Creating Users' First Volumes

When the SafeHouse Setup program is run in GUI mode, the Create Volume wizard is launched automatically at the tail end of the installation process and users are walked through the simple steps to create their first volumes. This is a straight-forward procedure which really doesn't need any further explanation.

However, when preparing for silent or automated deployments, things get a little trickier, which is why we've put together this detailed discussion of some of the issues you'll face in this regard, along with potential solutions which we know can be successfully implemented with relatively little effort.

Defining the Problem

The ultimate goal is to craft a deployment scenario in which after all is said and done, SafeHouse is fully operational from that point forward. This includes having users' first volumes being created and ready to go, as well as users knowing the password to their first volume.

And finally, let's add in the factor of when and how do your users learn about SafeHouse, such that when you start asking them about passwords or whatever else, that they'll at least have some clue about what's going on.

Where does the password come from?

Good question, eh? Possible choices include:

Loading the SafeHouse device driver:

SafeHouse includes a Windows device driver file which must be loaded into memory in order to work with volumes. This file is configured and loaded by the installer and there is generally nothing you'll need to do here other than make sure everything works as expected after testing your customized installers and scripts. Windows imposes special rules for who gets to install device drivers -- typically, the account must have administrator privileges. If the user account running the installer does not have sufficient rights in Windows, the SafeHouse device driver might not get installed.

What's the Solution

Fortunately, you don't need to look far for solutions to this problem. The harder issue will be choosing which solution is right for your organization.

Described below are a number of solutions which we know have been successfully executed by our customers along with some of the pros and cons of each. In reading through some of these, hopefully you'll begin to form some thoughts about which approaches might work best in your environment.

Solution #1

Precreate volume on master hard drive ready for disk replication.

In this scenario, the customer was readying hundreds of new PCs to be rolled out to employees. The preferred method of software installation was to prepare a single gold master hard drive containing a fresh copy of Windows along with all their new software, and then replicate this master hard drive for each of the newly-purchased machines.

The following steps were taken to implement this deployment scenario:

  1. A custom SafeHouse installer was created which included a .BRAND file in order to support resetting passwords.

  2. The customized installer was run on the master PC in GUI mode, which allowed the administrator to create the initial SafeHouse volume using a known password.

  3. The hard drive from the master PC was then replicated hundreds of times using off-the-shelf disk replication software.

  4. Users received training on SafeHouse and were instructed to immediately change the volume password so that it wasn't left set to the fixed default value.



Possible Improvements:

Solution #2

Running the SafeHouse Setup program using the /CREATE option.

In this scenario the SafeHouse Setup program is run using both the /silent and /create options. With these switches, the core files are installed silently without any visual interface. Once the files are installed and the registry has been configured, the Create Volume wizard in launched (due to the /create option) using the command line settings specified to the Deployment Wizard. The default command line arguments were used for creating the volume, which launches the wizard in full GUI mode, allowing the user to step through the wizard, choose a password and create their first volume.

The SafeHouse Setup program will terminate immediately after the Create Volume wizard finishes up.

Provided that the custom Setup program included .BRAND file, these first volumes created by users would belong to the respective group and be able to have their passwords reset if ever lost.

Command used to run the installer:

C:\> SETUP.EXE /silent /create

Create volume options specified in Deployment Wizard:

/create="c:\SafeHouse\SafeHouse.sdsk" /size=25MB /description="Private Files" /expandableto=256 /setup



Possible Improvements:

Solution #3

Running the SafeHouse Setup program using the /CREATE option without displaying the wizard.

This scenario is a slight twist on the previous one. Here, the desire is to have the Setup program run without any GUI at all; not even when the Create Volume wizard is launched. This is accomplished through a creative set of command line arguments specified within the Deployment Wizard. You'll notice that /silent and /go are passed to the wizard, as well as a fixed starting password named "default". This gives the Create Volume wizard enough information to be able to do its job without needing to display a dialog.

With these options, all SafeHouse volumes start out in life with a common fixed password, which is why the batch file used to run this script immediately invokes the Change Password wizard. The fixed password is pre-stuffed into the dialog; leaving the user needing only to choose their real password and click the Finish button.

