Configuration Tool - Provisioning Script Parent topic

Before you begin

Ensure that at least one device is prepared and available on the target machine.

Procedure

  1. Navigate to the appropriate directory:
    • On Microsoft Windows, click Start and type cmd to open a command shell, then type cd C:\Program Files (x86)\Trend Micro\SecureCloud\Agent\
    • On Linux, type cd /var/lib/securecloud/
  2. Run the appropriate SecureCloud Agent provisioning script.
    The provisioning scripts in the table below are divided into the operating system of the device, Microsoft Windows or a Linux-based operating system, and whether the user wants to preserve data during the encryption (in-place encryption) or whether the user wants to erase all data during the encryption (format-erasing encryption).

    Provisioning Script Commands

    Operating System
    Task
    Script with Variables
    Example Script
    Windows
    Preserve data
    scprov prov -d <device_group> -t preserve -x <passphrase>
    scprov prov -d all -t preserve -x passPhrase
    Erase data
    scprov prov -d <device_group> -t erase -x <passphrase>
    scprov prov -d H,I,J,K -t erase -x passPhrase
    Linux
    Preserve data
    ./scprov.sh prov -d <device_group> -t preserve -x <passphrase>
    ./scprov.sh prov -d boot -t preserve -x passPhrase
    Erase data
    ./scprov.sh prov -d <device_group> -t erase -x <passphrase>
    ./scprov.sh prov -d data -t erase -x passPhrase
    In the provisioning script, <device_group> is one of the following parameters:
    Option Description
    all
    Use this to select all unencrypted devices, including the boot device.
    data
    Use this to select all unencrypted devices except for the boot device.
    boot
    Use this to select only boot device if it is unencrypted.
    Device group of the form <device1>,<device2>,<device3>
    Use this to specify which devices from a group to encrypt. If a device is partitioned and mounted as two drives, both drives must be included in the device list. For example: C,D
    Note
    Note
    On Linux systems, parameters are case sensitive.
    When erasing the existing data during encryption, SecureCloud will use the default settings to determine the device's file system and mount point. To override the default settings and enter specified settings, instead use the steps provided in Configuration Tool - Using a List File. The default settings are as follows:
    • Windows file system: NTFS
    • Windows mount point: SecureCloud detects the next available free mount point
    • Linux file system: EXT3
    • Linux mount point: /mnt/sc_sd<xx>; SecureCloud automatically assigns values to <xx>.
    The SecureCloud Agent uses the encryption key provided by the Key Management Server to encrypt the devices attached to this machine.