UserGate Client Software Installation

Description

The UserGate Client software product can be installed on computers running Windows OS 7/8/10/11. The minimum system requirements are 2GB RAM, CPU speed of at least 2GHz, and 200MB of free disk space.

The UserGate Client software is supplied as a Windows .msi or .exe setup file that can be installed manually or by using automation features.

To install the software manually, execute the setup file suitable for your system (32-bit or 64-bit). During the installation, the agent setup wizard will launch and invite you to enter the connection settings for UserGate Management Center such as the IP address of UGMC and the device code created in the Management Center.

Note To postpone the connection to UserGate Management Center, click Cancel.
Note After the installation of the UserGate Client software, the computer will be rebooted. This is required for the application to work correctly.

Automated software installation is performed using Microsoft Active Directory Group Policies. To publish the application in Active Directory, you need an .msi setup file and the administrative template UserGateClient.adm where the IP address of UGMC and the devices code created in the Management Center are specified.

When the installation is completed, UserGate Client receives the configuration assigned to it in UGMC and sends the endpoint system information to the Management Center.

The following information is available on a device:

Name

Description

General

Endpoint system information (user, computer name, IP address for Internet access, Windows OS version) and VPN connection information (connection status, VPN IP address of the device, number of bytes sent/received since the VPN connection was established, uptime).

You can also configure the following parameters:

  • Save login: stores the user login name for VPN connection after the endpoint reboot;

  • Reconnect: reconnects to the VPN server in case of a connection failure. If the connection is lost, the user will be shown the initial GUI window. If the reconnect option is active, the application will make repeated attempts to connect to the server; if the function is disabled, the initial window with server selection will be displayed. The window will be displayed in the center of the screen (if the Popup in center checkbox is active) or at its last location.

  • Popup in center: displays the initial GUI window in the center of the screen if the VPN connection is lost.

Logs

This section contains the following information:

  • Logging level: the diagnostic detail level. The options are:

    • Off: disable the diagnostics log

    • Error: log only errors

    • Warning: log only errors and warnings

    • Info: log only errors, warnings, and additional information

    • Debug: provide as much detail as possible

    The log is located at %ALLUSERSPROFILE%\UserGate\UserGate Client\var\log\usergateclient\ug_client.txt.

  • Tooltips history: notification history.

  • Export logs: download the diagnostics log (when done, the directory where the diagnostics log file was saved will open).

Network

The following information is displayed:

  • IPCONFIG: information on all network adapters and the current TCP/IP configuration.

  • ROUTING: entries from the local routing table.

  • SOCKETS: the list of active connections (port type, addresses, connection state, process ID).

To copy the information, click Copy.

Policy

Here you can view the security information for the device (status of firewall, antimalware, Windows Update, and Windows Security Center).

The status values indicated are as follows:

  • Yellow: disabled

  • Green: enabled

Advanced

This section controls content filtering (the ability of a user to disable content filtering according to policies configured on the UserGate Management Center server).

The connection data for UserGate Management Center (IP address and UGC MD device code) are specified in the file: %PROGRAMFILES%\UserGate\UserGate Client\usergateclient\bin\endpoint_gui.

UserGate Client Software Installation Recommendations

This section describes additional managed device settings that enhance the event audit capabilities of Microsoft Windows operating systems and make the audit more informative.

Note To be able to send endpoint logs to UserGate Log Analyzer in English, you must install the language pack English (US); English should be available for selection as the interface language.
Note The settings presented in this section are merely suggestions.

  1. Install the Sysmon utility that provides in-depth information on process creation, network connections, and changes in file creation times. Detailed information about the utility and the setup file can be found at this link.

  2. Add a registry key to enable querying of the Sysmon log (Microsoft-Windows-Sysmon/Operational) and sending it to the UserGate Log Analyzer server. To add the key, use the Registry Editor application or run this command:

    REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-Sysmon/Operational"

  1. Enable logging for all PowerShell commands and resulting output.

    REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" /v EnableScriptBlockLogging /t REG_DWORD /d 1

Note To quickly launch the Registry Editor application, use the Win+R keyboard shortcut, type regedit, and press Enter.

If you use Registry Editor for the task, create a variable named EnableScriptBlockLogging under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging registry key and specify a data type of REG_DWORD and a value of 1.

Note This setting can be configured under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, with HKEY_LOCAL_MACHINE having priority over HKEY_CURRENT_USER.

Add a registry key to enable querying of the PowerShell log (Microsoft-Windows-Powershell/Operational) and sending it to the UserGate Log Analyzer server:

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-Powershell/Operational"

  1. Enable recording of additional details of command-line process creation events in the security event log (this data will be added to the "4688: Process created" process creation event). To enable the key, use the Registry Editor application or run this command:

    REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\Audit\" /v ProcessCreationIncludeCmdLine_Enabled /t REG_DWORD /d 1

If you use Registry Editor for the task, create a variable named ProcessCreationIncludeCmdLine_Enabled under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit registry key and specify a data type of REG_DWORD and a value of 1.

Note This setting is supported on devices running Windows Server 2012 R2 or later and Windows 8.1 or later OS versions.

Windows Log Events

UserGate Client provides the ability to display events in the Windows application log. Logging of the following events has been added:

  • starting and stopping the service (the UG0101 Service started, UG0102 Service stopped events);

  • connection to MC and loss of connection (the UG0201 MC connected, UG0202 MC connection lost events);

  • connection via VPN and termination of the session, including connection errors: server unavailability, incorrectly specified data (the UG0301 VPN connected, UG0302 VPN disconnected events);

  • receiving configuration from Management Center (the UG0401 MC rules propagated event).