Follow

Configure ProfileUnity Client Elevation To Use SHA2 Instead Of Digital Signature

Product: ProfileUnity-FlexApp

Product Version: 6.5.10

Expires on: 365 days from publish date

Updated: May 2, 2017

 

Problem:

In certain secure environments it is necessary to configure the ProfileUnity client elevation process to use Hash/SHA2 instead of the default Signature based method in order for the Client to work correctly.

 In ProfileUnity 6.7 we will be moving to use Sha2 hash.

 

Symptoms:

 

 Prerequisites:

The attached files are pre-stubed with hash info from 6.5.10 client.exe and  LwL.ProfileUnity.Client.exe.  

 

Possible Resolution(s): 

Simple Method -6.5.10

  1. Download the attached file elevation_r1530.renamezip and remove "renameme" and rename to elevation.zip.
  2. Replace the elevation.zip file from the ProfileUnity netlogon directory or share where client tools reside with this new elevation.zip.
  3. The elevation.zip contents will be updated on the clients when the LwL.ProfileUnity.Client.Startup.exe is ran either via GPO (recompose) or the parent image is updated.  
  4. For more information on prepping your gold image see ProfileUnity in Gold Image & Upgrading Client Tools

 

Advanced/Manual Method - Versions 6.5.0 to 6.5.9

 Prerequisites:

You will need the sha hash for the client.exe and LwL.ProfileUnity.Client.exe from the netlogon from the version of client tools your are running.

  1. Navigate to the ProfileUnity netlogon directory or share and copy the client.exe file to your Desktop.
  2. While in the ProfileUnity netlogon directory find open the elevation.zip file that you copied up from attachement in KB.
  3. Extract the lwl_elevation_service.xml file from elevation.zip file to your Desktop.
  4. Navigate back to the main ProfileUnity netlogon directory and open the client.net.zip file.
  5. Extract the LwL.ProfileUnity.Client.exe file from client.net.zip file to your Desktop.
  6. Using a checksum utility of your choice, generate and save the SHA2 hash for both client.exe and LwL.ProfileUnity.Client.exe.
  7. Edit the lwl_elevation_service.xml and locate the section called <whitelist>
  8. Insert both of the SHA2 hashes generated in Step 6 directly beneath <white>, so that your xml now looks similar to this example below

    <whitelist>

      <path hash="1CE604D436FB495565A10C5E302D772E369D40D9" />

      <path hash="D11D757BCB04F8F78D325382E275CBD7E0BB7476" />

      <path signed="Liquidware Labs, Inc." />

    </whitelist>

  1. Save and exit out the lwl_elevation_service.xml.
  2. Open the elevation.zip file from the ProfileUnity netlogon directory and replace the xml with the one you have modified.
  3. The elevation.zip contents will be updated on the clients when the LwL.ProfileUnity.Client.Startup.exe is ran either via GPO (recompose) or the parent is updated.  
  4. For more information on prepping your gold image see ProfileUnity in Gold Image & Upgrading Client Tools
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.