Client Config Manager

Cyber Intel Classification Banner
Client Config Manager (CCM): This is a GUI/CLI tool to change a client’s Security Groups (SG) and deployment.

The Client Config Manager (CCM) is a stand-alone application that allows the IT administrator to update a security group via LDAP for the currently signed-in user. The CCM Command Line Interface (CLI) mode allows the IT administrator to deploy Client and Banner in a batch. The CCM also supports a CLI with parameters to automate security change.

Example use case: Assume company A needs a banner to change color or text according to the project or user profile’s security group. If company A already has its user profile switch script, such as PowerShell or CMD, that is deployed via an IT management tool. To achieve this goal, the IT administrator can simply make a CLI call via their new/existing log-on script.

!!! WARNING !!!
Once you turn on the LDAP SYNC, your local setting groups with screen settings will save to your local database. All new user groups will be pulled from your AD server, you can switch back to local groups at any time, but only one type of group can be applied by the Client.

Steps

  1. Set up user SGs as needed via LDAP.
  2. Assign users to their SGs accordingly.
  3. Go to Server -> LDAP tab, then configure the Server link to the Active Directory (AD) via LDAP. (make sure to test the connection before proceeding)
  4. Go to Server -> Setting tab -> turn on LDAP SYNC.
  5. Go to Server -> Setting tab -> Configure the screen settings for each group. (all AD SGs will synced to the Group drop-down menu)
  6. [OPTIONAL] Configure the outbound firewall rule with ports 389 & 636 (TCP/UDP).
  7. Set up a log-on script with either PowerShell or Batchfile.
  8. Inside the log-on script, use the example below to execute the CCM with the Server group name and Server API key.
  9. Deploy the log-on script via a Group Policy Object (GPO).

!!! WARNING !!!
Users should only be assigned to one SG at a time. But, if a user is assigned to both AD SG-1 and AD SG-2, then SG-1 won by alphabetical order. AD SGs cannot be empty otherwise it will not sync with the Server.

Example 1
<client installation path>\ccm.exe -g “<Server group name>” -k “<Server key>”

 [PowerShell]
 PS C:\Program Files (x86)\cicb\client>ccm.exe -g "SG-2" -k "1234"

Example 2
C:\cicb\client\ccm.exe -name “<Server group name>” -key “<server key>”

 [CMD]
 C:\Program Files (x86)\cicb\client>ccm.exe -name "SG-2" -key "1234"

NOTICE: Based on the examples above, the new Server Group name is SG-2 which is Synced with AD SGs in step 4, and the Server API key is 1234 defined in the Server -> Setting tab (default server key is CISYS). The new change will be applied next login when the new user profile is loaded.