The CICB-Client Config Manager (CCM) is a stand-alone application that allows the IT administrator to update a security group via LDAP for the currently signed-in user. The CICB-CCM Command Line Interface (CLI) mode allows the IT administrator to deploy CICB-Client and CICB-Banner in a batch. The CCM also supports a CLI with parameters to automate security change.
Example use case: Assume company A needs a banner to change color or text according to the project or user profile’s security group. If company A already has its user profile switch script, such as PowerShell or CMD, that is deployed via an IT management tool. To achieve this goal, the IT administrator can simply make a CLI call via their new/existing log-on script.
!!! WARNING !!!
Once you turn on the LDAP SYNC, your local setting groups with screen settings will save to your local database. All new user groups will be pulled from your AD server, you can switch back to local groups at any time, but only one type of group can be applied by the Client.
Steps
- Set up user SGs as needed via LDAP.
- Assign users to their SGs accordingly.
- Go to Server -> LDAP tab, then configure the Server link to the Active Directory (AD) via LDAP. (make sure to test the connection before proceeding)
- Go to Server -> Setting tab -> turn on LDAP SYNC.
- Go to Server -> Setting tab -> Configure the screen settings for each group. (all AD SGs will synced to the Group drop-down menu)
- [OPTIONAL] Configure the outbound firewall rule with ports 389 & 636 (TCP/UDP).
- Set up a log-on script with either PowerShell or Batch file.
- Use the example below to execute the CCM with the Server group name and Server API key inside the log-on script.
- Deploy the log-on script via a Group Policy Object (GPO).
!!! WARNING !!!
Users should only be assigned to one SG at a time. But, if a user is assigned to both AD SG-1 and AD SG-2, then SG-1 won by alphabetical order. AD SGs cannot be empty otherwise it will not sync with the Server.
| Operation | CCM CLI Arguments | Description | Required |
|---|---|---|---|
| Change CICB-Client Group Setting | -g or -group | CICB-Server Group Setting Name | Yes |
| Change CICB-Client Group Setting | -k or -key | CICB-Server APIKEY | Yes |
| Change CICB-Client Group Setting | -s or -server-ip | CICB-Server IP | No, if server IP is localhost |
| Change CICB-Client Group Setting | -p or -port | CICB-Server Port | No, if server port is default |
| Operation | CCM CLI Arguments | Description | Required |
|---|---|---|---|
| Update CICB-Client Package | -u or -update-path | Update Path | Yes |
| Update CICB-Client Package | -a or -update-all | Update All | No, if -i in command |
| Update CICB-Client Package | -i or -update-client-id | Update Client ID | No, if -a in command |
Example 1 – Change CICB-Client Group Setting
(e.g. CICB-Client and CICB-Server are installed on the same client machine, and the user works on two different classification projects.)
ccm.exe -g “<CICB-Server Group Setting Name>” -k “<CICB-Server API Key>”
[PowerShell/CMD]
PS C:\Program Files (x86)\CICBv2\client\ccm.exe -g "SG-2" -k "1234"Example 2 – Change CICB-Client Group Setting
(e.g. CICB-Client and CICB-Server are installed on two different machines, and the user works on the client machine with two different classification projects.)
ccm.exe -g “<CICB-Server Group Setting Name>” -k “<CICB-Server API Key>” -s “<CICB-Server IP>” -p “<CICB-Server port>”
[PowerShell/CMD]
C:\Program Files (x86)\CICBv2\client\ccm.exe -g "SG-2" -k "1234" -s "192.168.1.123" -p "54321"NOTICE: Based on the examples above, the new Server Group name is SG-2, Synced with AD SGs in step 4, and the Server API Key is 1234, defined in the Server -> Setting tab (default server API Key is CISYS). The new change will be applied during the next login when the new user profile is loaded.
Example 3 – Update CICB-Client Package
ccm.exe -u “<CICB-Client Package Path>” [ -a “<Update All Option>” || -i “<CICB-Client Device ID>” ]
[PowerShell/CMD]
Update all CICB-Clients once
C:\Program Files (x86)\CICBv2\client\ccm.exe -u "\\file-server1\CICB\Deployment\CICB-v2.2.0.1.zip" -a "1"
Update a single CICB-Client
C:\Program Files (x86)\CICBv2\client\ccm.exe -u "\\10.10.1.5\CICB\Deployment\CICB-v2.2.0.1.zip" -i "B6657FC8F1FEDC6C8D5764B4E592F708462EE120BD2297B1169DEDD6EB26FA2A"NOTICE: argument -a and -i cannot co-exist in the same CLI command, only one is allowed.