Installing and running a BIG-IP APM component on Windows-based systems require certain user rights. Pre-installing components provides a seamless upgrade for clients after you upgrade the BIG-IP Access Policy Manager.
You can also use the Component Installer feature to provide completely transparent installation and upgrading of components, regardless of the rights you are running under. Your security policy might prohibit granting users the power-user rights needed to install ActiveX components, or your browser security policy might prohibit downloading active elements. For these reasons, you might prefer to pre-install components on your users Windows systems.
You can use the Clients Download screen to download the Component Installer Package containing the Windows components needed for the various Access Policy Manager functions. You can use the Component Installer service to install and upgrade client-side Access Policy Manager components for all kinds of user accounts, regardless of the rights under which the user is working.
This component is especially useful for installing and upgrading client-side components when the user has insufficient rights to install or upgrade the components directly. For information about configuring the MSI installer to run with elevated privileges, see the documentation for your operating system. You must use an account that has administrative rights to initially install the Component Installer on the client computer as a part of Client Components Package (MSI). Once installed and running, the Component Installer automatically installs and upgrades client-side Access Policy Manager components. It can also update itself. The Component Installer requires that the installation or upgrade packages be signed using the F5 Networks certificate or another trusted certificate. By default, F5 Networks signs all components using the F5 Networks certificate.
This table lists user rights required to use endpoint security components on Windows clients from a network access tunnel.
|Access Policy Manager plugin||Guest rights||User rights||Power User rights||Administrator rights|
|Windows File||Not supported||Supported||Supported||Supported|
|Machine Cert||Not supported||Supported||Supported||Supported|
|Windows information||Not supported||Supported||Supported||Supported|
|Windows Process||Not supported||Supported||Supported||Supported|
|Hard Disk Encryption||Supported||Supported||Supported||Supported|
|Windows Cache and Session Control||Supported||Supported||Supported||Supported|
This table lists user rights required on Windows clients to use actions other than endpoint security client checks from a network access tunnel.
|Access Policy Manager component||User rights||Power User rights||Admin rights|
|Client Cert Inspection||Supported||Supported||Supported|
|On-Demand Cert Auth||Supported||Supported||Supported|
|Active Directory (auth or query)||Supported||Supported||Supported|
|LDAP (auth or query)||Supported||Supported||Supported|
|RADIUS (auth or accounting)||Supported||Supported||Supported|