The use of a fixed password here is temporary; lasting only a few seconds. It's needed to make the logic work since the Create Volume wizard cannot run silently within having a password to work with. The users never need to know the value of this temporary password because the script stuffs it into the Change Password wizard which pops up immediately after Setup terminates.

As described in the previous solution, the Setup program should include your .BRAND file to allow lost passwords to be reset in the future.

Command used to run the installer:

C:\> SETUP.EXE /silent /create
C:\> SDWCHANG.EXE /change="c:\SafeHouse\SafeHouse.sdsk" /password="default"

Create volume options specified in Deployment Wizard:

/create="c:\SafeHouse\SafeHouse.sdsk" /size=25MB /password="default" /silent /go /setup [other options omitted]



Possible Improvements:

Solution #4

Running the Create Volume wizard separately after Setup.

In this scenario, the custom Setup program is first run silently to get the core files and registry settings installed. But unlike some of the other solutions we've presented, notice that here the /create option is not included. Without this option, the Setup program will completely ignore the Create Volume wizard. Setup will terminate as soon as the core files are installed without attempting to launch the Create Volume wizard.

You still need to plan for getting the first volume created, which is why this scenario involves a few separate steps in your automation scripts as shown below:

C:\> SETUP.EXE /silent
C:\> [run your own dialog utility which prompts for the password]
C:\> SDWCREAT.EXE /create="c:\SafeHouse\SafeHouse.sdsk" /size=25MB /password="XXXXX" /silent /go [other options omitted]

Once the Setup program completes, the next step in the script launches a program or dialog that you've created. Here is where you let the user in on what's taking place and ask them to choose their initial password. You must then pass that password to the Create Volume wizard as a command line argument. This allows the wizard to create the volume silently using the specified password.

If you wanted to get fancy, you could include a drop list in your dialog which gives users a choice over the size of their first volume, and then pass that to the wizard as a command line argument as well.



Possible Improvements:

Solution #5

Using a custom password provider.

This scenario demonstrates how a custom password provider could be used in combination with the /usepassworddll command line option to the Create Volume wizard. As seen in some of the previous solutions, a custom Setup program is run using both the /silent and /create options.

Here, the custom Setup program must include your password provider DLL. The Deployment Wizard gives you the option to do this (click for instructions). Your DLL will be installed into the SafeHouse program files directory alongside all the other SafeHouse files.

The Create Volume wizard command line options specified to the Deployment Wizard instruct the program to run silently, but also tell it to call your custom password provider to obtain the password. This is powerful stuff. Imagine the possibilities. Sure, your DLL could pop up a dialog and prompt for the password, but it could also do something far more complex, like query a corporate database for the password. All that really matters is that, one way or another, your DLL is able to come up with a password which it can hand back to the Create Volume wizard through the defined programming interface.

C:\> SETUP.EXE /silent /create

Create volume options specified in Deployment Wizard:

/create="c:\SafeHouse\SafeHouse.sdsk" /size=25MB /usepassworddll /silent /go /setup [other options omitted]

SafeHouse includes a sample custom password provider C++ project to get you started. See the Custom Password Provider reference material for more information.



Possible Improvements:

Final Comments

As you've seen in the solutions presented above, SafeHouse offers an extreme degree of flexibility when it comes to crafting your deployment scenario. The flexibility is there. With some creative thinking, you can spin the concepts we've outlined above into any number of finely-tuned deployment solutions.

Don't Overlook the Custom Configuration File

Don't forget to consider using a custom configuration file to shape some of the behavior of the Create Volume wizard. The Deployment Wizard can prompt for your preferences and build this file for you, so don't shy away from it simply because the file's syntax seems complicated.

Need Help?

If you are tasked with deploying SafeHouse to a large number of users and could use some help with choosing the best deployment options, please get in touch with us. We're more than happy to discuss ideas and help you figure out the best approach to take given your requirements.


Download  Screenshots  secure email  Product Commparison  Sales