UserGate Client Software Installation

Description

The UserGate Client software product can be installed on computers running Windows OS 7/8/10/11. The minimum system requirements are 2GB RAM, CPU speed of at least 2GHz, and 200MB of free disk space.

The UserGate Client software is supplied as a Windows .msi or .exe setup file that can be installed manually or by using automation features.

To install the software manually, execute the setup file suitable for your system (32-bit or 64-bit). During the installation, the agent setup wizard will launch and invite you to enter the connection settings for UserGate Management Center such as the IP address of UGMC and the device code created in the Management Center.

Note To postpone the connection to UserGate Management Center, click Cancel.
Note After the installation of the UserGate Client software, the computer will be rebooted. This is required for the application to work correctly.

Automated software installation is performed using Microsoft Active Directory Group Policies. Для публикации приложения в Active Directory требуется msi-файл с инсталлятором и административный шаблон UserGateClient.adm, который используется для указания IP-адреса UGMC и кода конечных устройств, созданного в центре управления.

When the installation is completed, UserGate Client receives the configuration assigned to it in UGMC and sends the endpoint system information to the Management Center.

The following information is available on a device:

Name

Description

General

Endpoint system information (user, computer name, IP address for Internet access, Windows OS version) and VPN connection information (connection status, VPN IP address of the device, number of bytes sent/received since the VPN connection was established, uptime).

You can also configure the following parameters:

  • Save login: stores the user login name for VPN connection after the endpoint reboot;

  • Reconnect: reconnects to the VPN server in case of a connection failure. If the connection is lost, the user will be shown the initial GUI window. If the reconnect option is active, the application will make repeated attempts to connect to the server; if the function is disabled, the initial window with server selection will be displayed. The window will be displayed in the center of the screen (if the Popup in center checkbox is active) or at its last location.

  • Popup in center: displays the initial GUI window in the center of the screen if the VPN connection is lost.

Logs

This section contains the following information:

  • Logging level: the diagnostic detail level. The options are:

    • Off: отключить ведение журнала диагностики.

    • Error: журналировать только ошибки.

    • Warning: log only errors and warnings

    • Info: log only errors, warnings, and additional information

    • Debug: provide as much detail as possible

    Журнал находится: %ALLUSERSPROFILE%\UserGate\UserGate Client\var\log\usergateclient\ug_client.txt.

  • Tooltips history: notification history.

  • Export logs: download the diagnostics log (when done, the directory where the diagnostics log file was saved will open).

Network

The following information is displayed:

  • IPCONFIG: information on all network adapters and the current TCP/IP configuration.

  • ROUTING: entries from the local routing table.

  • SOCKETS: the list of active connections (port type, addresses, connection state, process ID).

Чтобы скопировать информацию нажмите Copy.

Policy

Here you can view the security information for the device (status of firewall, antimalware, Windows Update, and Windows Security Center).

The status values indicated are as follows:

  • Yellow: disabled

  • Green: enabled

Advanced

This section controls content filtering (the ability of a user to disable content filtering according to policies configured on the UserGate Management Center server).

Данные для подключения к UserGate Management Center (IP-адрес и код для подключения УУ UGC) указываются: %PROGRAMFILES%\UserGate\UserGate Client\usergateclient\bin\endpoint_gui.

Рекомендации по установке ПО UserGate Client

This section describes additional managed device settings that enhance the event audit capabilities of Microsoft Windows operating systems and make the audit more informative.

Note To be able to send endpoint logs to UserGate Log Analyzer in English, you must install the language pack English (US); English should be available for selection as the interface language.
ПримечаниеНастройки, представленные в данном разделе, носят рекомендательный характер.

  1. Install the Sysmon utility that provides in-depth information on process creation, network connections, and changes in file creation times. Подробная информация и файл установки доступны по ссылке.

  2. Add a registry key to enable querying of the Sysmon log (Microsoft-Windows-Sysmon/Operational) and sending it to the UserGate Log Analyzer server. To add the key, use the Registry Editor application or run this command:

    REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-Sysmon/Operational"

  1. Enable logging for all PowerShell commands and resulting output.

    REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" /v EnableScriptBlockLogging /t REG_DWORD /d 1

ПримечаниеДля быстрого запуска приложения Редактор реестра используйте сочетание клавиш Win+R и введите regedit.

В случае включения через Редактор реестра необходимо создать переменную EnableScriptBlockLogging в каталоге HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging, указав тип данных REG_DWORD и значение 1.

ПримечаниеДанная настройка возможна в реестрах HKEY_LOCAL_MACHINE и HKEY_CURRENT_USER. with HKEY_LOCAL_MACHINE having priority over HKEY_CURRENT_USER.

Add a registry key to enable querying of the PowerShell log (Microsoft-Windows-Powershell/Operational) and sending it to the UserGate Log Analyzer server:

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-Powershell/Operational"

  1. Enable recording of additional details of command-line process creation events in the security event log (this data will be added to the "4688: Process created" process creation event). To enable the key, use the Registry Editor application or run this command:

    REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\Audit\" /v ProcessCreationIncludeCmdLine_Enabled /t REG_DWORD /d 1

В случае включения через Редактор реестра необходимо создать переменную ProcessCreationIncludeCmdLine_Enabled в каталоге HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit, указав тип данных REG_DWORD и значение 1.

ПримечаниеДанная настройка поддерживается на устройствах с версией ОС не ниже Windows Server 2012 R2 и Windows 8.1.

Windows Log Events

UserGate Client provides the ability to display events in the Windows application log. Logging of the following events has been added:

  • starting and stopping the service (the UG0101 Service started, UG0102 Service stopped events);

  • connection to MC and loss of connection (the UG0201 MC connected, UG0202 MC connection lost events);

  • connection via VPN and termination of the session, including connection errors: server unavailability, incorrectly specified data (the UG0301 VPN connected, UG0302 VPN disconnected events);

  • receiving configuration from Management Center (the UG0401 MC rules propagated event).