Once the agent uses the setup code, it will delete the acsc-setup.conf file, and replace it with a permanent acsc-credentials.conf file. To generate the permanent acsc-credentials.conf file ahead of time, follow these steps:

  1. On a computer that already has the ACSC agent installed, create a new empty directory, and place both the acsc.conf and acsc-setup.conf files in that directory:

     > mkdir C:\temp-setup
 > move acsc.conf C:\temp-setup\.
 > move acsc-setup.conf C:\temp-setup\.

  2. Run the following acsc-credentials command, specifying the full path to the acsc.conf file as the --config flag:

     > C:\Program Files\Anti-Cloud\Secure Connect\agent\acsc-credentials.exe --config=C:\temp-setup\acsc.conf

  3. Save the generated acsc-credentials.conf file and the acsc.conf file to a permanent location:

     > mkdir C:\saved-credentials\host-one
 > move C:\temp-setup\acsc.conf C:\saved-credentials\host-one\.
 > move C:\temp-setup\acsc-credentials.conf C:\saved-credentials\host-one\.